Is it posible to upload images from a remote url?

[jessiahr]

The Arc API docs show it being able to store an image from a web URL:

# Store any locally accessible file
Avatar.store("/path/to/my/file.png") #=> {:ok, "file.png"}

# Store any remotely accessible file
Avatar.store("http://example.com/image.png") #=> {:ok, "file.png"}

Is that posible with arc_ecto and if so could you give an example?

[Iwark]

You can:

|> cast_attachements(params, [:image], allow_paths: true)

Changelog

[denispeplin]

This leads to security issue: I want only allow to upload files from remote URL, but this also allows local uploads (any file from /etc for example).
Can I disallow local uploads, but with remote uploads still enabled?
Or should I implement some custom validation to prevent local uploads?

[jung-hunsoo]

@denispeplin How about adding a custom validation which filters only valid URLs like starting with http or https?

Personally, I'm using a filter like this;

  defp apply_image_remote_url(attrs) do
    case attrs["image_remote_url"] != nil && String.starts_with?(attrs["image_remote_url"], ["http://", "https://"]) do
      true -> Map.put(attrs, "image", attrs["image_remote_url"])
      false -> attrs
    end
  end

I think it'd better to provide options in addition to allow_paths in the library.