UploadShied/allowlist.json

{
  "uris": [
    "/api/uploads/avatars",
    "/api/v1/avatars",
    "/user/avatar",
    "/media/upload",
    "/api/media",
    "/api/uploads",
    "/api/v1/uploads",
    "/attachments/upload",
    "/upload",
    "#^/internal/webhook#",
    "#/hooks/(github|gitlab|stripe|slack)#",
    "/services/avatars",
    "/api/profile/photo"
  ],
  "ctypes": [
    "image/svg+xml",
    "application/xml",
    "text/xml"
  ]
}