]> BookStack Code Mirror - bookstack/blobdiff - app/Config/oidc.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ZIP Imports: Added API examples, finished testing
[bookstack] / app / Config / oidc.php
diff --git a/app/Config/oidc.php b/app/Config/oidc.php
index 1d3193eeecc3901fec6b71a969c89fc21d992338..16bec873c9c7e4133e57670ede2500acb314e4e1 100644 (file)
--- a/app/Config/oidc.php
+++ b/app/Config/oidc.php
@@ -49,8 +49,8 @@ return [
 
     // Enable fetching of the user's avatar from the 'picture' claim on login.
     // Will only be fetched if the user doesn't already have an avatar image assigned.
-    // This can be a security risk due to performing server-side fetching of data from external URLs.
-    // Only enable if you trust the OIDC auth provider to provide safe URLs for user images.
+    // This can be a security risk due to performing server-side fetching (with up to 3 redirects) of
+    // data from external URLs. Only enable if you trust the OIDC auth provider to provide safe URLs for user images.
     'fetch_avatar' => env('OIDC_FETCH_AVATAR', false),
 
     // Group sync options
The core source code for the BookStack project.