- Replace eval() with ast.literal_eval() in pdf_utils.py to fix unauthenticated remote code execution via crafted PDF uploads (reported by OX Security) - Sanitize HTML output with DOMPurify to prevent XSS - Restrict CORS origins (configurable via CORS_ORIGINS env var) - Suppress raw exception details in API error responses - Cap Image.MAX_IMAGE_PIXELS to prevent decompression bomb DoS - Add security regression test suite Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
24 lines
451 B
Plaintext
24 lines
451 B
Plaintext
# DeepSeek OCR Application Configuration
|
|
|
|
# API Configuration
|
|
API_HOST=0.0.0.0
|
|
API_PORT=8000
|
|
|
|
# Frontend Configuration
|
|
FRONTEND_PORT=3000
|
|
|
|
# Model Configuration
|
|
MODEL_NAME=deepseek-ai/DeepSeek-OCR
|
|
HF_HOME=/models
|
|
|
|
# CORS Configuration (comma-separated origins, defaults to http://localhost:3000)
|
|
CORS_ORIGINS=http://localhost:3000
|
|
|
|
# Upload Configuration
|
|
MAX_UPLOAD_SIZE_MB=100
|
|
|
|
# Processing Configuration
|
|
BASE_SIZE=1024
|
|
IMAGE_SIZE=640
|
|
CROP_MODE=true
|