I have a client using ModSecurity, claiming that Uppy is insecure because it’s triggering a rule in their ModSecurity. I’m not sure this is the case, but my knowledge is inadequate to understand what’s going on or if this is Uppy’s fault at all. The user is getting the below error in ModSecurity on their server when uploading a 7MB PDF file (which apparently gets uploading in 4 multi-parts).
[client xxxxx] ModSecurity: Multipart parsing error (init): Multipart: Multiple boundary parameters in C-T. [hostname "domain.com"] [uri "/files.php"] [unique_id "Z7a3CD-CM7leEezpmR1IKgAAAE4"], referer: https://domain.com/files.php
The user asked me to replace Uppy with another library, although I have no reason to believe this issue is uppy-only, or even if it’s a valid security concern that should be addressed by Uppy. Any assistance on understanding this issue would be much appreciated.