diff --git a/packages/backend/src/services/drive/upload-from-url.ts b/packages/backend/src/services/drive/upload-from-url.ts index e3ee875c53..d9d68d03c8 100644 --- a/packages/backend/src/services/drive/upload-from-url.ts +++ b/packages/backend/src/services/drive/upload-from-url.ts @@ -41,7 +41,8 @@ export async function uploadFromUrl({ const parsedUrl = new URL(url); if ( process.env.NODE_ENV === "production" && - PRIVATE_IP.test(parsedUrl.hostname) + (PRIVATE_IP.test(parsedUrl.hostname) || + parsedUrl.hostname.includes("localhost")) ) { throw new Error("Private IP is not allowed"); }