.. _card-files:

**************************************
Allowed File Extensions in Cards
**************************************

By default, you can attach a file of any extension to a :ref:`card <cards>`. It is possible to strengthen your system safety by creating the allowlist of file extensions. It will prevent your users from uploading files of unwanted formats, including those that might contain hidden malicious code, such as ``.js``, ``.swf``, and such.

To create the allowlist of file extensions, do the following:

#. Open the ``/etc/findface-security/config.py`` configuration file. 

   .. code::

      sudo vi /etc/findface-security/config.py

#. In the ``FFSECURITY`` section, find the ``CARD_ATTACHMENTS_FILENAME_REGEXP`` parameter. Set an expression with the allowed file extensions. Any valid `Python regular expression <https://docs.python.org/3/library/re.html#regular-expression-syntax>`_ will do.

   Examples:

   * ``r'.*\.png'``: allows only files with the ``.png`` extension
   * ``r'.*\(png|jpg)'``: allows the ``.png`` and ``.jpg`` extensions
   * ``r'.*'``: allows all file extensions
   * ``None``: allows all file extensions
   * ``'XXXXXX'``: uploading files of any extension is prohibited

   .. code::

      FFSECURITY = {    
         ...
         'CARD_ATTACHMENTS_FILENAME_REGEXP': r'.*\.txt',
         ...

         } 

   .. tip::
      Commenting out the ``CARD_ATTACHMENTS_FILENAME_REGEXP`` parameter also allows all file extensions. 

#. Restart the ``findface-security`` service.
   
   .. code::

      sudo systemctl restart findface-security.service