From f9481fb0afe9cf1efaeead0a7bd4e648ae921481 Mon Sep 17 00:00:00 2001
From: "romain.fontugne" <romain.fontugne@gmail.com>
Date: Wed, 21 Aug 2024 12:07:35 +0900
Subject: [PATCH] Do not allow file URLS

---
 public/conf_notls/neo4j.conf | 3 ++-
 public/conf_tls/neo4j.conf   | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/public/conf_notls/neo4j.conf b/public/conf_notls/neo4j.conf
index 2bde2bf1..6f1cd160 100644
--- a/public/conf_notls/neo4j.conf
+++ b/public/conf_notls/neo4j.conf
@@ -205,7 +205,8 @@ server.http.enabled=true
 # Determines if Cypher will allow using file URLs when loading data using
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
-#dbms.security.allow_csv_import_from_file_urls=true
+dbms.security.allow_csv_import_from_file_urls=false
+dbms.security.allow_file_urls=false
 
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS
diff --git a/public/conf_tls/neo4j.conf b/public/conf_tls/neo4j.conf
index 6c22a0f7..64d26448 100644
--- a/public/conf_tls/neo4j.conf
+++ b/public/conf_tls/neo4j.conf
@@ -205,7 +205,8 @@ dbms.ssl.policy.https.public_certificate=neo4j.cert
 # Determines if Cypher will allow using file URLs when loading data using
 # `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV`
 # clauses that load data from the file system.
-#dbms.security.allow_csv_import_from_file_urls=true
+dbms.security.allow_csv_import_from_file_urls=false
+dbms.security.allow_file_urls=false
 
 
 # Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS