Restricting file upload in Media Library using specific mime types. For example , only jpeg and png files

[details=“System Information”]

  • Strapi Version: 4.6.0
  • Operating System: Ubuntu 20
  • Database: Mysql 5.7
  • Node Version: 14.21.2
  • NPM Version: 6.14.17
  • Yarn Version:

Hi, As part of the Vulnerability assessment testing, it found that media library plugin is accepting any kind of files for upload. And didn’t found any configuration to allow only particular file extensions. Could anyone have any idea? Thanks in advance.

1 Like

I also need to restrict media libary file upload based on mime types. is there any way work around?

    name: "strapi::body",
    config: {
      formidable: {
       filter: function ({name, originalFilename, mimetype}) {
          // keep only images
          return mimetype && mimetype.includes("image");

pretty sure you can lock it down like this, it uses formidable in the back, it’s all in the documentation, except they should probably link to the available formidable docs that have the filter options and many more things you can change.

this didn’t work with me. It still allowed uploading a .csv file.