Remove `broker` and `relay` query string parameters from Snowflake proxy
The browser proxy allows overriding the default broker and relay using query string parameters. This is a security vulnerability because it can turn browser proxies into a DoS vector against some third party. An attacker only has to get a massive number of browsers to visit a URL like !https://snowflake.example/embed.html?broker=https://victim.example and those browsers will start sending HTTPS requests to victim.example.
This same vulnerability existed in flash proxy; here are the commits removing the feature there:
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information