# Built tmpdrop — a tiny self-hosted ephemeral file drop

> Source: <https://dev.to/kin_panho_319240e9b3688c/built-tmpdrop-a-tiny-self-hosted-ephemeral-file-drop-370f>
> Published: 2026-05-25 15:00:09+00:00

Drag-drop upload, unguessable URLs (72 bits entropy), auto-deletes after 1h/24h, strict MIME allowlist + CSP sandbox.

One docker compose up. MIT.

🔗 [https://github.com/rogerhokp/tmpdrop](https://github.com/rogerhokp/tmpdrop)

🌐 [https://tmpdrop.solardev.online](https://tmpdrop.solardev.online)

Why another one: public file hosts retain your data on infra you don't control + predictable URLs get scraped. tmpdrop is "0x0.st but on your own box" with a security posture I'm actually comfortable with.

Built with Claude Code pair-programming; threat model + security choices mine.