1f3bc4bfea
Merge branch 'mutantmonkey-better_extension_handling'
2016-02-15 14:44:43 -08:00
b0d2f2a142
support .tar.gz-style extensions
...
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes #74 .
2016-02-12 21:27:39 -08:00
bc66bcc069
Merge pull request #73 from mutantmonkey/workaround_chrome_nonsense
...
workaround chrome nonsense with CSP
2015-12-04 22:34:36 -05:00
817ac67632
workaround chrome nonsense with CSP
...
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
2015-12-04 19:28:30 -08:00
5dcfca5f74
Order matters no. 2
2015-12-04 00:19:33 -05:00
7c1a4640db
Order matters!
2015-12-02 14:58:48 -05:00
88c00027ea
Add line numbers for pastebin. Fixes #70
2015-11-12 11:17:53 -05:00
10d30df81f
Fix out of bounds error
2015-11-12 01:04:05 -05:00
9cf55ac687
Redirect hotlink instead of 403. Fixes #69
2015-11-12 00:56:22 -05:00
e6d79eb5cf
Temporary fix for text detection
2015-10-30 23:13:43 -04:00
4856ab0750
Allow for non-/ deployments. Fixes #61
2015-10-30 18:36:47 -04:00
07aaad2cd8
Match more text mimetypes
2015-10-28 15:55:56 -04:00
294e8d8be2
Better text detection
2015-10-28 15:21:54 -04:00
9b1df43ef2
Trim "-" in filenames
2015-10-28 14:31:51 -04:00
0b37309237
Allow configuration from ini-style file
2015-10-25 14:04:38 -04:00
c53c909165
Remove unnecessary margin on pastebins
2015-10-21 21:41:27 -04:00
be08b7f0fd
Remove "sandbox" from files CSP to have pdfs work in chrome
2015-10-21 18:20:14 -04:00
ba9fcd3a7b
Document allowing hotlinking
2015-10-18 11:08:47 -04:00
c8fc62398a
Enable randomize in remote uploads
2015-10-18 11:07:39 -04:00
20456b0b3c
Updarte README.md
2015-10-15 20:16:02 -04:00
39ae89107c
Update README.md
2015-10-15 19:51:52 -04:00
7df3b1328e
Update README.md
2015-10-15 19:33:38 -04:00
50a54bbcfc
Add linx-client in API documentation
2015-10-15 17:26:35 -04:00
0d365409d0
Allow /upload/ for PUT requests without filename
2015-10-15 16:02:46 -04:00
120909ce46
Template file was missing
2015-10-15 12:26:43 -04:00
c77f8285d4
Fix/implement .story
2015-10-15 12:24:23 -04:00
9847beeff5
Cleanup
2015-10-14 22:47:36 -04:00
3c659601e2
Make it an option for post uploads
2015-10-14 20:40:25 -04:00
9b724725b3
Blank referrers are allowed
2015-10-14 20:35:43 -04:00
256ca43d69
Update API documentation with API keys
2015-10-14 16:47:13 -04:00
b1e82f8d7f
Update build.sh to build linx-genkey
2015-10-14 16:31:52 -04:00
68653372ff
Rename auth header to Linx-Api-Key and remove
...
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
6987edc0d8
Remove non-API navigation links when using auth
2015-10-14 15:20:41 -04:00
be15ba076d
Removed unnecessary duplicate static caching
2015-10-14 14:58:27 -04:00
e1b2896c64
Merge pull request #60 from mutantmonkey/proper_referrer_check
...
do a proper same-origin check
2015-10-13 23:04:39 -04:00
d138755806
do a proper same-origin check
...
String prefix matching is hacky and provides insufficient checking if it
does not end with a /.
2015-10-13 19:55:32 -07:00
ff1d9f56a1
Merge pull request #59 from mutantmonkey/csp_referrer_fix
...
fix CSP referrer policy
2015-10-12 10:01:50 -04:00
a3723d3665
short-circuit on origin header
...
If the Origin header is present, we can check it and skip the other
checks.
2015-10-12 01:23:06 -07:00
0a1aa869e4
nicer 400 error page
2015-10-12 01:03:02 -07:00
a7ae455ac1
strict referrer check improvements
...
* Always check Origin if it is present, regardless of headers sent
* Whitelist X-Requested-With header
2015-10-12 00:28:04 -07:00
61147554a9
update CSP flags in readme
2015-10-12 00:02:22 -07:00
cd83f9f0eb
fix CSP referrer policy
...
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.
A fix was also needed for referrer checks in two places.
2015-10-11 23:49:15 -07:00
4fee922543
Merge pull request #58 from mutantmonkey/referrer_fixup2
...
trim trailing / for origin checking
2015-10-11 23:07:45 -04:00
39d874374d
trim trailing / for origin checking
2015-10-11 20:06:14 -07:00
60239467fd
Merge pull request #56 from mutantmonkey/auth
...
Add support for auth keys (and remote auth keys)
2015-10-11 22:44:30 -04:00
613ab24721
show usage for -authfile and -remoteauthfile
2015-10-11 19:38:04 -07:00
2cd432b5d3
update readme
2015-10-11 19:33:48 -07:00
dd4ac3a7ed
add support remote auth keys
...
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
3dc4753b7a
move reading auth keys into readAuthKeys
2015-10-11 19:30:01 -07:00
104f648c0f
Remove artifact
2015-10-11 21:42:00 -04:00
Andrei Marcu
mutantmonkey
Andrei Marcu