Commit Graph

20 Commits

Author SHA1 Message Date
mutantmonkey 47670af185 Infer site URL from host and headers
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
andreimarcu 9cf55ac687 Redirect hotlink instead of 403. Fixes #69 2015-11-12 00:56:22 -05:00
andreimarcu 4856ab0750 Allow for non-/ deployments. Fixes #61 2015-10-30 18:36:47 -04:00
andreimarcu be15ba076d Removed unnecessary duplicate static caching 2015-10-14 14:58:27 -04:00
mutantmonkey d138755806 do a proper same-origin check
String prefix matching is hacky and provides insufficient checking if it
does not end with a /.
2015-10-13 19:55:32 -07:00
mutantmonkey cd83f9f0eb fix CSP referrer policy
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.

A fix was also needed for referrer checks in two places.
2015-10-11 23:49:15 -07:00
andreimarcu a60a7cc9e6 Cache static files + Separate CSS more. Fixes #44 2015-10-07 23:35:48 -04:00
andreimarcu 6e33fe6ac8 Metadata holds mimetype, sha256sum, archiveFiles 2015-10-07 22:45:34 -04:00
mutantmonkey 5e7e96af01 add support for some security headers
This commit adds support for Content-Security-Policy and
X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 14:58:00 -07:00
andreimarcu 1e1c8caa53 Add /favicon.ico route 2015-10-04 12:58:30 -04:00
andreimarcu d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
andreimarcu 52cc3b4dff Add fastcgi support and static cache headers 2015-10-01 10:32:59 -04:00
andreimarcu ba73f4adf3 Fix static directory listing recursion 2015-09-30 15:54:30 -04:00
andreimarcu 22818d86ce Implement hotlink protection 2015-09-29 19:28:10 -04:00
Matt Hazinski 51ccc2f6a4 Add delete method 2015-09-28 23:46:43 -04:00
andreimarcu c32a698cbc upload expiry/barename respect, random fixes 2015-09-28 00:25:57 -04:00
Matt Hazinski a10b838f4d Add preliminary metadata support 2015-09-27 22:43:41 -04:00
andreimarcu d98b63e8bd Performance improvements, custom 404+500, -nologs, PUT uploads fix 2015-09-25 12:00:14 -04:00
Jacob Melton 2cf3f14477 Add basic video support
Additionally use filePath instead of absPath, and fileName instead of
filename.
2015-09-24 22:47:37 -04:00
andreimarcu c634317e2d this file might be useful to add here 2015-09-24 19:58:50 -04:00