Andrei Marcu
61eb32a79b
Merge pull request #83 from mutantmonkey/csp_frame_ancestors
...
Use Content-Security-Policy frame-ancestors
2016-06-05 00:29:13 -07:00
mutantmonkey
47670af185
Infer site URL from host and headers
...
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
mutantmonkey
2b5cc07005
Use Content-Security-Policy frame-ancestors
...
X-Frame-Options has been deprecated by Content Security Policy Level 2.
We will need to provide the option for older browsers for the time
being, but frame-ancestors is preferred on newer ones.
2016-06-04 15:04:32 -07:00
mutantmonkey
39bb999db6
Add ability to set arbitrary headers
...
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
2016-06-03 22:49:01 -07:00
mutantmonkey
817ac67632
workaround chrome nonsense with CSP
...
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
2015-12-04 19:28:30 -08:00
andreimarcu
4856ab0750
Allow for non-/ deployments. Fixes #61
2015-10-30 18:36:47 -04:00
andreimarcu
0b37309237
Allow configuration from ini-style file
2015-10-25 14:04:38 -04:00
andreimarcu
be08b7f0fd
Remove "sandbox" from files CSP to have pdfs work in chrome
2015-10-21 18:20:14 -04:00
andreimarcu
0d365409d0
Allow /upload/ for PUT requests without filename
2015-10-15 16:02:46 -04:00
andreimarcu
68653372ff
Rename auth header to Linx-Api-Key and remove
...
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
andreimarcu
6987edc0d8
Remove non-API navigation links when using auth
2015-10-14 15:20:41 -04:00
mutantmonkey
cd83f9f0eb
fix CSP referrer policy
...
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.
A fix was also needed for referrer checks in two places.
2015-10-11 23:49:15 -07:00
mutantmonkey
dd4ac3a7ed
add support remote auth keys
...
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
2015-10-11 19:31:13 -07:00
mutantmonkey
aa7dad3a03
add support for auth keys
...
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
2015-10-11 17:34:53 -07:00
andreimarcu
2b0135697b
Add option for using Real-IP
2015-10-11 20:32:28 -04:00
andreimarcu
354278d488
Real-IP middleware for fastcgi + nginx doc update
2015-10-10 11:22:24 -04:00
mutantmonkey
82edabd036
change -b flag to -bind
...
This is for consistency with Goji's default flag and is more clear.
2015-10-09 23:06:28 -07:00
mutantmonkey
a09297389b
create our own mux instead of using goji default
...
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
2015-10-09 23:04:08 -07:00
andreimarcu
62443e984d
API documentation. Fixes #30
2015-10-08 21:48:06 -04:00
andreimarcu
639d519712
Configurable maximum upload file size. Fixes #35
2015-10-08 01:38:50 -04:00
andreimarcu
9b07728ddb
Added https option + graceful shutdown
2015-10-07 12:48:44 -04:00
George Burgess IV
12551d12b3
housekeeping
2015-10-05 23:51:49 -07:00
George Burgess IV
4330d605e3
Clean up logging on start
2015-10-05 23:49:57 -07:00
andreimarcu
ce73598f12
Document csp flags
2015-10-04 22:43:42 -04:00
mutantmonkey
ad9d712a3a
add a file blacklist and add robots.txt
...
Fixes #26
2015-10-04 18:16:27 -07:00
mutantmonkey
e030c07f94
allow unsafe-inline for style-src for now
...
This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
2015-10-04 15:11:23 -07:00
mutantmonkey
5e7e96af01
add support for some security headers
...
This commit adds support for Content-Security-Policy and
X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 14:58:00 -07:00
andreimarcu
1e1c8caa53
Add /favicon.ico route
2015-10-04 12:58:30 -04:00
andreimarcu
8f7b47f572
Support remote uploads
2015-10-01 20:58:08 -04:00
andreimarcu
52cc3b4dff
Add fastcgi support and static cache headers
2015-10-01 10:32:59 -04:00
andreimarcu
ba73f4adf3
Fix static directory listing recursion
2015-09-30 15:54:30 -04:00
andreimarcu
2f5bf2cd65
Added pasteHandler and paste upload
2015-09-30 00:56:51 -04:00
andreimarcu
5b91993677
Add torrent generation
2015-09-29 23:35:25 -04:00
andreimarcu
22818d86ce
Implement hotlink protection
2015-09-29 19:28:10 -04:00
mutantmonkey
091225b9e4
add torrent support
...
This change adds an option to download files with BitTorrent. A webseed
is provided in the torrent file to bootstrap the swarm.
2015-09-28 22:58:14 -07:00
Matt Hazinski
51ccc2f6a4
Add delete method
2015-09-28 23:46:43 -04:00
andreimarcu
ae1933c93b
go.rice needs string literal
2015-09-28 21:58:50 -04:00
andreimarcu
2255716c7d
switch to mimemagic to avoid cgo
2015-09-28 21:41:07 -04:00
andreimarcu
56e305bfcc
go.rice now serves static and template files
2015-09-28 20:46:58 -04:00
andreimarcu
5f78fe6619
Added tests for uploads
2015-09-28 16:02:03 -04:00
andreimarcu
8c50d4322f
Added support for testing, removed uuid requirement
2015-09-28 12:30:21 -04:00
andreimarcu
c32a698cbc
upload expiry/barename respect, random fixes
2015-09-28 00:25:57 -04:00
andreimarcu
935db7c618
Fixed pdf/audio
2015-09-27 23:07:15 -04:00
Matt Hazinski
a10b838f4d
Add preliminary metadata support
2015-09-27 22:43:41 -04:00
andreimarcu
674c4be3e3
Never accept PRs without testing again
2015-09-26 07:50:33 -04:00
Matt Hazinski
11cb55232a
Make filesDir if it does not exist
2015-09-25 22:03:23 -04:00
andreimarcu
9b0385bf6f
Check if file exists and increment filename
2015-09-25 12:47:55 -04:00
andreimarcu
d98b63e8bd
Performance improvements, custom 404+500, -nologs, PUT uploads fix
2015-09-25 12:00:14 -04:00
andreimarcu
8caae56b39
json response + imported old drag and drop uploader
2015-09-25 00:58:38 -04:00
andreimarcu
acb124b7fb
Add template globals, disable template caching while debug
2015-09-24 23:21:42 -04:00