mutantmonkey
6ff181facb
add strict referrer check for POST uploads
...
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu
a60a7cc9e6
Cache static files + Separate CSS more. Fixes #44
2015-10-07 23:35:48 -04:00
andreimarcu
6e33fe6ac8
Metadata holds mimetype, sha256sum, archiveFiles
2015-10-07 22:45:34 -04:00
andreimarcu
d05f0b645b
Display contents of common archives. Fixes #34
2015-10-07 16:45:41 -04:00
andreimarcu
edfb80daac
Markdown display handler. Fixes #33
2015-10-07 15:00:42 -04:00
andreimarcu
3c868d8fe5
Document new usage options
2015-10-07 13:25:38 -04:00
andreimarcu
9b07728ddb
Added https option + graceful shutdown
2015-10-07 12:48:44 -04:00
andreimarcu
a1e3f6f31f
go vet complaint
2015-10-07 03:02:07 -04:00
andreimarcu
9640e2c7ce
Tests + fixes
2015-10-07 03:00:03 -04:00
andreimarcu
11039d57f1
Fix dyreshark breakages + fix small file with no extension bug
2015-10-07 01:15:45 -04:00
Andrei Marcu
3d55697adc
Merge pull request #42 from matthazinski/remote_upload_params
...
Add support for deletion key and expiry in remote upload
2015-10-07 00:11:38 -04:00
Matt Hazinski
875ebd6db2
Add support for deletion key and expiry in remote upload
2015-10-07 00:08:14 -04:00
Andrei Marcu
a5d4f754e7
Merge pull request #41 from dyreshark/master
...
Cleanup
2015-10-06 03:01:33 -04:00
George Burgess IV
12551d12b3
housekeeping
2015-10-05 23:51:49 -07:00
George Burgess IV
1e421e07cd
swap to using time types instead of ints
2015-10-05 23:50:20 -07:00
George Burgess IV
4330d605e3
Clean up logging on start
2015-10-05 23:49:57 -07:00
andreimarcu
c5250e529e
Headers are now Linx-.. instead of X-...
2015-10-06 00:31:09 -04:00
andreimarcu
ce73598f12
Document csp flags
2015-10-04 22:43:42 -04:00
Andrei Marcu
f5e11ef8a3
Merge pull request #40 from mutantmonkey/librejs
...
add LibreJS tags to JavaScript
2015-10-04 21:47:05 -04:00
mutantmonkey
73eba6aaad
add LibreJS tags to JavaScript
...
Fixes #38
2015-10-04 18:42:56 -07:00
Andrei Marcu
46d6b7b98a
Merge pull request #39 from mutantmonkey/robots.txt
...
add a file blacklist and add robots.txt
2015-10-04 21:21:06 -04:00
mutantmonkey
ad9d712a3a
add a file blacklist and add robots.txt
...
Fixes #26
2015-10-04 18:16:27 -07:00
andreimarcu
d40cc5e1be
More textarea consistency
2015-10-04 19:05:13 -04:00
andreimarcu
060ab351b0
Textarea consistency with pastebin
2015-10-04 18:56:30 -04:00
andreimarcu
cb8b8800ba
Cleanup vim artifacts
2015-10-04 18:24:13 -04:00
Andrei Marcu
7152adb902
Merge pull request #36 from mutantmonkey/csp
...
Add support for Content-Security-Policy and X-Frame-Options
2015-10-04 18:22:52 -04:00
mutantmonkey
b96ee60c4c
Revert "add X-Content-Type-Options: nosniff"
...
This reverts commit 71d5f51ae6
.
2015-10-04 15:21:27 -07:00
mutantmonkey
71d5f51ae6
add X-Content-Type-Options: nosniff
2015-10-04 15:18:22 -07:00
mutantmonkey
42aab4dca1
fix a merge conflict mistake for upload errors
2015-10-04 15:13:53 -07:00
mutantmonkey
e030c07f94
allow unsafe-inline for style-src for now
...
This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
2015-10-04 15:11:23 -07:00
mutantmonkey
5e7e96af01
add support for some security headers
...
This commit adds support for Content-Security-Policy and
X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 14:58:00 -07:00
mutantmonkey
70cff4431d
tweak editor textarea style
2015-10-04 14:57:36 -07:00
mutantmonkey
f0e71325c4
Merge branch 'master' into csp
2015-10-04 14:39:29 -07:00
andreimarcu
3e2537ca68
Get rid of ace editor
2015-10-04 17:27:47 -04:00
mutantmonkey
44172ec98a
clean up HTML, CSS, and JavaScript for CSP
...
In order to implement Content-Security-Policy, the inlined style, event
handlers, and scripts all have to go. This commit completes this work.
2015-10-04 14:13:29 -07:00
andreimarcu
1e1c8caa53
Add /favicon.ico route
2015-10-04 12:58:30 -04:00
andreimarcu
d40803f165
More verbose errors
2015-10-04 12:47:20 -04:00
mutantmonkey
84f38026eb
do some more HTML and JS cleanup
2015-10-04 00:14:21 -07:00
mutantmonkey
b83f11e80a
remove inline js on pastebin pages
2015-10-03 23:58:56 -07:00
andreimarcu
335517bf17
Update upload.js with 200 status for delete
2015-10-04 02:28:00 -04:00
andreimarcu
7f2db43108
DELETE requests respond with 200 on successful deletes
2015-10-04 02:25:00 -04:00
andreimarcu
adf77c642f
Added basic build script
2015-10-02 22:23:38 -04:00
andreimarcu
64034a74a6
Merge branch 'mutantmonkey-no_css_in_js'
2015-10-02 02:07:52 -04:00
mutantmonkey
f216b06df5
remove most of CSS from JavaScript
...
The uploadElement is probably going to have to stay, unfortunately, but
the rest is gone.
2015-10-01 23:05:26 -07:00
Andrei Marcu
5fa994771f
Merge pull request #24 from mutantmonkey/torrent_fixup
...
change CreateTorrent to createTorrent
2015-10-02 01:37:50 -04:00
andreimarcu
5aa8ed011f
Merge branch 'mutantmonkey-safeuris'
2015-10-02 01:37:19 -04:00
mutantmonkey
199289a58d
change CreateTorrent to createTorrent
...
After some discussion, I decided it was probably best to not export this
after all.
2015-10-01 22:33:30 -07:00
mutantmonkey
98106ec74f
use better random for URLs and delete keys
...
Using a PRNG seeded based on only the time for these is a bad idea as
the output is predictable. Instead, use a package that generates random
strings using go's crypo/rand package to provide cryptographically
secure random URLs and delete keys.
2015-10-01 22:09:40 -07:00
andreimarcu
8f7b47f572
Support remote uploads
2015-10-01 20:58:08 -04:00
andreimarcu
9cd20c81fc
This is not the commit you are looking for
2015-10-01 13:01:44 -04:00