andreimarcu
d6755486b2
Sanitize upload response ( Fixes #79 )
2016-06-15 00:16:57 -07:00
andreimarcu
e8d2d75c1c
Update documentation
2016-06-14 23:38:36 -07:00
andreimarcu
47a1aa6396
Infer sitename from Host if empty
2016-06-14 23:21:39 -07:00
Andrei Marcu
9c6088cfe5
Merge pull request #84 from mutantmonkey/abstract_storage
...
use abstracted storage for flexibility
2016-06-14 21:10:46 -07:00
mutantmonkey
fcd18eceec
use abstracted storage for flexibility
...
I moved the storage functionality into the StorageBackend interface,
which is currently only implemented by LocalfsBackend.
2016-06-08 20:18:31 -07:00
Andrei Marcu
61eb32a79b
Merge pull request #83 from mutantmonkey/csp_frame_ancestors
...
Use Content-Security-Policy frame-ancestors
2016-06-05 00:29:13 -07:00
Andrei Marcu
2fb58e7da1
Merge pull request #82 from mutantmonkey/infer_siteurl
...
Infer site URL from host and headers
2016-06-05 00:28:46 -07:00
mutantmonkey
47670af185
Infer site URL from host and headers
...
We can use the Host property of the request and the X-Forwarded-Proto to
infer the site URL. To reduce complexity, the path is not inferred, and
it is assumed that linx-server is running at /. If this is not the case,
the site URL must be manually configured; this is no different than it
was before.
2016-06-04 18:34:22 -07:00
mutantmonkey
2b5cc07005
Use Content-Security-Policy frame-ancestors
...
X-Frame-Options has been deprecated by Content Security Policy Level 2.
We will need to provide the option for older browsers for the time
being, but frame-ancestors is preferred on newer ones.
2016-06-04 15:04:32 -07:00
andreimarcu
afa65349cc
Fix typos in API template
2016-06-04 00:36:51 -07:00
Andrei Marcu
14ba403145
Merge pull request #81 from mutantmonkey/addheaders
...
Add ability to set arbitrary headers
2016-06-03 22:59:29 -07:00
mutantmonkey
39bb999db6
Add ability to set arbitrary headers
...
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
2016-06-03 22:49:01 -07:00
Andrei Marcu
1f3bc4bfea
Merge branch 'mutantmonkey-better_extension_handling'
2016-02-15 14:44:43 -08:00
mutantmonkey
b0d2f2a142
support .tar.gz-style extensions
...
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes #74 .
2016-02-12 21:27:39 -08:00
Andrei Marcu
bc66bcc069
Merge pull request #73 from mutantmonkey/workaround_chrome_nonsense
...
workaround chrome nonsense with CSP
2015-12-04 22:34:36 -05:00
mutantmonkey
817ac67632
workaround chrome nonsense with CSP
...
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
2015-12-04 19:28:30 -08:00
andreimarcu
5dcfca5f74
Order matters no. 2
2015-12-04 00:19:33 -05:00
andreimarcu
7c1a4640db
Order matters!
2015-12-02 14:58:48 -05:00
andreimarcu
88c00027ea
Add line numbers for pastebin. Fixes #70
2015-11-12 11:17:53 -05:00
andreimarcu
10d30df81f
Fix out of bounds error
2015-11-12 01:04:05 -05:00
andreimarcu
9cf55ac687
Redirect hotlink instead of 403. Fixes #69
2015-11-12 00:56:22 -05:00
andreimarcu
e6d79eb5cf
Temporary fix for text detection
2015-10-30 23:13:43 -04:00
andreimarcu
4856ab0750
Allow for non-/ deployments. Fixes #61
2015-10-30 18:36:47 -04:00
andreimarcu
07aaad2cd8
Match more text mimetypes
2015-10-28 15:55:56 -04:00
andreimarcu
294e8d8be2
Better text detection
2015-10-28 15:21:54 -04:00
andreimarcu
9b1df43ef2
Trim "-" in filenames
2015-10-28 14:31:51 -04:00
andreimarcu
0b37309237
Allow configuration from ini-style file
2015-10-25 14:04:38 -04:00
andreimarcu
c53c909165
Remove unnecessary margin on pastebins
2015-10-21 21:41:27 -04:00
andreimarcu
be08b7f0fd
Remove "sandbox" from files CSP to have pdfs work in chrome
2015-10-21 18:20:14 -04:00
andreimarcu
ba9fcd3a7b
Document allowing hotlinking
2015-10-18 11:08:47 -04:00
andreimarcu
c8fc62398a
Enable randomize in remote uploads
2015-10-18 11:07:39 -04:00
andreimarcu
20456b0b3c
Updarte README.md
2015-10-15 20:16:02 -04:00
andreimarcu
39ae89107c
Update README.md
2015-10-15 19:51:52 -04:00
andreimarcu
7df3b1328e
Update README.md
2015-10-15 19:33:38 -04:00
andreimarcu
50a54bbcfc
Add linx-client in API documentation
2015-10-15 17:26:35 -04:00
andreimarcu
0d365409d0
Allow /upload/ for PUT requests without filename
2015-10-15 16:02:46 -04:00
andreimarcu
120909ce46
Template file was missing
2015-10-15 12:26:43 -04:00
andreimarcu
c77f8285d4
Fix/implement .story
2015-10-15 12:24:23 -04:00
andreimarcu
9847beeff5
Cleanup
2015-10-14 22:47:36 -04:00
andreimarcu
3c659601e2
Make it an option for post uploads
2015-10-14 20:40:25 -04:00
andreimarcu
9b724725b3
Blank referrers are allowed
2015-10-14 20:35:43 -04:00
andreimarcu
256ca43d69
Update API documentation with API keys
2015-10-14 16:47:13 -04:00
andreimarcu
b1e82f8d7f
Update build.sh to build linx-genkey
2015-10-14 16:31:52 -04:00
andreimarcu
68653372ff
Rename auth header to Linx-Api-Key and remove
...
b64encoding requirement for uploading with keys
2015-10-14 16:18:29 -04:00
andreimarcu
6987edc0d8
Remove non-API navigation links when using auth
2015-10-14 15:20:41 -04:00
andreimarcu
be15ba076d
Removed unnecessary duplicate static caching
2015-10-14 14:58:27 -04:00
Andrei Marcu
e1b2896c64
Merge pull request #60 from mutantmonkey/proper_referrer_check
...
do a proper same-origin check
2015-10-13 23:04:39 -04:00
mutantmonkey
d138755806
do a proper same-origin check
...
String prefix matching is hacky and provides insufficient checking if it
does not end with a /.
2015-10-13 19:55:32 -07:00
Andrei Marcu
ff1d9f56a1
Merge pull request #59 from mutantmonkey/csp_referrer_fix
...
fix CSP referrer policy
2015-10-12 10:01:50 -04:00
mutantmonkey
a3723d3665
short-circuit on origin header
...
If the Origin header is present, we can check it and skip the other
checks.
2015-10-12 01:23:06 -07:00