Commit Graph

338 Commits

Author SHA1 Message Date
mutantmonkey 874c23087d add crossdomain.xml to file blacklist 2015-10-09 00:06:23 -07:00
andreimarcu eeede281a7 Case insensitive fs again 2015-10-08 23:58:57 -04:00
Andrei Marcu d9723b8350 Merge pull request #49 from mutantmonkey/referrer_check
add strict referrer check for POST uploads
2015-10-08 23:35:19 -04:00
mutantmonkey 6ff181facb add strict referrer check for POST uploads
This should protect against cross-site request forgery without the need
for cookies. It continues to allow requests with Linx-Delete-Key,
Linx-Expiry, or Linx-Randomize headers as these will not be set in the
case of cross-site requests.
2015-10-08 20:27:04 -07:00
andreimarcu 5885ef0832 Case-insensitive filesystems... 2015-10-08 21:50:10 -04:00
andreimarcu 62443e984d API documentation. Fixes #30 2015-10-08 21:48:06 -04:00
andreimarcu e9132a1193 File overwriting support. Fixes #8 2015-10-08 12:49:29 -04:00
andreimarcu 8ad079ed0a Fix readme 2015-10-08 01:40:03 -04:00
andreimarcu 639d519712 Configurable maximum upload file size. Fixes #35 2015-10-08 01:38:50 -04:00
andreimarcu 040ffa89f7 Adjust margin 2015-10-08 01:18:21 -04:00
andreimarcu 37d3e96e22 Fix no-javascript fallback ugliness of index page. Fixes #37 2015-10-08 00:19:22 -04:00
andreimarcu ed6ce1d1fa Small cosmetic changes 2015-10-07 23:49:21 -04:00
andreimarcu a60a7cc9e6 Cache static files + Separate CSS more. Fixes #44 2015-10-07 23:35:48 -04:00
andreimarcu 6e33fe6ac8 Metadata holds mimetype, sha256sum, archiveFiles 2015-10-07 22:45:34 -04:00
andreimarcu d05f0b645b Display contents of common archives. Fixes #34 2015-10-07 16:45:41 -04:00
andreimarcu edfb80daac Markdown display handler. Fixes #33 2015-10-07 15:00:42 -04:00
andreimarcu 3c868d8fe5 Document new usage options 2015-10-07 13:25:38 -04:00
andreimarcu 9b07728ddb Added https option + graceful shutdown 2015-10-07 12:48:44 -04:00
andreimarcu a1e3f6f31f go vet complaint 2015-10-07 03:02:07 -04:00
andreimarcu 9640e2c7ce Tests + fixes 2015-10-07 03:00:03 -04:00
andreimarcu 11039d57f1 Fix dyreshark breakages + fix small file with no extension bug 2015-10-07 01:15:45 -04:00
Andrei Marcu 3d55697adc Merge pull request #42 from matthazinski/remote_upload_params
Add support for deletion key and expiry in remote upload
2015-10-07 00:11:38 -04:00
Matt Hazinski 875ebd6db2 Add support for deletion key and expiry in remote upload 2015-10-07 00:08:14 -04:00
Andrei Marcu a5d4f754e7 Merge pull request #41 from dyreshark/master
Cleanup
2015-10-06 03:01:33 -04:00
George Burgess IV 12551d12b3 housekeeping 2015-10-05 23:51:49 -07:00
George Burgess IV 1e421e07cd swap to using time types instead of ints 2015-10-05 23:50:20 -07:00
George Burgess IV 4330d605e3 Clean up logging on start 2015-10-05 23:49:57 -07:00
andreimarcu c5250e529e Headers are now Linx-.. instead of X-... 2015-10-06 00:31:09 -04:00
andreimarcu ce73598f12 Document csp flags 2015-10-04 22:43:42 -04:00
Andrei Marcu f5e11ef8a3 Merge pull request #40 from mutantmonkey/librejs
add LibreJS tags to JavaScript
2015-10-04 21:47:05 -04:00
mutantmonkey 73eba6aaad add LibreJS tags to JavaScript
Fixes #38
2015-10-04 18:42:56 -07:00
Andrei Marcu 46d6b7b98a Merge pull request #39 from mutantmonkey/robots.txt
add a file blacklist and add robots.txt
2015-10-04 21:21:06 -04:00
mutantmonkey ad9d712a3a add a file blacklist and add robots.txt
Fixes #26
2015-10-04 18:16:27 -07:00
andreimarcu d40cc5e1be More textarea consistency 2015-10-04 19:05:13 -04:00
andreimarcu 060ab351b0 Textarea consistency with pastebin 2015-10-04 18:56:30 -04:00
andreimarcu cb8b8800ba Cleanup vim artifacts 2015-10-04 18:24:13 -04:00
Andrei Marcu 7152adb902 Merge pull request #36 from mutantmonkey/csp
Add support for Content-Security-Policy and X-Frame-Options
2015-10-04 18:22:52 -04:00
mutantmonkey b96ee60c4c Revert "add X-Content-Type-Options: nosniff"
This reverts commit 71d5f51ae6.
2015-10-04 15:21:27 -07:00
mutantmonkey 71d5f51ae6 add X-Content-Type-Options: nosniff 2015-10-04 15:18:22 -07:00
mutantmonkey 42aab4dca1 fix a merge conflict mistake for upload errors 2015-10-04 15:13:53 -07:00
mutantmonkey e030c07f94 allow unsafe-inline for style-src for now
This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
2015-10-04 15:11:23 -07:00
mutantmonkey 5e7e96af01 add support for some security headers
This commit adds support for Content-Security-Policy and
X-Frame-Options using the ContentSecurityPolicy middleware.
2015-10-04 14:58:00 -07:00
mutantmonkey 70cff4431d tweak editor textarea style 2015-10-04 14:57:36 -07:00
mutantmonkey f0e71325c4 Merge branch 'master' into csp 2015-10-04 14:39:29 -07:00
andreimarcu 3e2537ca68 Get rid of ace editor 2015-10-04 17:27:47 -04:00
mutantmonkey 44172ec98a clean up HTML, CSS, and JavaScript for CSP
In order to implement Content-Security-Policy, the inlined style, event
handlers, and scripts all have to go. This commit completes this work.
2015-10-04 14:13:29 -07:00
andreimarcu 1e1c8caa53 Add /favicon.ico route 2015-10-04 12:58:30 -04:00
andreimarcu d40803f165 More verbose errors 2015-10-04 12:47:20 -04:00
mutantmonkey 84f38026eb do some more HTML and JS cleanup 2015-10-04 00:14:21 -07:00
mutantmonkey b83f11e80a remove inline js on pastebin pages 2015-10-03 23:58:56 -07:00