mutantmonkey
2b5cc07005
Use Content-Security-Policy frame-ancestors
X-Frame-Options has been deprecated by Content Security Policy Level 2.
We will need to provide the option for older browsers for the time
being, but frame-ancestors is preferred on newer ones.
9 years ago
andreimarcu
afa65349cc
Fix typos in API template
9 years ago
Andrei Marcu
14ba403145
Merge pull request #81 from mutantmonkey/addheaders
Add ability to set arbitrary headers
9 years ago
mutantmonkey
39bb999db6
Add ability to set arbitrary headers
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
9 years ago
Andrei Marcu
1f3bc4bfea
Merge branch 'mutantmonkey-better_extension_handling'
9 years ago
mutantmonkey
b0d2f2a142
support .tar.gz-style extensions
Some extensions actually consist of multiple parts, like .tar.gz, so we
should handle this properly instead of merging part of the extension
with the bare name. Right now only tar is allowed, but others can be
added easily.
Fixes #74 .
9 years ago
Andrei Marcu
bc66bcc069
Merge pull request #73 from mutantmonkey/workaround_chrome_nonsense
workaround chrome nonsense with CSP
9 years ago
mutantmonkey
817ac67632
workaround chrome nonsense with CSP
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
9 years ago
andreimarcu
5dcfca5f74
Order matters no. 2
9 years ago
andreimarcu
7c1a4640db
Order matters!
9 years ago
andreimarcu
88c00027ea
Add line numbers for pastebin. Fixes #70
9 years ago
andreimarcu
10d30df81f
Fix out of bounds error
9 years ago
andreimarcu
9cf55ac687
Redirect hotlink instead of 403. Fixes #69
9 years ago
andreimarcu
e6d79eb5cf
Temporary fix for text detection
9 years ago
andreimarcu
4856ab0750
Allow for non-/ deployments. Fixes #61
9 years ago
andreimarcu
07aaad2cd8
Match more text mimetypes
9 years ago
andreimarcu
294e8d8be2
Better text detection
9 years ago
andreimarcu
9b1df43ef2
Trim "-" in filenames
9 years ago
andreimarcu
0b37309237
Allow configuration from ini-style file
9 years ago
andreimarcu
c53c909165
Remove unnecessary margin on pastebins
9 years ago
andreimarcu
be08b7f0fd
Remove "sandbox" from files CSP to have pdfs work in chrome
9 years ago
andreimarcu
ba9fcd3a7b
Document allowing hotlinking
9 years ago
andreimarcu
c8fc62398a
Enable randomize in remote uploads
9 years ago
andreimarcu
20456b0b3c
Updarte README.md
9 years ago
andreimarcu
39ae89107c
Update README.md
9 years ago
andreimarcu
7df3b1328e
Update README.md
9 years ago
andreimarcu
50a54bbcfc
Add linx-client in API documentation
9 years ago
andreimarcu
0d365409d0
Allow /upload/ for PUT requests without filename
9 years ago
andreimarcu
120909ce46
Template file was missing
9 years ago
andreimarcu
c77f8285d4
Fix/implement .story
9 years ago
andreimarcu
9847beeff5
Cleanup
9 years ago
andreimarcu
3c659601e2
Make it an option for post uploads
9 years ago
andreimarcu
9b724725b3
Blank referrers are allowed
9 years ago
andreimarcu
256ca43d69
Update API documentation with API keys
9 years ago
andreimarcu
b1e82f8d7f
Update build.sh to build linx-genkey
9 years ago
andreimarcu
68653372ff
Rename auth header to Linx-Api-Key and remove
b64encoding requirement for uploading with keys
9 years ago
andreimarcu
6987edc0d8
Remove non-API navigation links when using auth
9 years ago
andreimarcu
be15ba076d
Removed unnecessary duplicate static caching
9 years ago
Andrei Marcu
e1b2896c64
Merge pull request #60 from mutantmonkey/proper_referrer_check
do a proper same-origin check
9 years ago
mutantmonkey
d138755806
do a proper same-origin check
String prefix matching is hacky and provides insufficient checking if it
does not end with a /.
9 years ago
Andrei Marcu
ff1d9f56a1
Merge pull request #59 from mutantmonkey/csp_referrer_fix
fix CSP referrer policy
9 years ago
mutantmonkey
a3723d3665
short-circuit on origin header
If the Origin header is present, we can check it and skip the other
checks.
9 years ago
mutantmonkey
0a1aa869e4
nicer 400 error page
9 years ago
mutantmonkey
a7ae455ac1
strict referrer check improvements
* Always check Origin if it is present, regardless of headers sent
* Whitelist X-Requested-With header
9 years ago
mutantmonkey
61147554a9
update CSP flags in readme
9 years ago
mutantmonkey
cd83f9f0eb
fix CSP referrer policy
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.
A fix was also needed for referrer checks in two places.
9 years ago
Andrei Marcu
4fee922543
Merge pull request #58 from mutantmonkey/referrer_fixup2
trim trailing / for origin checking
9 years ago
mutantmonkey
39d874374d
trim trailing / for origin checking
9 years ago
Andrei Marcu
60239467fd
Merge pull request #56 from mutantmonkey/auth
Add support for auth keys (and remote auth keys)
9 years ago
mutantmonkey
613ab24721
show usage for -authfile and -remoteauthfile
9 years ago