2b5cc07005
Use Content-Security-Policy frame-ancestors
X-Frame-Options has been deprecated by Content Security Policy Level 2.
We will need to provide the option for older browsers for the time
being, but frame-ancestors is preferred on newer ones.
9 years ago
39bb999db6
Add ability to set arbitrary headers
This is useful if you want to add headers for things like HTTP Strict
Transport Security or HTTP Public Key Pinning.
9 years ago
817ac67632
workaround chrome nonsense with CSP
Apparently the Chromium developers have decided that it was a good idea
for them to use inline styles on the image/PDF viewers in their browser.
I have no idea why they would think this, as it is not, but since this
causes breakage we allow unsafe-inline for styles on files.
9 years ago
4856ab0750
Allow for non-/ deployments. Fixes #61
9 years ago
0b37309237
Allow configuration from ini-style file
9 years ago
be08b7f0fd
Remove "sandbox" from files CSP to have pdfs work in chrome
9 years ago
0d365409d0
Allow /upload/ for PUT requests without filename
9 years ago
68653372ff
Rename auth header to Linx-Api-Key and remove
b64encoding requirement for uploading with keys
9 years ago
6987edc0d8
Remove non-API navigation links when using auth
9 years ago
cd83f9f0eb
fix CSP referrer policy
The policy of "referrer none" was incorrect and was nonfunctional. With
this change, the CSP referrer policy is set to origin, which
will causes only the origin to be sent for requests made from the main
site.
A fix was also needed for referrer checks in two places.
9 years ago
dd4ac3a7ed
add support remote auth keys
These are taken as a parameter to the remote upload page. Note that all
keys will be logged since this is a GET request.
9 years ago
aa7dad3a03
add support for auth keys
Add a middleware that requires authorization for all POST, PUT, and
DELETE requests. This is done using the Authorization header and the
provided auth key is then checked against a file containing scrypted
auth keys. These keys are salted the constant string `linx-server`.
9 years ago
2b0135697b
Add option for using Real-IP
9 years ago
354278d488
Real-IP middleware for fastcgi + nginx doc update
9 years ago
82edabd036
change -b flag to -bind
This is for consistency with Goji's default flag and is more clear.
9 years ago
a09297389b
create our own mux instead of using goji default
This is a better way to do things since we were customizing middleware
and everything anyway. It's also necessary in order to avoid pulling in
the default Goji -bind flag: https://github.com/zenazn/goji/issues/47
9 years ago
62443e984d
API documentation. Fixes #30
9 years ago
639d519712
Configurable maximum upload file size. Fixes #35
9 years ago
9b07728ddb
Added https option + graceful shutdown
9 years ago
12551d12b3
housekeeping
9 years ago
4330d605e3
Clean up logging on start
9 years ago
ce73598f12
Document csp flags
9 years ago
ad9d712a3a
add a file blacklist and add robots.txt
Fixes #26
9 years ago
e030c07f94
allow unsafe-inline for style-src for now
This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
9 years ago
5e7e96af01
add support for some security headers
This commit adds support for Content-Security-Policy and
X-Frame-Options using the ContentSecurityPolicy middleware.
9 years ago
1e1c8caa53
Add /favicon.ico route
9 years ago
8f7b47f572
Support remote uploads
9 years ago
52cc3b4dff
Add fastcgi support and static cache headers
9 years ago
ba73f4adf3
Fix static directory listing recursion
9 years ago
2f5bf2cd65
Added pasteHandler and paste upload
9 years ago
22818d86ce
Implement hotlink protection
9 years ago
091225b9e4
add torrent support
This change adds an option to download files with BitTorrent. A webseed
is provided in the torrent file to bootstrap the swarm.
9 years ago
51ccc2f6a4
Add delete method
9 years ago
ae1933c93b
go.rice needs string literal
9 years ago
2255716c7d
switch to mimemagic to avoid cgo
9 years ago
56e305bfcc
go.rice now serves static and template files
9 years ago
5f78fe6619
Added tests for uploads
9 years ago
8c50d4322f
Added support for testing, removed uuid requirement
9 years ago
c32a698cbc
upload expiry/barename respect, random fixes
9 years ago
935db7c618
Fixed pdf/audio
9 years ago
a10b838f4d
Add preliminary metadata support
9 years ago
674c4be3e3
Never accept PRs without testing again
9 years ago
11cb55232a
Make filesDir if it does not exist
9 years ago
9b0385bf6f
Check if file exists and increment filename
9 years ago
d98b63e8bd
Performance improvements, custom 404+500, -nologs, PUT uploads fix
9 years ago
8caae56b39
json response + imported old drag and drop uploader
9 years ago
acb124b7fb
Add template globals, disable template caching while debug
9 years ago
d869599da7
Bare /static support, some css/templates import
9 years ago
52b7e594f3
cleanup imports
9 years ago
2dbe318b18
Initial commit
9 years ago
mutantmonkey
andreimarcu
George Burgess IV
Matt Hazinski