Move ALL files to serve from the alternate file domain, not just files without…
549146bc7cc4
Actions

Authored by epriestley <git@epriestley.com> on Feb 14 2012, 23:52.

Description

Move ALL files to serve from the alternate file domain, not just files without "Content-Disposition: attachment"

Summary:
We currently serve some files off the primary domain (with "Content-Disposition:
attachment" + a CSRF check) and some files off the alternate domain (without
either).

This is not sufficient, because some UAs (like the iPad) ignore
"Content-Disposition: attachment". So there's an attack that goes like this:

Alice uploads xss.html
Alice says to Bob "hey download this file on your iPad"
- Bob clicks "Download" on Phabricator on his iPad, gets XSS'd.

NOTE: This removes the CSRF check for downloading files. The check is nice to have but only raises the barrier to entry slightly. Between iPad / sniffing / flash bytecode attacks, single-domain installs are simply insecure. We could restore the check at some point in conjunction with a derived authentication cookie (i.e., a mini-session-token which is only useful for downloading files), but that's a lot of complexity to drop all at once.

(Because files are now authenticated only by knowing the PHID and secret key,
this also fixes the "no profile pictures in public feed while logged out"
issue.)

Test Plan: Viewed, info'd, and downloaded files

Reviewers: btrahan, arice, alok

Reviewed By: arice

CC: aran, epriestley

Maniphest Tasks: T843

Differential Revision: https://secure.phabricator.com/D1608

Details

Committed

epriestley <git@epriestley.com>

Feb 14 2012, 23:52

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHc8b4bfdcd1cc: Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH549146bc7cc4: Move ALL files to serve from the alternate file domain, not just files without… (authored by epriestley <git@epriestley.com>).Feb 14 2012, 23:52

Changes (18)

		Path
M		conf/default.conf.php
M		src/__phutil_library_map__.php
M		src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php
D		src/applications/files/controller/altview
V		src/applications/files/controller/{altview/PhabricatorFileAltViewController.php → data/PhabricatorFileDataController.php}
V		src/applications/files/controller/{altview → data}/__init__.php
A	(dir)	src/applications/files/controller/data/
V		src/applications/files/controller/{data/PhabricatorFileDataController.php ← altview/PhabricatorFileAltViewController.php}
V		src/applications/files/controller/{data ← altview}/__init__.php
A	(dir)	src/applications/files/controller/info/
V		src/applications/files/controller/{info/PhabricatorFileInfoController.php ← view/PhabricatorFileViewController.php}
V		src/applications/files/controller/{info ← view}/__init__.php
D		src/applications/files/controller/view
V		src/applications/files/controller/{view/PhabricatorFileViewController.php → info/PhabricatorFileInfoController.php}
V		src/applications/files/controller/{view → info}/__init__.php
M		src/applications/files/storage/file/PhabricatorFile.php
M		src/infrastructure/env/PhabricatorEnv.php
M		src/infrastructure/setup/PhabricatorSetup.php

Move ALL files to serve from the alternate file domain, not just files without…549146bc7cc4Actions

Description

Details

Event Timeline

Changes (18)

rPH549146bc7cc4

conf/default.conf.php

src/__phutil_library_map__.php

src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php

src/applications/files/controller/altview

src/applications/files/controller/altview/PhabricatorFileAltViewController.php

src/applications/files/controller/altview/__init__.php

src/applications/files/controller/data/PhabricatorFileDataController.php

src/applications/files/controller/data/__init__.php

src/applications/files/controller/info/PhabricatorFileInfoController.php

src/applications/files/controller/info/__init__.php

src/applications/files/controller/view

src/applications/files/controller/view/PhabricatorFileViewController.php

src/applications/files/controller/view/__init__.php

src/applications/files/storage/file/PhabricatorFile.php

src/infrastructure/env/PhabricatorEnv.php

src/infrastructure/setup/PhabricatorSetup.php

Move ALL files to serve from the alternate file domain, not just files without…
549146bc7cc4
Actions

src/applications/files/controller/altview/init.php

src/applications/files/controller/data/init.php

src/applications/files/controller/info/init.php

src/applications/files/controller/view/init.php