Homec4science
Diffusion Phabricator 68c30e1a714a

Provide a setting which forces all file views to be served from an alternate…
68c30e1a714a
Actions

Authored by epriestley <git@epriestley.com> on Aug 2 2011, 07:24.

Description

Provide a setting which forces all file views to be served from an alternate domain

Summary:
See D758, D759.

  • Provide a strongly recommended setting which permits configuration of an

alternate domain.

  • Lock cookies down better: set them on the exact domain, and use SSL-only if

the configuration is HTTPS.

  • Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:

  • Attempted to login from a different domain and was rejected.
  • Logged out, logged back in normally.
  • Put install in setup mode and verified it revealed a warning.
  • Configured an alterate domain.
  • Tried to view an image with an old URI, got a 400.
  • Went to /files/ and verified links rendered to the alternate domain.
  • Viewed an alternate domain file.
  • Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760

Details

Committed
epriestley <git@epriestley.com>Aug 16 2011, 22:21
Pushed
aubortJan 31 2017, 17:16
Parents
rPH355b753df70c: Prevent file download without POST + CSRF
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH68c30e1a714a: Provide a setting which forces all file views to be served from an alternate… (authored by epriestley <git@epriestley.com>).Aug 16 2011, 22:21

Changes (16)

Path
Mconf/default.conf.php
Msrc/__phutil_library_map__.php
Msrc/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php
Msrc/aphront/request/AphrontRequest.php
Msrc/aphront/request/__init__.php
A(dir)src/applications/files/controller/altview/
Psrc/applications/files/controller/altview/PhabricatorFileAltViewController.php
Copied from src/applications/xhprof/controller/profile/PhabricatorXHProfProfileController.php
Psrc/applications/files/controller/altview/__init__.php
Copied from src/applications/files/controller/proxy/__init__.php
Msrc/applications/files/controller/list/PhabricatorFileListController.php
Msrc/applications/files/controller/view/PhabricatorFileViewController.php
Msrc/applications/files/controller/view/__init__.php
Msrc/applications/files/storage/file/PhabricatorFile.php
Msrc/applications/files/storage/file/__init__.php
Msrc/applications/files/uri/PhabricatorFileURI.php
Msrc/applications/files/uri/__init__.php
Msrc/infrastructure/setup/PhabricatorSetup.php

rPH68c30e1a714a

View Options

conf/default.conf.php

Loading...
View Options

src/__phutil_library_map__.php

Loading...
View Options

src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php

Loading...
View Options

src/aphront/request/AphrontRequest.php

Loading...
View Options

src/aphront/request/__init__.php

Loading...
View Options

src/applications/files/controller/altview/PhabricatorFileAltViewController.php

Loading...
View Options

src/applications/files/controller/altview/__init__.php

Loading...
View Options

src/applications/files/controller/list/PhabricatorFileListController.php

Loading...
View Options

src/applications/files/controller/view/PhabricatorFileViewController.php

Loading...
View Options

src/applications/files/controller/view/__init__.php

Loading...
View Options

src/applications/files/storage/file/PhabricatorFile.php

Loading...
View Options

src/applications/files/storage/file/__init__.php

Loading...
View Options

src/applications/files/uri/PhabricatorFileURI.php

Loading...
View Options

src/applications/files/uri/__init__.php

Loading...
View Options

src/infrastructure/setup/PhabricatorSetup.php

Loading...
c4science · Help