Homec4science

Allow only CDN routes when using security.alternate-file-domain

Authored by Joseph Battelle <git@bttelle.com> on Jul 25 2014, 15:40.

Description

Allow only CDN routes when using security.alternate-file-domain

Summary:
Instead of allowing all routes based on security.alternate-file-domain, now, when security.alternate-file-domain is set, and the request matches this domain, requests are validated against an explicit list. Allowed routes:

  • /res/
  • /file/data/
  • /file/xform/
  • /phame/r/

This will be redone by T5702 to be less of a hack.

Test Plan:

  • browse around (incl. Phame live) to make sure there is no regression from this when security.alternate-file-domain is not used.
  • check that celerity resources and files (incl. previews) are served with security.alternate-file-domain set.
  • check that phame live blog is serving its css correctly with security.alternate-file-domain set.
  • check that requests outside of the whitelist generate an exception for security.alternate-file-domain

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10048

Details

Committed
epriestley <git@epriestley.com>Jul 25 2014, 15:40
Pushed
aubortJan 31 2017, 17:16
Parents
rPH51b5bf1e673a: Fix unmigrated load() call in Audit inlines
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHc006cca9b1e9: Allow only CDN routes when using security.alternate-file-domain (authored by Joseph Battelle <git@bttelle.com>).Jul 25 2014, 15:40