Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages #1798
Labels
No Label
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.10.0
1.10.1
1.10.2
1.10a2
1.11.0
1.12.0
1.12.1
1.13.0
1.14.0
1.15.0
1.15.1
1.2.0
1.3.0
1.4.1
1.5.0
1.6.0
1.6.1
1.7.0
1.7.1
1.7β
1.8.0
1.8.1
1.8.2
1.8.3
1.8β
1.9.0
1.9.0-s3branch
1.9.0a1
1.9.0a2
1.9.0b1
1.9.1
1.9.2
1.9.2a1
LeastAuthority.com automation
blocker
cannot reproduce
cloud-branch
code
code-dirnodes
code-encoding
code-frontend
code-frontend-cli
code-frontend-ftp-sftp
code-frontend-magic-folder
code-frontend-web
code-mutable
code-network
code-nodeadmin
code-peerselection
code-storage
contrib
critical
defect
dev-infrastructure
documentation
duplicate
enhancement
fixed
invalid
major
minor
n/a
normal
operational
packaging
somebody else's problem
supercritical
task
trivial
unknown
was already fixed
website
wontfix
worksforme
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Reference: tahoe-lafs/trac-2024-07-25#1798
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This is a complementary approach to #1797 and #827 for solving the same-origin security problems described in #615.
Note that it has no security benefit on Internet Explorer because IE treats all ports on a host as being in the same origin. It does have benefit on other browsers.
I'd like to take this and separate the ports used for WUI pages and downloads.
I think I've read some parts of the affected code but would need some help on one part or another.
I could also try take a stab at the other referenced tickets, though I find this approach the most desirable, as browsers itself (regardless of vendor and version) enforce a strict separation between origins.
Sweet! Thanks, freddyb!
I'm not sure if it is also worth making separate ports for downloads (the result of a GET from
/named/
) (see also #1903) from view/display (the result of a/uri/
).I'm not sure I fully understand. Do you mean three ports? WUI, Download and display? Why should download and display be separated?
I thought about one port for download&display and one port for WUI and I realize that this might be much more work than anticipated, considering that I didn't think about the cli, which might need updating too.
I think it could be useful to redirect (http 301 moved permantently) GET requests for files that accidentally go to the WUI port. This could benefit compatibility and help identifying code points that don't use the new port.
Zooko, I don't see any security motivation for doing that. Both downloads and views are serving untrusted content, and the distinction between download and view is context-dependent (for example, an
<img>
tag always displays its referent regardless ofContent-Disposition
).