Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages #1798

New Issue

tahoe-lafs · 2012-08-27T19:08:19Z

davidsarah commented

2012-08-27 19:08:19 +00:00

This is a complementary approach to #1797 and #827 for solving the same-origin security problems described in #615.

Note that it has no security benefit on Internet Explorer because IE treats all ports on a host as being in the same origin. It does have benefit on other browsers.

This is a complementary approach to #1797 and #827 for solving the same-origin security problems described in #615. Note that it has no security benefit on Internet Explorer because IE treats all ports on a host as being in the same origin. It does have benefit on other browsers.

tahoe-lafs added the

labels 2012-08-27 19:08:19 +00:00

tahoe-lafs added this to the soon milestone 2012-08-27 19:08:19 +00:00

freddyb commented

2013-12-02 15:26:04 +00:00

I'd like to take this and separate the ports used for WUI pages and downloads.
I think I've read some parts of the affected code but would need some help on one part or another.

I could also try take a stab at the other referenced tickets, though I find this approach the most desirable, as browsers itself (regardless of vendor and version) enforce a strict separation between origins.

I'd like to take this and separate the ports used for WUI pages and downloads. I think I've read some parts of the affected code but would need some help on one part or another. I could also try take a stab at the other referenced tickets, though I find this approach the most desirable, as browsers itself (regardless of vendor and version) enforce a strict separation between origins.

zooko commented

2013-12-02 17:58:54 +00:00

Sweet! Thanks, freddyb!

I'm not sure if it is also worth making separate ports for downloads (the result of a GET from /named/) (see also #1903) from view/display (the result of a /uri/).

Sweet! Thanks, freddyb! I'm not sure if it is *also* worth making separate ports for downloads (the result of a GET from `/named/`) (see also #1903) from view/display (the result of a `/uri/`).

freddyb commented

2013-12-15 11:52:11 +00:00

I'm not sure I fully understand. Do you mean three ports? WUI, Download and display? Why should download and display be separated?

I thought about one port for download&display and one port for WUI and I realize that this might be much more work than anticipated, considering that I didn't think about the cli, which might need updating too.

I think it could be useful to redirect (http 301 moved permantently) GET requests for files that accidentally go to the WUI port. This could benefit compatibility and help identifying code points that don't use the new port.

I'm not sure I fully understand. Do you mean three ports? WUI, Download and display? Why should download and display be separated? I thought about one port for download&display and one port for WUI and I realize that this might be much more work than anticipated, considering that I didn't think about the cli, which might need updating too. I think it could be useful to redirect (http 301 moved permantently) GET requests for files that accidentally go to the WUI port. This could benefit compatibility and help identifying code points that don't use the new port.

daira commented

2013-12-15 15:18:32 +00:00

Zooko, I don't see any security motivation for doing that. Both downloads and views are serving untrusted content, and the distinction between download and view is context-dependent (for example, an <img> tag always displays its referent regardless of Content-Disposition).

Zooko, I don't see any security motivation for doing that. Both downloads and views are serving untrusted content, and the distinction between download and view is context-dependent (for example, an `<img>` tag always displays its referent regardless of `Content-Disposition`).

Sign in to join this conversation.