Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
Previously the Origin header was only checked if you specified an origin
with --origin on startup and when you didn't we just printed a warning
that this might make you vulnerable to CSRF attacks.
I implemented it this way since I wanted GitPad to be runnable without
any command-line options, but such warnings are of course suboptimal
for security since they can simply be ignored.
This commit changes this behavior so that the Origin header is always
checked for POST requests. If you just run "gitpad" the enforced origin
defaults to http://127.0.0.1:<port>. Additionally this commit also
enforces an exact Host header (extracted from the Origin) to prevent DNS
rebinding attacks.
|
|
|
|
|
|
|
|
|
|
|
|
Embedding remote files can leak info via the Referer header.
Also changes child-src to frame-src since it has a higher precedence.
(https://www.w3.org/TR/CSP3/#changes-from-level-2)
|
|
Previously the Page struct contained references to the Controller and
the http::request::Parts, so that page.render() could call
controller.user_info_html(parts). This commit removes these references
from the Page struct, so that it can implement Default in the future.
The Context struct needs to be moved around since it contains
git2::Repository, which isn't Send. Previously the Context struct also
contained the http::request::Parts, so they were moved along.
This commit extracts Parts out of the Context struct, so that our
service function can access Parts after invoking our build_request
method, allowing us to easily log request details for errors in the
future.
|
|
In multi-user mode if Alice attempts to access /~bob/ she would get an
Unauthorized error since branches are private. To improve the UX we
instead already showed Alice a list of which files Bob has shared with
her. Previously this was achieved with an before_return_error hook
in the Controller trait.
While this worked fine, it wasn't elegant, since it required passing
the Context struct in all Unauthorized errors, so that the
before_return_error hook could access the context.
This commit refactors the code to intercept requests to paths like
/~bob/ before the regular request handling instead of afterwards.
While this could have been implemented in the before_route hook, this
would have required either invoking parse_url_path a second time or
passing the Result of parse_url_path, both of which would be akward.
Therefore this commit also merges before_route into parse_url_path.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|