beenull/linx-server

Author	SHA1	Message	Date
mutantmonkey	47670af185	Infer site URL from host and headers We can use the Host property of the request and the X-Forwarded-Proto to infer the site URL. To reduce complexity, the path is not inferred, and it is assumed that linx-server is running at /. If this is not the case, the site URL must be manually configured; this is no different than it was before.	2016-06-04 18:34:22 -07:00
andreimarcu	afa65349cc	Fix typos in API template	2016-06-04 00:36:51 -07:00
Andrei Marcu	14ba403145	Merge pull request #81 from mutantmonkey/addheaders Add ability to set arbitrary headers	2016-06-03 22:59:29 -07:00
mutantmonkey	39bb999db6	Add ability to set arbitrary headers This is useful if you want to add headers for things like HTTP Strict Transport Security or HTTP Public Key Pinning.	2016-06-03 22:49:01 -07:00
Andrei Marcu	1f3bc4bfea	Merge branch 'mutantmonkey-better_extension_handling'	2016-02-15 14:44:43 -08:00
mutantmonkey	b0d2f2a142	support .tar.gz-style extensions Some extensions actually consist of multiple parts, like .tar.gz, so we should handle this properly instead of merging part of the extension with the bare name. Right now only tar is allowed, but others can be added easily. Fixes #74.	2016-02-12 21:27:39 -08:00
Andrei Marcu	bc66bcc069	Merge pull request #73 from mutantmonkey/workaround_chrome_nonsense workaround chrome nonsense with CSP	2015-12-04 22:34:36 -05:00
mutantmonkey	817ac67632	workaround chrome nonsense with CSP Apparently the Chromium developers have decided that it was a good idea for them to use inline styles on the image/PDF viewers in their browser. I have no idea why they would think this, as it is not, but since this causes breakage we allow unsafe-inline for styles on files.	2015-12-04 19:28:30 -08:00
andreimarcu	5dcfca5f74	Order matters no. 2	2015-12-04 00:19:33 -05:00
andreimarcu	7c1a4640db	Order matters!	2015-12-02 14:58:48 -05:00
andreimarcu	88c00027ea	Add line numbers for pastebin. Fixes #70	2015-11-12 11:17:53 -05:00
andreimarcu	10d30df81f	Fix out of bounds error	2015-11-12 01:04:05 -05:00
andreimarcu	9cf55ac687	Redirect hotlink instead of 403. Fixes #69	2015-11-12 00:56:22 -05:00
andreimarcu	e6d79eb5cf	Temporary fix for text detection	2015-10-30 23:13:43 -04:00
andreimarcu	4856ab0750	Allow for non-/ deployments. Fixes #61	2015-10-30 18:36:47 -04:00
andreimarcu	07aaad2cd8	Match more text mimetypes	2015-10-28 15:55:56 -04:00
andreimarcu	294e8d8be2	Better text detection	2015-10-28 15:21:54 -04:00
andreimarcu	9b1df43ef2	Trim "-" in filenames	2015-10-28 14:31:51 -04:00
andreimarcu	0b37309237	Allow configuration from ini-style file	2015-10-25 14:04:38 -04:00
andreimarcu	c53c909165	Remove unnecessary margin on pastebins	2015-10-21 21:41:27 -04:00
andreimarcu	be08b7f0fd	Remove "sandbox" from files CSP to have pdfs work in chrome	2015-10-21 18:20:14 -04:00
andreimarcu	ba9fcd3a7b	Document allowing hotlinking	2015-10-18 11:08:47 -04:00
andreimarcu	c8fc62398a	Enable randomize in remote uploads	2015-10-18 11:07:39 -04:00
andreimarcu	20456b0b3c	Updarte README.md	2015-10-15 20:16:02 -04:00
andreimarcu	39ae89107c	Update README.md	2015-10-15 19:51:52 -04:00
andreimarcu	7df3b1328e	Update README.md	2015-10-15 19:33:38 -04:00
andreimarcu	50a54bbcfc	Add linx-client in API documentation	2015-10-15 17:26:35 -04:00
andreimarcu	0d365409d0	Allow /upload/ for PUT requests without filename	2015-10-15 16:02:46 -04:00
andreimarcu	120909ce46	Template file was missing	2015-10-15 12:26:43 -04:00
andreimarcu	c77f8285d4	Fix/implement .story	2015-10-15 12:24:23 -04:00
andreimarcu	9847beeff5	Cleanup	2015-10-14 22:47:36 -04:00
andreimarcu	3c659601e2	Make it an option for post uploads	2015-10-14 20:40:25 -04:00
andreimarcu	9b724725b3	Blank referrers are allowed	2015-10-14 20:35:43 -04:00
andreimarcu	256ca43d69	Update API documentation with API keys	2015-10-14 16:47:13 -04:00
andreimarcu	b1e82f8d7f	Update build.sh to build linx-genkey	2015-10-14 16:31:52 -04:00
andreimarcu	68653372ff	Rename auth header to Linx-Api-Key and remove b64encoding requirement for uploading with keys	2015-10-14 16:18:29 -04:00
andreimarcu	6987edc0d8	Remove non-API navigation links when using auth	2015-10-14 15:20:41 -04:00
andreimarcu	be15ba076d	Removed unnecessary duplicate static caching	2015-10-14 14:58:27 -04:00
Andrei Marcu	e1b2896c64	Merge pull request #60 from mutantmonkey/proper_referrer_check do a proper same-origin check	2015-10-13 23:04:39 -04:00
mutantmonkey	d138755806	do a proper same-origin check String prefix matching is hacky and provides insufficient checking if it does not end with a /.	2015-10-13 19:55:32 -07:00
Andrei Marcu	ff1d9f56a1	Merge pull request #59 from mutantmonkey/csp_referrer_fix fix CSP referrer policy	2015-10-12 10:01:50 -04:00
mutantmonkey	a3723d3665	short-circuit on origin header If the Origin header is present, we can check it and skip the other checks.	2015-10-12 01:23:06 -07:00
mutantmonkey	0a1aa869e4	nicer 400 error page	2015-10-12 01:03:02 -07:00
mutantmonkey	a7ae455ac1	strict referrer check improvements * Always check Origin if it is present, regardless of headers sent * Whitelist X-Requested-With header	2015-10-12 00:28:04 -07:00
mutantmonkey	61147554a9	update CSP flags in readme	2015-10-12 00:02:22 -07:00
mutantmonkey	cd83f9f0eb	fix CSP referrer policy The policy of "referrer none" was incorrect and was nonfunctional. With this change, the CSP referrer policy is set to origin, which will causes only the origin to be sent for requests made from the main site. A fix was also needed for referrer checks in two places.	2015-10-11 23:49:15 -07:00
Andrei Marcu	4fee922543	Merge pull request #58 from mutantmonkey/referrer_fixup2 trim trailing / for origin checking	2015-10-11 23:07:45 -04:00
mutantmonkey	39d874374d	trim trailing / for origin checking	2015-10-11 20:06:14 -07:00
Andrei Marcu	60239467fd	Merge pull request #56 from mutantmonkey/auth Add support for auth keys (and remote auth keys)	2015-10-11 22:44:30 -04:00
mutantmonkey	613ab24721	show usage for -authfile and -remoteauthfile	2015-10-11 19:38:04 -07:00

1 2 3 4 5

210 commits