1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 12:00:55 +01:00
phorge-phorge/conf
epriestley 68c30e1a71 Provide a setting which forces all file views to be served from an alternate
domain

Summary:
See D758, D759.

  - Provide a strongly recommended setting which permits configuration of an
alternate domain.
  - Lock cookies down better: set them on the exact domain, and use SSL-only if
the configuration is HTTPS.
  - Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:
  - Attempted to login from a different domain and was rejected.
  - Logged out, logged back in normally.
  - Put install in setup mode and verified it revealed a warning.
  - Configured an alterate domain.
  - Tried to view an image with an old URI, got a 400.
  - Went to /files/ and verified links rendered to the alternate domain.
  - Viewed an alternate domain file.
  - Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760
2011-08-16 13:21:46 -07:00
..
__init_conf__.php Improve error messages for PHABRICATOR_ENV 2011-05-31 19:18:36 -07:00
default.conf.php Provide a setting which forces all file views to be served from an alternate 2011-08-16 13:21:46 -07:00
development.conf.php Fix some minor Celerity / ShapedRequest bugs: 2011-05-11 03:43:40 -07:00
production.conf.php Add a "setup" mode which guides new users through application configuration 2011-05-10 15:12:30 -07:00