1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00
No description
Find a file
epriestley 68c30e1a71 Provide a setting which forces all file views to be served from an alternate
domain

Summary:
See D758, D759.

  - Provide a strongly recommended setting which permits configuration of an
alternate domain.
  - Lock cookies down better: set them on the exact domain, and use SSL-only if
the configuration is HTTPS.
  - Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:
  - Attempted to login from a different domain and was rejected.
  - Logged out, logged back in normally.
  - Put install in setup mode and verified it revealed a warning.
  - Configured an alterate domain.
  - Tried to view an image with an old URI, got a 400.
  - Went to /files/ and verified links rendered to the alternate domain.
  - Viewed an alternate domain file.
  - Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760
2011-08-16 13:21:46 -07:00
bin Improve CLI script for account creation and document account/reg setup process 2011-05-12 18:44:53 -07:00
conf Provide a setting which forces all file views to be served from an alternate 2011-08-16 13:21:46 -07:00
externals Use exceptions for S3 error messages 2011-08-04 14:17:13 -07:00
resources Add basic auxiliary field storage for Differential 2011-08-14 10:04:21 -07:00
scripts Fix typo in Celerity mapper 2011-08-03 23:25:40 -07:00
src Provide a setting which forces all file views to be served from an alternate 2011-08-16 13:21:46 -07:00
support/aphlict Aphlict, simple notification server 2011-05-17 10:32:41 -07:00
webroot Prevent CSRF uploads via /file/dropupload/ 2011-08-16 13:19:10 -07:00
.arcconfig Bring Javelin into Phabricator via git submodule, not copy-and-paste 2011-05-08 13:20:10 -07:00
.divinerconfig Allow Phabricator storage engines to be extended and configured 2011-07-21 16:44:24 -07:00
.gitignore Key Value Store for ManiphestTask 2011-07-25 19:11:55 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
CHANGELOG Allow Phabricator storage engines to be extended and configured 2011-07-21 16:44:24 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0