mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-19 12:00:55 +01:00
No description
a9f2c07345
Summary: Ref T5685. Currently we just 403 on an invalid token, but we can be a little more helpful. The issues here are: - If we **do** redirect you on this page and something goes wrong, you might get stuck in a redirect loop. - If we **don't** redirect you, copy/pasting the link to someone (or reloading the page) gives them a pretty confusing result, since the link doesn't work any more. Prior to this diff, they get a 403. To mitigate this, do a little better than a bare 403: give them a link to auth and generate a new URI for the file. If this is still confusing, the next best thing I can come up with is something like this: - Put some modulous of the timestamp in the URI. - If the current time is within 2 seconds of the generation time, show this dialog. - Otherwise, redirect. That seems like it would be okay, but I worry that "2" has to be small (so links you copy/paste -> chat -> click still work) and a small value means that a small amount of clock skew breaks things. We could use the database clock, but ehhh. Other ideas: - Put a hash of the remote IP in the URI, redirect if it doesn't match. Fails for companies behind a NAT gateway but should work in a lot of other cases. - Just redirect always, there's no reason it should ever loop and browsers don't really do anything bad when there's a loop (they'll show an error after too many redirects). I'm leaning toward letting this stabilize in the wild for a bit, then trying "always redirect". Test Plan: {F188914} Reviewers: btrahan, 20after4 Reviewed By: 20after4 Subscribers: epriestley Maniphest Tasks: T5685 Differential Revision: https://secure.phabricator.com/D10215 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support | ||
| webroot | ||
| .arcconfig | ||
| .arclint | ||
| .editorconfig | ||
| .gitignore | ||
| LICENSE | ||
| NOTICE | ||
| README | ||
Phabricator is an open source collection of web applications which help software companies build better software. Phabricator includes applications for: - reviewing and auditing source code; - hosting and browsing repositories; - assembling a party to venture forth; - tracking bugs; - hiding stuff from coworkers; and - also some other things. You can learn more about the project (and find links to documentation and resources) [[http://phabricator.org/ | here]]. Phabricator is developed and maintained by [[http://phacility.com/ | Phacility]]. The first version of Phabricator was originally built at Facebook. = LICENSE = Phabricator is released under the Apache 2.0 license except as otherwise noted.