1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 07:42:40 +01:00
phorge-phorge/src/applications/auth/controller
epriestley ab579f2511 Never generate file download forms which point to the CDN domain, tighten "form-action" CSP
Summary:
Depends on D19155. Ref T13094. Ref T4340.

We can't currently implement a strict `form-action 'self'` content security policy because some file downloads rely on a `<form />` which sometimes POSTs to the CDN domain.

Broadly, stop generating these forms. We just redirect instead, and show an interstitial confirm dialog if no CDN domain is configured. This makes the UX for installs with no CDN domain a little worse and the UX for everyone else better.

Then, implement the stricter Content-Security-Policy.

This also removes extra confirm dialogs for downloading Harbormaster build logs and data exports.

Test Plan:
  - Went through the plain data export, data export with bulk jobs, ssh key generation, calendar ICS download, Diffusion data, Paste data, Harbormaster log data, and normal file data download workflows with a CDN domain.
  - Went through all those workflows again without a CDN domain.
  - Grepped for affected symbols (`getCDNURI()`, `getDownloadURI()`).
  - Added an evil form to a page, tried to submit it, was rejected.
  - Went through the ReCaptcha and Stripe flows again to see if they're submitting any forms.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13094, T4340

Differential Revision: https://secure.phabricator.com/D19156
2018-02-28 17:20:12 -08:00
..
config Make "simple" a "button type", not a "color" 2017-05-30 17:59:37 -07:00
PhabricatorAuthConfirmLinkController.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorAuthController.php Fix spelling 2017-10-09 10:48:04 -07:00
PhabricatorAuthDowngradeSessionController.php Update Auth for handleRequest 2015-08-01 16:49:27 -07:00
PhabricatorAuthFinishController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorAuthInviteController.php Support invites in the registration and login flow 2015-02-11 06:06:28 -08:00
PhabricatorAuthLinkController.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorAuthLoginController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorAuthNeedsApprovalController.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorAuthNeedsMultiFactorController.php Allow MFA enrollment before email verification 2017-11-28 10:01:09 -08:00
PhabricatorAuthOldOAuthRedirectController.php Update Auth for handleRequest 2015-08-01 16:49:27 -07:00
PhabricatorAuthOneTimeLoginController.php Separate "Set/Reset Password" from "Change Password" 2017-12-26 08:34:14 -08:00
PhabricatorAuthRegisterController.php Move account passwords to shared infrastructure 2018-01-23 13:43:07 -08:00
PhabricatorAuthRevokeTokenController.php Clean up redirect URIs for "Temporary Tokens" and "API Tokens" settings panels 2016-06-28 14:51:04 -07:00
PhabricatorAuthSetPasswordController.php Move account passwords to shared infrastructure 2018-01-23 13:43:07 -08:00
PhabricatorAuthSSHKeyController.php Add ViewController and SearchEngine for SSH Public Keys 2016-05-19 09:48:46 -07:00
PhabricatorAuthSSHKeyEditController.php Redirect users back to where they added an SSH Key 2017-08-21 14:02:27 -07:00
PhabricatorAuthSSHKeyGenerateController.php Never generate file download forms which point to the CDN domain, tighten "form-action" CSP 2018-02-28 17:20:12 -08:00
PhabricatorAuthSSHKeyListController.php Add ViewController and SearchEngine for SSH Public Keys 2016-05-19 09:48:46 -07:00
PhabricatorAuthSSHKeyRevokeController.php Add a bin/auth revoke revoker for SSH keys 2018-01-22 15:35:07 -08:00
PhabricatorAuthSSHKeyViewController.php Add a bin/auth revoke revoker for SSH keys 2018-01-22 15:35:07 -08:00
PhabricatorAuthStartController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorAuthTerminateSessionController.php Rename "PhabricatorHash::digest()" to "weakDigest()" 2017-04-06 15:43:33 -07:00
PhabricatorAuthUnlinkController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorAuthValidateController.php Update Auth for handleRequest 2015-08-01 16:49:27 -07:00
PhabricatorDisabledUserController.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorEmailLoginController.php More completely explain why we're refusing to send reset mail to an unverified address 2017-09-20 10:46:22 -07:00
PhabricatorEmailVerificationController.php Update Auth for new UI 2016-03-31 13:51:12 -07:00
PhabricatorLogoutController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorMustVerifyEmailController.php Use Log In vs. Login when it's a verb 2017-08-02 12:26:47 -07:00
PhabricatorRefreshCSRFController.php Update Auth for handleRequest 2015-08-01 16:49:27 -07:00