[tahoe-lafs-trac-stream] [tahoe-lafs] #1798: Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages
tahoe-lafs
trac at tahoe-lafs.org
Mon Dec 2 15:26:04 UTC 2013
#1798: Segregate gateway HTTP ports: one for raw bytes and one for generated WUI
pages
----------------------------+----------------------------------------------
Reporter: davidsarah | Owner:
Type: defect | Status: new
Priority: major | Milestone: soon
Component: code- | Version: 1.9.2
frontend-web | Keywords: wui same-origin security capleak
Resolution: |
Launchpad Bug: |
----------------------------+----------------------------------------------
Old description:
> This is a complementary approach to #1797 and #827 for solving the same-
> origin security problems described in #615.
>
> Note that it has no security benefit on Internet Explorer because IE
> treats all ports on a host as being in the same origin. It does have
> benefit on other browsers.
New description:
This is a complementary approach to #1797 and #827 for solving the same-
origin security problems described in #615.
Note that it has no security benefit on Internet Explorer because IE
treats all ports on a host as being in the same origin. It does have
benefit on other browsers.
--
Comment (by freddyb):
I'd like to take this and separate the ports used for WUI pages and
downloads.
I think I've read some parts of the affected code but would need some help
on one part or another.
I could also try take a stab at the other referenced tickets, though I
find this approach the most desirable, as browsers itself (regardless of
vendor and version) enforce a strict separation between origins.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1798#comment:2>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list