[tahoe-lafs-trac-stream] [tahoe-lafs] #1798: Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages
tahoe-lafs
trac at tahoe-lafs.org
Sun Dec 15 15:18:32 UTC 2013
#1798: Segregate gateway HTTP ports: one for raw bytes and one for generated WUI
pages
----------------------------+----------------------------------------------
Reporter: davidsarah | Owner: freddyb
Type: defect | Status: new
Priority: major | Milestone: soon
Component: code- | Version: 1.9.2
frontend-web | Keywords: wui same-origin security capleak
Resolution: |
Launchpad Bug: |
----------------------------+----------------------------------------------
Comment (by daira):
Zooko, I don't see any security motivation for doing that. Both downloads
and views are serving untrusted content, and the distinction between
download and view is context-dependent (for example, an `<img>` tag always
displays its referent regardless of `Content-Disposition`).
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1798#comment:5>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list