[tahoe-lafs-trac-stream] [tahoe-lafs] #1861: redirects in tahoe should not point to other origins
tahoe-lafs
trac at tahoe-lafs.org
Sun Sep 15 02:56:01 UTC 2013
#1861: redirects in tahoe should not point to other origins
--------------------------+------------------------------------------------
Reporter: | Owner: ChosenOne
ChosenOne | Status: new
Type: | Milestone: undecided
enhancement | Version: 1.9.2
Priority: normal | Keywords: webapi same-origin redirect websec
Component: code- |
frontend-web |
Resolution: |
Launchpad Bug: |
--------------------------+------------------------------------------------
Comment (by daira):
If I understand correctly, the concern is with a kind of bounce attack.
However bounce URLs are commonplace on the web, so I'm also not sure how
much of a real attack this is.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1861#comment:6>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list