| #615 |
Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
|
assigned
|
davidsarah
|
defect
|
critical
|
soon
|
| #891 |
web gateway memory grows without bound under load
|
new
|
warner
|
defect
|
critical
|
soon
|
| #127 |
Cap URLs leaked via HTTP Referer header
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #203 |
add deep-copy function to web API
|
new
|
|
enhancement
|
major
|
eventually
|
| #277 |
make the wui show the underlying LAFS model -- one WUI page per link in LAFS
|
new
|
zooko
|
enhancement
|
major
|
eventually
|
| #318 |
wapi: test that we return 200 or 201 as appropriate
|
new
|
|
defect
|
major
|
soon
|
| #324 |
use POST for operations whose noun doesn't denote the same resource that a GET would denote, or that have side effects
|
new
|
|
defect
|
major
|
soon
|
| #366 |
address Nathan Wilcox's concerns about "Tahoe and the browser security model"
|
assigned
|
blaisep
|
defect
|
major
|
eventually
|
| #413 |
mutable files: expose version info to HTTP clients
|
new
|
|
enhancement
|
major
|
eventually
|
| #462 |
PUT should elicit 100 Continue
|
new
|
|
defect
|
major
|
soon
|
| #471 |
servermap update chart doesn't fit
|
new
|
|
defect
|
major
|
eventually
|
| #529 |
Implement Halt and Catch Fire
|
new
|
|
defect
|
major
|
undecided
|
| #554 |
some directory targets in wapi/wui require trailing slashes
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #567 |
add version info to t=JSON output data
|
assigned
|
rvs
|
enhancement
|
major
|
soon
|
| #568 |
make immutable check/verify/repair and mutable check/verify work given only a verify cap
|
new
|
daira
|
defect
|
major
|
soon
|
| #587 |
Web nodes provide ambient upload authority
|
new
|
daira
|
defect
|
major
|
soon
|
| #589 |
JSON link does not work if there is a '#' character in the file name.
|
new
|
|
defect
|
major
|
eventually
|
| #622 |
add a 'repair' button on the webapi checker results page
|
assigned
|
Lcstyle
|
enhancement
|
major
|
soon
|
| #631 |
trailing spaces in filenames break the WUI rename function
|
new
|
|
defect
|
major
|
soon
|
| #674 |
controlled access to your WUI
|
new
|
nobody
|
enhancement
|
major
|
soon
|
| #679 |
/storage emitting exception - lease reporting code
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
| #686 |
Search for lost share resulted in a directory popping up at unexpected place
|
assigned
|
daira
|
defect
|
major
|
soon
|
| #766 |
repair results Summary field says "Unhealthy" even though it is healthy after the repair, if it was unhealthy before
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #770 |
webapi: listen on multiple interfaces/ports
|
new
|
|
enhancement
|
major
|
eventually
|
| #784 |
explain what the "Report an incident" button does
|
new
|
|
enhancement
|
major
|
undecided
|
| #821 |
A script in a file viewed through the WUI can obtain the file's read cap
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #822 |
Web API should use a more reliable, out-of-band means of reporting errors (such as a server connection being lost) during a download
|
new
|
|
defect
|
major
|
soon
|
| #823 |
WUI server should have a disallow-all robots.txt
|
new
|
|
defect
|
major
|
undecided
|
| #825 |
Cannot use WUI to upload a file with a name different to its name in the local filesystem
|
new
|
|
enhancement
|
major
|
undecided
|
| #826 |
Rename action in WUI has no confirmation for clobbering another entry
|
new
|
|
defect
|
major
|
soon
|
| #827 |
Put file download links ('?save=true') in WUI directory listings
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #857 |
Make operation-handle-querying use only a little memory
|
new
|
nobody
|
defect
|
major
|
undecided
|
| #884 |
give nice error page when URL is mangled or from the future
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #885 |
Ignore space or %20 in webapi URLs
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #906 |
ETag support for mutable files and directories
|
new
|
|
defect
|
major
|
undecided
|
| #922 |
The URL of the info page for an unknown dirnode should not grant authority to the containing directory
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #951 |
uploads aren't cancelled by closing the web page
|
assigned
|
zooko
|
defect
|
major
|
undecided
|
| #971 |
"Humanized failures" should still have a traceback, hidden by default
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
| #975 |
results of deep-size should include mutable files
|
new
|
|
defect
|
major
|
soon
|
| #979 |
AssertionError on DELETE when child links point to yourself
|
new
|
|
defect
|
major
|
soon
|
| #995 |
It's way too easy to give away write directory caps
|
new
|
nobody
|
defect
|
major
|
undecided
|
| #997 |
The webapi/WUI should have https enabled by default
|
new
|
nobody
|
defect
|
major
|
undecided
|
| #1000 |
add 'Tahoe Explorer' (JavaScript-based UI) to Tahoe
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
| #1008 |
Unhandled error conditions disclose detailed information
|
new
|
|
defect
|
major
|
eventually
|
| #1029 |
download a subtree as an archive
|
new
|
|
enhancement
|
major
|
undecided
|
| #1047 |
Upload failures should report useful HTTP status lines
|
new
|
nobody
|
enhancement
|
major
|
undecided
|
| #1048 |
Expected exceptions should not include tracebacks
|
new
|
|
enhancement
|
major
|
undecided
|
| #1132 |
browser protocol handler or plugin for Tahoe URIs
|
new
|
|
enhancement
|
major
|
undecided
|
| #1136 |
don't run a web-API frontend if you don't need one
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
| #1141 |
Cannot Delete Or Rename Files/Directories With Wacky Names
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #1142 |
Unlikely XSS Potential in File Names in WUI
|
new
|
nobody
|
defect
|
major
|
undecided
|
| #1144 |
Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump
|
new
|
nobody
|
defect
|
major
|
undecided
|
| #1173 |
cancelled downloads are marked incorrectly on the Recent Uploads/Downloads page
|
assigned
|
zooko
|
defect
|
major
|
soon
|
| #1176 |
webapi should avoid using plaintext temporary file for uploads
|
new
|
|
defect
|
major
|
soon
|
| #1198 |
Bogus tub location causes introducer error
|
new
|
|
defect
|
major
|
soon
|
| #1211 |
client should be able to test share placement
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
| #1215 |
add CORS support
|
new
|
|
enhancement
|
major
|
undecided
|
| #1221 |
operation stats are not sufficient to understand what's wrong
|
new
|
|
defect
|
major
|
undecided
|
| #1234 |
UnrecoverableFileError message should say which file it refers to
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #1265 |
New Visualizer is insufficiently labelled/documented (plus layout problem)
|
assigned
|
zooko
|
defect
|
major
|
soon
|
| #1369 |
allow static HTML files to be transcluded into WUI Welcome and directory listing pages
|
new
|
|
defect
|
major
|
undecided
|
| #1434 |
DYHB requests misrendered in download visualization
|
new
|
warner
|
defect
|
major
|
soon
|
| #1436 |
web interface using wrong address / port number when doing ssh port forwarding
|
new
|
|
defect
|
major
|
soon
|
| #1462 |
add legend to Recent Uploads and Downloads page, explain LIT
|
new
|
T_X
|
defect
|
major
|
soon
|
| #1485 |
web-API: POSTs and GETs should be to distinct URLs
|
assigned
|
davidsarah
|
defect
|
major
|
eventually
|
| #1499 |
when you create a mutable file in the WUI you should get a nice user interface page back
|
new
|
|
enhancement
|
major
|
soon
|
| #1502 |
WUI: make type field more regular, and show SDMF vs MDMF
|
new
|
|
defect
|
major
|
soon
|
| #1550 |
new/alternate download visualizer
|
new
|
drewp
|
enhancement
|
major
|
undecided
|
| #1551 |
WUI: the Upload results page should have both view and download links
|
new
|
|
defect
|
major
|
eventually
|
| #1588 |
I want to trigger backups through the WUI.
|
new
|
|
enhancement
|
major
|
eventually
|
| #1639 |
'Return to file/directory' link from file check results gives an error
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
| #1649 |
WUI: the error message page for a writeable file/directory nonobviously includes the write cap
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
| #1664 |
webapi fails to handle all TCP disconnects: "Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this."
|
new
|
nobody
|
defect
|
major
|
soon
|
| #1665 |
Brainstorm webapi vulnerabilities between the operator and a user and between users.
|
new
|
|
task
|
major
|
undecided
|
| #1797 |
WUI: view content in an HTML5 sandboxed iframe
|
new
|
|
defect
|
major
|
soon
|
| #1798 |
Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages
|
new
|
freddyb
|
defect
|
major
|
soon
|
| #1859 |
Proof-of-concept attack: Upload and execute attacker controlled js from any domain.
|
new
|
davidsarah
|
defect
|
major
|
undecided
|
| #1904 |
filenames leak into log files from rename (and other web-API operations that take filenames)
|
new
|
|
defect
|
major
|
undecided
|
| #2125 |
don't cache failures!
|
new
|
|
defect
|
major
|
undecided
|
| #2385 |
node web server should use DHE/ECDHE suites automatically
|
new
|
j3i
|
enhancement
|
major
|
undecided
|
| #3852 |
500 error from JSON welcome page
|
new
|
|
defect
|
major
|
undecided
|
| #3929 |
Error reading directory: 'coroutine' object has no attribute 'addCallback'
|
new
|
|
defect
|
major
|
undecided
|
| #451 |
webdav frontend
|
new
|
|
enhancement
|
normal
|
undecided
|
| #824 |
WUI pages lack correct XHTML 1.0 Transitional declarations
|
assigned
|
daira
|
defect
|
normal
|
soon
|
| #1171 |
add regression test for shnums: "e,r,r,o,r"
|
reopened
|
warner
|
defect
|
normal
|
soon
|
| #1203 |
/storage is insufficiently verbose when no crawl running
|
new
|
nobody
|
defect
|
normal
|
eventually
|
| #1375 |
the performance stats for each upload or download are undiscoverable
|
new
|
tarcieri
|
defect
|
normal
|
undecided
|
| #1386 |
KeyError: 'file' if the local file is removed after selection and before Submit
|
new
|
daira
|
defect
|
normal
|
soon
|
| #1492 |
introducer status page is ugly
|
new
|
|
defect
|
normal
|
soon
|
| #1541 |
Add ?t=xml parameter for getting file statistics
|
new
|
bibilthaysose
|
enhancement
|
normal
|
undecided
|
| #1645 |
UnrecoverableFileError HTML message should include a link to check the file
|
new
|
|
enhancement
|
normal
|
soon
|
| #1666 |
test that an upload with no Content-Length (and not chunked) gives HTTP 411 Length Required
|
new
|
|
defect
|
normal
|
soon
|
| #1706 |
The "Report!" button in the "Report an Incident" form field redirects to a misleading/incomplete message
|
new
|
zancas
|
defect
|
normal
|
undecided
|
| #1709 |
order nodes by nickname instead of peerid on the welcome page
|
new
|
|
enhancement
|
normal
|
undecided
|
| #1726 |
new visualizer needs labels with units
|
new
|
warner
|
defect
|
normal
|
soon
|
| #1727 |
New Visualizer has layout bug where serverids and other things scribble over each other
|
new
|
warner
|
defect
|
normal
|
soon
|
| #1728 |
add link to docs/frontends/download-status.rst from the download status page
|
assigned
|
Lcstyle
|
enhancement
|
normal
|
soon
|
| #1764 |
tahoe webapi gives HTTP 410 Gone for files that may actually come back
|
new
|
ChosenOne
|
defect
|
normal
|
soon
|
| #1799 |
Document how to distinguish exceptions from JSON, or encode exceptions as JSON
|
new
|
|
defect
|
normal
|
undecided
|
| #1809 |
WUI: upload to directory fails due to no file name
|
new
|
|
defect
|
normal
|
undecided
|
