id,summary,status,owner,type,priority,milestone 615,Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?,assigned,davidsarah,defect,critical,soon 891,web gateway memory grows without bound under load,new,warner,defect,critical,soon 127,Cap URLs leaked via HTTP Referer header,assigned,davidsarah,defect,major,soon 203,add deep-copy function to web API,new,,enhancement,major,eventually 277,make the wui show the underlying LAFS model -- one WUI page per link in LAFS,new,zooko,enhancement,major,eventually 318,wapi: test that we return 200 or 201 as appropriate,new,,defect,major,soon 324,"use POST for operations whose noun doesn't denote the same resource that a GET would denote, or that have side effects",new,,defect,major,soon 366,"address Nathan Wilcox's concerns about ""Tahoe and the browser security model""",new,nejucomo,defect,major,eventually 413,mutable files: expose version info to HTTP clients,new,,enhancement,major,eventually 462,PUT should elicit 100 Continue,new,,defect,major,soon 471,servermap update chart doesn't fit,new,,defect,major,eventually 529,Implement Halt and Catch Fire,new,,defect,major,undecided 554,some directory targets in wapi/wui require trailing slashes,assigned,davidsarah,defect,major,soon 567,add version info to t=JSON output data,assigned,rvs,enhancement,major,soon 568,make immutable check/verify/repair and mutable check/verify work given only a verify cap,new,daira,defect,major,soon 587,Web nodes provide ambient upload authority,new,daira,defect,major,soon 589,JSON link does not work if there is a '#' character in the file name.,new,,defect,major,eventually 622,add a 'repair' button on the webapi checker results page,assigned,Lcstyle,enhancement,major,soon 631,trailing spaces in filenames break the WUI rename function,new,,defect,major,soon 674,controlled access to your WUI,new,nobody,enhancement,major,soon 679,/storage emitting exception - lease reporting code,assigned,davidsarah,defect,major,undecided 686,Search for lost share resulted in a directory popping up at unexpected place,assigned,daira,defect,major,soon 766,"repair results Summary field says ""Unhealthy"" even though it is healthy after the repair, if it was unhealthy before",assigned,davidsarah,defect,major,soon 770,webapi: listen on multiple interfaces/ports,new,,enhancement,major,eventually 784,"explain what the ""Report an incident"" button does",new,,enhancement,major,undecided 821,A script in a file viewed through the WUI can obtain the file's read cap,assigned,davidsarah,defect,major,soon 822,"Web API should use a more reliable, out-of-band means of reporting errors (such as a server connection being lost) during a download",new,,defect,major,soon 823,WUI server should have a disallow-all robots.txt,new,,defect,major,undecided 825,Cannot use WUI to upload a file with a name different to its name in the local filesystem,new,,enhancement,major,undecided 826,Rename action in WUI has no confirmation for clobbering another entry,new,,defect,major,soon 827,Put file download links ('?save=true') in WUI directory listings,assigned,davidsarah,defect,major,soon 857,Make operation-handle-querying use only a little memory,new,nobody,defect,major,undecided 884,give nice error page when URL is mangled or from the future,assigned,davidsarah,defect,major,soon 885,Ignore space or %20 in webapi URLs,assigned,davidsarah,defect,major,soon 906,ETag support for mutable files and directories,new,,defect,major,undecided 922,The URL of the info page for an unknown dirnode should not grant authority to the containing directory,assigned,davidsarah,defect,major,soon 951,uploads aren't cancelled by closing the web page,assigned,zooko,defect,major,undecided 971,"""Humanized failures"" should still have a traceback, hidden by default",assigned,davidsarah,enhancement,major,soon 975,results of deep-size should include mutable files,new,,defect,major,soon 979,AssertionError on DELETE when child links point to yourself,new,,defect,major,soon 995,It's way too easy to give away write directory caps,new,nobody,defect,major,undecided 997,The webapi/WUI should have https enabled by default,new,nobody,defect,major,undecided 1000,add 'Tahoe Explorer' (JavaScript-based UI) to Tahoe,assigned,davidsarah,enhancement,major,soon 1008,Unhandled error conditions disclose detailed information,new,,defect,major,eventually 1029,download a subtree as an archive,new,,enhancement,major,undecided 1047,Upload failures should report useful HTTP status lines,new,nobody,enhancement,major,undecided 1048,Expected exceptions should not include tracebacks,new,,enhancement,major,undecided 1132,browser protocol handler or plugin for Tahoe URIs,new,,enhancement,major,undecided 1136,don't run a web-API frontend if you don't need one,new,somebody,enhancement,major,eventually 1141,Cannot Delete Or Rename Files/Directories With Wacky Names,assigned,davidsarah,defect,major,soon 1142,Unlikely XSS Potential in File Names in WUI,new,nobody,defect,major,undecided 1144,Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump,new,nobody,defect,major,undecided 1173,cancelled downloads are marked incorrectly on the Recent Uploads/Downloads page,assigned,zooko,defect,major,soon 1176,webapi should avoid using plaintext temporary file for uploads,new,,defect,major,soon 1198,Bogus tub location causes introducer error,new,,defect,major,soon 1211,client should be able to test share placement,new,somebody,enhancement,major,eventually 1215,add CORS support,new,,enhancement,major,undecided 1221,operation stats are not sufficient to understand what's wrong,new,,defect,major,undecided 1234,UnrecoverableFileError message should say which file it refers to,assigned,davidsarah,defect,major,soon 1265,New Visualizer is insufficiently labelled/documented (plus layout problem),assigned,zooko,defect,major,soon 1369,allow static HTML files to be transcluded into WUI Welcome and directory listing pages,new,,defect,major,undecided 1434,DYHB requests misrendered in download visualization,new,warner,defect,major,soon 1436,web interface using wrong address / port number when doing ssh port forwarding,new,,defect,major,soon 1462,"add legend to Recent Uploads and Downloads page, explain LIT",new,T_X,defect,major,soon 1485,web-API: POSTs and GETs should be to distinct URLs,assigned,davidsarah,defect,major,eventually 1499,when you create a mutable file in the WUI you should get a nice user interface page back,new,,enhancement,major,soon 1502,"WUI: make type field more regular, and show SDMF vs MDMF",new,,defect,major,soon 1550,new/alternate download visualizer,new,drewp,enhancement,major,undecided 1551,WUI: the Upload results page should have both view and download links,new,,defect,major,eventually 1588,I want to trigger backups through the WUI.,new,,enhancement,major,eventually 1639,'Return to file/directory' link from file check results gives an error,assigned,davidsarah,defect,major,soon 1649,WUI: the error message page for a writeable file/directory nonobviously includes the write cap,assigned,davidsarah,defect,major,undecided 1664,"webapi fails to handle all TCP disconnects: ""Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this.""",new,nobody,defect,major,soon 1665,Brainstorm webapi vulnerabilities between the operator and a user and between users.,new,,task,major,undecided 1797,WUI: view content in an HTML5 sandboxed iframe,new,,defect,major,soon 1798,Segregate gateway HTTP ports: one for raw bytes and one for generated WUI pages,new,freddyb,defect,major,soon 1859,Proof-of-concept attack: Upload and execute attacker controlled js from any domain.,new,davidsarah,defect,major,undecided 1904,filenames leak into log files from rename (and other web-API operations that take filenames),new,,defect,major,undecided 2125,don't cache failures!,new,,defect,major,undecided 2385,node web server should use DHE/ECDHE suites automatically,new,j3i,enhancement,major,undecided 3852,500 error from JSON welcome page,new,,defect,major,undecided 3929,Error reading directory: 'coroutine' object has no attribute 'addCallback',new,,defect,major,undecided 451,webdav frontend,new,,enhancement,normal,undecided 824,WUI pages lack correct XHTML 1.0 Transitional declarations,assigned,daira,defect,normal,soon 1171,"add regression test for shnums: ""e,r,r,o,r""",reopened,warner,defect,normal,soon 1203,/storage is insufficiently verbose when no crawl running,new,nobody,defect,normal,eventually 1375,the performance stats for each upload or download are undiscoverable,new,tarcieri,defect,normal,undecided 1386,KeyError: 'file' if the local file is removed after selection and before Submit,new,daira,defect,normal,soon 1492,introducer status page is ugly,new,,defect,normal,soon 1541,Add ?t=xml parameter for getting file statistics,new,bibilthaysose,enhancement,normal,undecided 1645,UnrecoverableFileError HTML message should include a link to check the file,new,,enhancement,normal,soon 1666,test that an upload with no Content-Length (and not chunked) gives HTTP 411 Length Required,new,,defect,normal,soon 1706,"The ""Report!"" button in the ""Report an Incident"" form field redirects to a misleading/incomplete message",new,zancas,defect,normal,undecided 1709,order nodes by nickname instead of peerid on the welcome page,new,,enhancement,normal,undecided 1726,new visualizer needs labels with units,new,warner,defect,normal,soon 1727,New Visualizer has layout bug where serverids and other things scribble over each other,new,warner,defect,normal,soon 1728,add link to docs/frontends/download-status.rst from the download status page,assigned,Lcstyle,enhancement,normal,soon 1764,tahoe webapi gives HTTP 410 Gone for files that may actually come back,new,ChosenOne,defect,normal,soon 1799,"Document how to distinguish exceptions from JSON, or encode exceptions as JSON",new,,defect,normal,undecided 1809,WUI: upload to directory fails due to no file name,new,,defect,normal,undecided 1821,"show full, explorable details about check and repair operations",new,,enhancement,normal,eventually 1846,"add ""started"" timestamp on the current operations on Recent Uploads and Downloads",new,,defect,normal,undecided 1889,"allmydata.mutable.common.NotEnoughServersError does not produce a ""humanized"" failure message",new,,defect,normal,soon 1890,submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors,assigned,davidsarah,task,normal,soon 1895,implement replace=false for file upload into a mutable directory,new,davidsarah,defect,normal,undecided 1898,"deep check on a non-directory gives unhelpful ""400 Bad Request"" error",assigned,davidsarah,defect,normal,soon 1899,make reported max-mutable-share-size have the same semantics as max-immutable-share-size,new,,defect,normal,soon 1902,"WUI: ""Download a file"" should error on directory",assigned,Lcstyle,defect,normal,soon 1903,"deprecate one of the synonyms ""/file/"" and ""/named/"" from the WAPI",reopened,zooko,enhancement,normal,soon 1912,show miniature live view of recent activity right on the front page,new,drewp,enhancement,normal,undecided 1914,tahoe check reports incorrect encoding,new,,defect,normal,undecided 1928,web redirects should use relative URLs,assigned,davidsarah,defect,normal,soon 1930,should ?t=rename be deprecated in favour of ?t=move ?,new,,defect,normal,soon 1931,WUI: niggles in the new Welcome page,new,daira,defect,normal,soon 1967,make new WUI work on phone,new,,defect,normal,undecided 1997,Eventually remove disconnected nodes from Welcome page display,new,daira,enhancement,normal,soon 2003,put nickname in