#127 |
Cap URLs leaked via HTTP Referer header
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#280 |
get_hash method in webapi for extension caching logic.
|
assigned
|
zooko
|
enhancement
|
minor
|
undecided
|
#554 |
some directory targets in wapi/wui require trailing slashes
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#567 |
add version info to t=JSON output data
|
assigned
|
rvs
|
enhancement
|
major
|
soon
|
#615 |
Can JavaScript loaded from Tahoe access all your content which is loaded from Tahoe?
|
assigned
|
davidsarah
|
defect
|
critical
|
soon
|
#622 |
add a 'repair' button on the webapi checker results page
|
assigned
|
Lcstyle
|
enhancement
|
major
|
soon
|
#677 |
WebAPI: GET /uri/$FILECAP?t=json doesn't return size for mutable files, but the HTML version does
|
assigned
|
davidsarah
|
defect
|
minor
|
soon
|
#679 |
/storage emitting exception - lease reporting code
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
#686 |
Search for lost share resulted in a directory popping up at unexpected place
|
assigned
|
daira
|
defect
|
major
|
soon
|
#691 |
improve WUI directory page according to a new user's first impressions
|
assigned
|
zooko
|
enhancement
|
minor
|
eventually
|
#766 |
repair results Summary field says "Unhealthy" even though it is healthy after the repair, if it was unhealthy before
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#821 |
A script in a file viewed through the WUI can obtain the file's read cap
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#824 |
WUI pages lack correct XHTML 1.0 Transitional declarations
|
assigned
|
daira
|
defect
|
normal
|
soon
|
#827 |
Put file download links ('?save=true') in WUI directory listings
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#884 |
give nice error page when URL is mangled or from the future
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#885 |
Ignore space or %20 in webapi URLs
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#907 |
Stop caps from leaking to phishing-filter servers
|
assigned
|
davidsarah
|
defect
|
minor
|
eventually
|
#918 |
Abstraction violations in web/info.py
|
assigned
|
davidsarah
|
defect
|
minor
|
eventually
|
#922 |
The URL of the info page for an unknown dirnode should not grant authority to the containing directory
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#951 |
uploads aren't cancelled by closing the web page
|
assigned
|
zooko
|
defect
|
major
|
undecided
|
#971 |
"Humanized failures" should still have a traceback, hidden by default
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
#1000 |
add 'Tahoe Explorer' (JavaScript-based UI) to Tahoe
|
assigned
|
davidsarah
|
enhancement
|
major
|
soon
|
#1091 |
give clearer names to the "create a directory" buttons
|
assigned
|
Lcstyle
|
enhancement
|
minor
|
soon
|
#1141 |
Cannot Delete Or Rename Files/Directories With Wacky Names
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1173 |
cancelled downloads are marked incorrectly on the Recent Uploads/Downloads page
|
assigned
|
zooko
|
defect
|
major
|
soon
|
#1234 |
UnrecoverableFileError message should say which file it refers to
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1265 |
New Visualizer is insufficiently labelled/documented (plus layout problem)
|
assigned
|
zooko
|
defect
|
major
|
soon
|
#1485 |
web-API: POSTs and GETs should be to distinct URLs
|
assigned
|
davidsarah
|
defect
|
major
|
eventually
|
#1639 |
'Return to file/directory' link from file check results gives an error
|
assigned
|
davidsarah
|
defect
|
major
|
soon
|
#1649 |
WUI: the error message page for a writeable file/directory nonobviously includes the write cap
|
assigned
|
davidsarah
|
defect
|
major
|
undecided
|
#1728 |
add link to docs/frontends/download-status.rst from the download status page
|
assigned
|
Lcstyle
|
enhancement
|
normal
|
soon
|
#1890 |
submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors
|
assigned
|
davidsarah
|
task
|
normal
|
soon
|
#1898 |
deep check on a non-directory gives unhelpful "400 Bad Request" error
|
assigned
|
davidsarah
|
defect
|
normal
|
soon
|
#1902 |
WUI: "Download a file" should error on directory
|
assigned
|
Lcstyle
|
defect
|
normal
|
soon
|
#1928 |
web redirects should use relative URLs
|
assigned
|
davidsarah
|
defect
|
normal
|
soon
|
#2003 |
put nickname in <title>
|
assigned
|
daira
|
enhancement
|
normal
|
soon
|
#2402 |
serve static files under a common URL
|
assigned
|
daira
|
enhancement
|
normal
|
soon
|
#3420 |
Twisted web Resources should "return ErrorPage" instead of "raise WebError"
|
assigned
|
sajith
|
defect
|
normal
|
|
#92 |
add upload-status page: progress and to-whom info
|
new
|
warner
|
enhancement
|
minor
|
eventually
|
#203 |
add deep-copy function to web API
|
new
|
|
enhancement
|
major
|
eventually
|
#277 |
make the wui show the underlying LAFS model -- one WUI page per link in LAFS
|
new
|
zooko
|
enhancement
|
major
|
eventually
|
#318 |
wapi: test that we return 200 or 201 as appropriate
|
new
|
|
defect
|
major
|
soon
|
#324 |
use POST for operations whose noun doesn't denote the same resource that a GET would denote, or that have side effects
|
new
|
|
defect
|
major
|
soon
|
#366 |
address Nathan Wilcox's concerns about "Tahoe and the browser security model"
|
new
|
nejucomo
|
defect
|
major
|
eventually
|
#386 |
upload status page should show nicknames
|
new
|
akp
|
enhancement
|
minor
|
eventually
|
#389 |
Implement Web Portal feature.
|
new
|
|
enhancement
|
minor
|
undecided
|
#413 |
mutable files: expose version info to HTTP clients
|
new
|
|
enhancement
|
major
|
eventually
|
#430 |
upload/download status: add recently-finished operations
|
new
|
warner
|
enhancement
|
minor
|
eventually
|
#451 |
webdav frontend
|
new
|
|
enhancement
|
normal
|
undecided
|
#462 |
PUT should elicit 100 Continue
|
new
|
|
defect
|
major
|
soon
|
#471 |
servermap update chart doesn't fit
|
new
|
|
defect
|
major
|
eventually
|
#529 |
Implement Halt and Catch Fire
|
new
|
|
defect
|
major
|
undecided
|
#568 |
make immutable check/verify/repair and mutable check/verify work given only a verify cap
|
new
|
daira
|
defect
|
major
|
soon
|
#587 |
Web nodes provide ambient upload authority
|
new
|
daira
|
defect
|
major
|
soon
|
#589 |
JSON link does not work if there is a '#' character in the file name.
|
new
|
|
defect
|
major
|
eventually
|
#631 |
trailing spaces in filenames break the WUI rename function
|
new
|
|
defect
|
major
|
soon
|
#674 |
controlled access to your WUI
|
new
|
nobody
|
enhancement
|
major
|
soon
|
#689 |
web documents should be constructed out of unicode strings
|
new
|
|
enhancement
|
minor
|
eventually
|
#765 |
duplication of version and nickname-and-nodeid code in the wui
|
new
|
|
enhancement
|
minor
|
undecided
|
#770 |
webapi: listen on multiple interfaces/ports
|
new
|
|
enhancement
|
major
|
eventually
|
#784 |
explain what the "Report an incident" button does
|
new
|
|
enhancement
|
major
|
undecided
|
#789 |
Support Accept-Encoding: compress, gzip in the WAPI
|
new
|
|
enhancement
|
minor
|
undecided
|
#813 |
string exception raised to web renderer?
|
new
|
somebody
|
defect
|
minor
|
undecided
|
#822 |
Web API should use a more reliable, out-of-band means of reporting errors (such as a server connection being lost) during a download
|
new
|
|
defect
|
major
|
soon
|
#823 |
WUI server should have a disallow-all robots.txt
|
new
|
|
defect
|
major
|
undecided
|
#825 |
Cannot use WUI to upload a file with a name different to its name in the local filesystem
|
new
|
|
enhancement
|
major
|
undecided
|
#826 |
Rename action in WUI has no confirmation for clobbering another entry
|
new
|
|
defect
|
major
|
soon
|
#857 |
Make operation-handle-querying use only a little memory
|
new
|
nobody
|
defect
|
major
|
undecided
|
#891 |
web gateway memory grows without bound under load
|
new
|
warner
|
defect
|
critical
|
soon
|
#903 |
webapi t=mkdir-with-children and mkdir-immutable: behavior when directory already exists?
|
new
|
|
defect
|
minor
|
eventually
|
#906 |
ETag support for mutable files and directories
|
new
|
|
defect
|
major
|
undecided
|
#920 |
mkdir-immutable probably shouldn't implicitly create (mutable) intermediate directories
|
new
|
|
defect
|
minor
|
eventually
|
#970 |
webapi PUT via multiple nodes can cause directory corruption but does not report UncoordinatedWriteError
|
new
|
nobody
|
defect
|
minor
|
undecided
|
#975 |
results of deep-size should include mutable files
|
new
|
|
defect
|
major
|
soon
|
#976 |
status of mutable file retrieve gives less information than an immutable download
|
new
|
|
defect
|
minor
|
undecided
|
#979 |
AssertionError on DELETE when child links point to yourself
|
new
|
|
defect
|
major
|
soon
|
#995 |
It's way too easy to give away write directory caps
|
new
|
nobody
|
defect
|
major
|
undecided
|
#997 |
The webapi/WUI should have https enabled by default
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1008 |
Unhandled error conditions disclose detailed information
|
new
|
|
defect
|
major
|
eventually
|
#1029 |
download a subtree as an archive
|
new
|
|
enhancement
|
major
|
undecided
|
#1032 |
Display active HTTP upload operations on the status page
|
new
|
nobody
|
enhancement
|
minor
|
eventually
|
#1047 |
Upload failures should report useful HTTP status lines
|
new
|
nobody
|
enhancement
|
major
|
undecided
|
#1048 |
Expected exceptions should not include tracebacks
|
new
|
|
enhancement
|
major
|
undecided
|
#1132 |
browser protocol handler or plugin for Tahoe URIs
|
new
|
|
enhancement
|
major
|
undecided
|
#1136 |
don't run a web-API frontend if you don't need one
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
#1142 |
Unlikely XSS Potential in File Names in WUI
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1144 |
Loopy/Uninhibited/Overlarge Filename Makes Web Server Crump
|
new
|
nobody
|
defect
|
major
|
undecided
|
#1176 |
webapi should avoid using plaintext temporary file for uploads
|
new
|
|
defect
|
major
|
soon
|
#1177 |
Display directory storage indexes in directory listings
|
new
|
|
enhancement
|
minor
|
undecided
|
#1178 |
Use identicons for directory identifiers
|
new
|
|
enhancement
|
minor
|
undecided
|
#1198 |
Bogus tub location causes introducer error
|
new
|
|
defect
|
major
|
soon
|
#1203 |
/storage is insufficiently verbose when no crawl running
|
new
|
nobody
|
defect
|
normal
|
eventually
|
#1211 |
client should be able to test share placement
|
new
|
somebody
|
enhancement
|
major
|
eventually
|
#1215 |
add CORS support
|
new
|
|
enhancement
|
major
|
undecided
|
#1221 |
operation stats are not sufficient to understand what's wrong
|
new
|
|
defect
|
major
|
undecided
|
#1369 |
allow static HTML files to be transcluded into WUI Welcome and directory listing pages
|
new
|
|
defect
|
major
|
undecided
|
#1375 |
the performance stats for each upload or download are undiscoverable
|
new
|
tarcieri
|
defect
|
normal
|
undecided
|
#1386 |
KeyError: 'file' if the local file is removed after selection and before Submit
|
new
|
daira
|
defect
|
normal
|
soon
|
#1434 |
DYHB requests misrendered in download visualization
|
new
|
warner
|
defect
|
major
|
soon
|
#1436 |
web interface using wrong address / port number when doing ssh port forwarding
|
new
|
|
defect
|
major
|
soon
|