Roundup Tracker - Issues

Issue 2551345

Access to static files is not limited by origin
Type: behavior Severity: normal
Components: Web interface Versions:
Status: new remind
: : rouilj
Priority: :

Created on 2024-05-02 01:53 by rouilj, last changed 2024-05-02 02:27 by rouilj.

msg8027 Author: [hidden] (rouilj) Date: 2024-05-02 01:53
It appears that you can request a static file from a Roundup instance from any
web page. The origin (CSRF) and other checks are not applied.

Anti leeching can be implemented by a proxy server.

So not a major issue, but it would be nice to provide a native method to
prevent inline linking/leeching.
Date User Action Args
2024-05-02 02:27:04rouiljsetresolution: remind
2024-05-02 01:53:16rouiljcreate