Issue 2551345
Created on 2024-05-02 01:53 by rouilj, last changed 2025-01-01 19:37 by rouilj.
|
| msg8027 |
Author: [hidden] (rouilj) |
Date: 2024-05-02 01:53 |
|
It appears that you can request a static file from a Roundup instance from any
web page. The origin (CSRF) and other checks are not applied.
Anti leeching can be implemented by a proxy server.
So not a major issue, but it would be nice to provide a native method to
prevent inline linking/leeching.
|
| msg8245 |
Author: [hidden] (rouilj) |
Date: 2025-01-01 17:33 |
|
Referer can be changed by the user, but might be useful to check as an additional step??
|
|
| Date |
User |
Action |
Args |
| 2025-01-01 19:37:52 | rouilj | set | priority: low |
| 2025-01-01 17:33:31 | rouilj | set | messages:
+ msg8245
title: Access to static files is not limited by origin -> Access to static files is not limited by referer or origin |
| 2024-05-02 02:27:04 | rouilj | set | resolution: remind |
| 2024-05-02 01:53:16 | rouilj | create | |
|