Message8027
It appears that you can request a static file from a Roundup instance from any
web page. The origin (CSRF) and other checks are not applied.
Anti leeching can be implemented by a proxy server.
So not a major issue, but it would be nice to provide a native method to
prevent inline linking/leeching. |
|
| Date |
User |
Action |
Args |
| 2024-05-02 01:53:17 | rouilj | set | recipients:
+ rouilj |
| 2024-05-02 01:53:17 | rouilj | set | messageid: <1714614796.99.0.187358881176.issue2551345@roundup.psfhosted.org> |
| 2024-05-02 01:53:16 | rouilj | link | issue2551345 messages |
| 2024-05-02 01:53:16 | rouilj | create | |
|