HomePhorge
Diffusion Phorge 68c30e1a714a

Provide a setting which forces all file views to be served from an alternate
68c30e1a714a
Actions

Description

Provide a setting which forces all file views to be served from an alternate
domain

Summary:
See D758, D759.

  • Provide a strongly recommended setting which permits configuration of an

alternate domain.

  • Lock cookies down better: set them on the exact domain, and use SSL-only if

the configuration is HTTPS.

  • Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:

  • Attempted to login from a different domain and was rejected.
  • Logged out, logged back in normally.
  • Put install in setup mode and verified it revealed a warning.
  • Configured an alterate domain.
  • Tried to view an image with an old URI, got a 400.
  • Went to /files/ and verified links rendered to the alternate domain.
  • Viewed an alternate domain file.
  • Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760

Details

Provenance
epriestleyAuthored on Aug 1 2011, 10:24 PM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rP355b753df70c: Prevent file download without POST + CSRF
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (16)

PathSize
conf/
src/
aphront/
default/
configuration/
request/
applications/
files/
controller/
altview/
proxy/
list/
view/
storage/
file/
uri/
files/
controller/
altview/
xhprof/
controller/
profile/
PhabricatorFileAltViewController.php
PhabricatorXHProfProfileController.php
infrastructure/
setup/

rP68c30e1a714a

View Options

conf/default.conf.php

Loading...
View Options

src/__phutil_library_map__.php

Loading...
View Options

src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php

Loading...
View Options

src/aphront/request/AphrontRequest.php

Loading...
View Options

src/aphront/request/__init__.php

Loading...
View Options

src/applications/files/controller/altview/PhabricatorFileAltViewController.php

Loading...
View Options

src/applications/files/controller/altview/__init__.php

Loading...
View Options

src/applications/files/controller/list/PhabricatorFileListController.php

Loading...
View Options

src/applications/files/controller/view/PhabricatorFileViewController.php

Loading...
View Options

src/applications/files/controller/view/__init__.php

Loading...
View Options

src/applications/files/storage/file/PhabricatorFile.php

Loading...
View Options

src/applications/files/storage/file/__init__.php

Loading...
View Options

src/applications/files/uri/PhabricatorFileURI.php

Loading...
View Options

src/applications/files/uri/__init__.php

Loading...
View Options

src/infrastructure/setup/PhabricatorSetup.php

Loading...