Skip to content

GitLab

Switch branch/tag
  1. 05 Apr, 2016 1 commit
    • Thomas Gardner's avatar
      commands/cli: fix parsing of incorrect permutations · 3e824412
      Thomas Gardner authored 
      parseOpts now does some preliminary path screening to prevent
command sequences like

	`ipfs <hash> cat`

from succeeding. The tests affected by this have been slightly altered,
but should be restored once parseOpts is decoupled from path analysis.

Command suggestion printing has also been factored into a single
function.

Fixes: #2501
License: MIT
Signed-off-by: default avatarThomas Gardner <tmg@fastmail.com>
      3e824412
  3. 04 Apr, 2016 4 commits
    • Lars Gierth's avatar
      gateway: enforce allowlist for path prefixes · 09937f84
      Lars Gierth authored 
      The gateway accepts an X-Ipfs-Path-Prefix header,
and assumes that it is mounted in a reverse proxy
like nginx, at this path. Links in directory listings,
as well as trailing-slash redirects need to be rewritten
with that prefix in mind.

We don't want a potential attacker to be able to
pass in arbitrary path prefixes, which would end up
in redirects and directory listings, which is why
every prefix has to be explicitly allowed in the config.

Previously, we'd accept *any* X-Ipfs-Path-Prefix header.

Example:

We mount blog.ipfs.io (a dnslink page) at ipfs.io/blog.

nginx_ipfs.conf:

    location /blog/ {
        rewrite "^/blog(/.*)$" $1 break;
        proxy_set_header Host blog.ipfs.io;
        proxy_set_header X-Ipfs-Gateway-Prefix /blog;
        proxy_pass http://127.0.0.1:8080;
    }

.ipfs/config:

    "Gateway": {
        "PathPrefixes": ["/blog"],
        // ...
    },

dnslink:

    > dig TXT _dnslink.blog.ipfs.io
    dnslink=/ipfs/QmWcBjXPAEdhXDATV4ghUpkAonNBbiyFx1VmmHcQe9HEGd

License: MIT
Signed-off-by: default avatarLars Gierth <larsg@systemli.org>
      09937f84
    • slothbag's avatar
      datafieldenc switch statement · bd5e08ca
      slothbag authored 
      License: MIT
Signed-off-by: default avatarslothbag <slothbag@gmail.com>
      bd5e08ca
    • slothbag's avatar
      Tidy up object put cmd defaults · edf0bb05
      slothbag authored 
      License: MIT
Signed-off-by: default avatarslothbag <slothbag@gmail.com>
      edf0bb05
    • slothbag's avatar
      Add option to decode 'Data' field as base64 · 903a4851
      slothbag authored 
      License: MIT
Signed-off-by: default avatarslothbag@gmail.com <slothbag@gmail.com>
      903a4851
  5. 31 Mar, 2016 2 commits
  7. 30 Mar, 2016 1 commit
  9. 25 Mar, 2016 1 commit
  11. 18 Mar, 2016 1 commit
  13. 15 Mar, 2016 1 commit
  15. 14 Mar, 2016 1 commit
  17. 09 Mar, 2016 1 commit
  19. 04 Mar, 2016 3 commits
  21. 03 Mar, 2016 2 commits
  23. 02 Mar, 2016 5 commits
  25. 01 Mar, 2016 7 commits
  27. 26 Feb, 2016 3 commits
  29. 24 Feb, 2016 2 commits
  31. 22 Feb, 2016 1 commit
  33. 20 Feb, 2016 2 commits
  35. 19 Feb, 2016 2 commits