Skip to content

GitLab

Switch branch/tag
  1. 11 Oct, 2021 1 commit
  3. 17 Aug, 2020 1 commit
  5. 07 Jul, 2020 4 commits
  7. 05 Apr, 2020 1 commit
    • Hector Sanjuan's avatar
      HTTP API: Disallow GET requests on API · 1b490476
      Hector Sanjuan authored 
      This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).
Co-Authored-By: default avatarSteven Allen <steven@stebalien.com>
Co-Authored-By: default avatarMarcin Rataj <lidel@lidel.org>
      1b490476
  9. 09 Mar, 2020 1 commit
  11. 26 Feb, 2020 1 commit
  13. 17 Jan, 2020 2 commits
    • Steven Allen's avatar
      build: fix golangci again · 721c1abe
      Steven Allen authored 
      The patches that required the replace directives have been merged upstream.
Unfortunately, those branches have now been deleted, breaking the build.

GAH!
      721c1abe
    • Steven Allen's avatar
      make: move all test deps to a separate module · 71133b67
      Steven Allen authored 
      1. This means those deps don't get pulled in unless we actually need to test.
2. It means we can cordon all the golangci-lint module replace hacks off into a
   separate package.
      71133b67
  15. 29 Oct, 2019 1 commit
  17. 01 Oct, 2019 1 commit
  19. 12 Sep, 2019 1 commit
    • Steven Allen's avatar
      build: fix golangci again · 315a3c9e
      Steven Allen authored 
      The patches that required the replace directives have been merged upstream.
Unfortunately, those branches have now been deleted, breaking the build.

GAH!
      315a3c9e
  21. 11 Sep, 2019 1 commit
  23. 01 Aug, 2019 1 commit
  25. 14 May, 2019 1 commit
  27. 29 Mar, 2019 1 commit
  29. 06 Mar, 2019 1 commit
  31. 05 Mar, 2019 5 commits
  33. 27 Feb, 2019 3 commits
  35. 21 Feb, 2019 2 commits
  37. 18 Feb, 2019 1 commit
  39. 14 Feb, 2019 1 commit
  41. 08 Feb, 2019 1 commit
  43. 09 Jan, 2019 1 commit
  45. 04 Jan, 2019 1 commit
  47. 20 Dec, 2018 1 commit
  49. 07 Dec, 2018 1 commit
  51. 27 Nov, 2018 1 commit
  53. 16 Nov, 2018 1 commit
  55. 03 Nov, 2018 1 commit
  57. 02 Nov, 2018 1 commit