New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bridge should refrain from uploading htm/l files to the media server. #442
Comments
I understand it could be annoying, but what exactly is the security hazard ? Haven't tested it but I think you can get people to download the file instead of showing it (if that's the issue you're referring to) by using the mime setting https://caddyserver.com/docs/mime
|
Yes, displaying it is the problem because a malicious user could upload something bad enough to get a vps/domain provider to pull an account without appeal. Using the mime setting would prevent me from setting my own index.html file to hide the file index as well, I believe. |
From the caddy docs.
So you don't need to put an index file yourself |
Could you confirm if this fixes your issue ? |
Maybe the upload plugin changes something because the file index was definitely visible before I set an index file. Also I'm just using the caddy file from the media server setup documentation so I don't think it's anything in there. |
Oh, I see, if you used the documentation, please remove the |
I've added an option to master so you can select which files can be blacklisted
|
Thanks again! |
This just seems like a huge security hazard and I didn't see a way to prevent in on the caddy plugin side.
The text was updated successfully, but these errors were encountered: