Page MenuHomePhabricator
Differential D10048

Allow only CDN routes when using security.alternate-file-domain
ClosedPublic
Actions

Authored by bttelle on Jul 25 2014, 1:48 AM.
Tags
None
Referenced Files
F19908732: D10048.diff
Wed, Apr 1, 9:48 PM
F19815676: D10048.diff
Mar 4 2026, 11:55 PM
F19803140: D10048.id24161.diff
Mar 1 2026, 9:14 PM
F19803139: D10048.id24172.diff
Mar 1 2026, 9:14 PM
F19802887: D10048.id24160.diff
Mar 1 2026, 7:29 PM
F19802868: D10048.id24161.diff
Mar 1 2026, 7:23 PM
F19802867: D10048.id24172.diff
Mar 1 2026, 7:23 PM
F19802608: D10048.id24160.diff
Mar 1 2026, 5:41 PM
View All Files
Subscribers
epriestley
Korvin

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Commits
Restricted Diffusion Commit
rPc006cca9b1e9: Allow only CDN routes when using security.alternate-file-domain
Summary

Instead of allowing all routes based on security.alternate-file-domain, now, when security.alternate-file-domain is set, and the request matches this domain, requests are validated against an explicit list. Allowed routes:

  • /res/
  • /file/data/
  • /file/xform/
  • /phame/r/

This will be redone by T5702 to be less of a hack.

Test Plan
  • browse around (incl. Phame live) to make sure there is no regression from this when security.alternate-file-domain is not used.
  • check that celerity resources and files (incl. previews) are served with security.alternate-file-domain set.
  • check that phame live blog is serving its css correctly with security.alternate-file-domain set.
  • check that requests outside of the whitelist generate an exception for security.alternate-file-domain

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

bttelle updated this revision to Diff 24160.Jul 25 2014, 1:48 AM
bttelle retitled this revision from to Allow only CDN routes when using security.alternate-file-domain.
bttelle updated this object.
bttelle edited the test plan for this revision. (Show Details)
bttelle added a reviewer: epriestley.
Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptJul 25 2014, 1:48 AM
Herald added subscribers: Korvin, epriestley. · View Herald Transcript
bttelle edited the test plan for this revision. (Show Details)Jul 25 2014, 1:49 AM
bttelle edited edge metadata.
Harbormaster completed remote builds in B1892: Diff 24160.Jul 25 2014, 1:49 AM
bttelle updated this object.Jul 25 2014, 1:51 AM
bttelle added a comment.Jul 25 2014, 1:54 AM

I tested this diff against my own phabricator install with and without secure.alternate-file-domain set.

bttelle edited the test plan for this revision. (Show Details)Jul 25 2014, 2:01 AM
bttelle updated this revision to Diff 24161.Jul 25 2014, 2:14 AM

Normalized indent to two spaces per level.

Harbormaster completed remote builds in B1893: Diff 24161.Jul 25 2014, 2:15 AM
epriestley accepted this revision.Jul 25 2014, 1:39 PM
epriestley edited edge metadata.

This looks correct to me. Thanks!

This revision is now accepted and ready to land.Jul 25 2014, 1:39 PM
epriestley closed this revision.Jul 25 2014, 1:40 PM
epriestley updated this revision to Diff 24172.

Closed by commit rPc006cca9b1e9 (authored by Joseph Battelle <git@bttelle.com>, committed by @epriestley).

Revision Contents
Changeset List

PathSize
src/
aphront/
configuration/
19 lines

Diff 24172

View Options

src/aphront/configuration/AphrontApplicationConfiguration.php

Loading...
Phabricator · Built by Phacility