drive: use secret token to authenticate access to file server on localhost

This prevents Mark-of-the-Web bypass attacks in case someone visits the localhost WebDAV server directly. Fixes tailscale/corp#19592 Signed-off-by: Percy Wegmann <percy@tailscale.com>
2025-02-18 02:48:40 +00:00 · 2024-05-02 21:42:26 -05:00 · 2024-05-02 21:42:26 -05:00 · a03cb866b4
commit a03cb866b4
parent 745fb31bd4
1 changed files with 0 additions and 1 deletions
--- a/drive/driveimpl/fileserver.go
+++ b/drive/driveimpl/fileserver.go
@ -48,7 +48,6 @@ func NewFileServer() (*FileServer, error) {
 	if err != nil {
 		return nil, fmt.Errorf("listen: %w", err)
 	}
-	// }

 	secretToken, err := generateSecretToken()
 	if err != nil {