TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-16 11:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

drive: use secret token to authenticate access to file server on localhost

Browse Source 
This prevents Mark-of-the-Web bypass attacks in case someone visits the
localhost WebDAV server directly.

Fixes tailscale/corp#19592

Signed-off-by: Percy Wegmann <percy@tailscale.com>
This commit is contained in:
Percy Wegmann 2024-05-02 21:42:26 -05:00 committed by Percy Wegmann
parent 745fb31bd4
commit a03cb866b4
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drive/driveimpl/fileserver.go
View File

@ -48,7 +48,6 @@ func NewFileServer() (*FileServer, error) {
if err != nil { if err != nil {
return nil, fmt.Errorf("listen: %w", err) return nil, fmt.Errorf("listen: %w", err)
} }
// }
secretToken, err := generateSecretToken() secretToken, err := generateSecretToken()
if err != nil { if err != nil {