kopia

mirror/kopia

Fork 0

mirror of https://github.com/kopia/kopia.git synced 2025-12-31 10:37:55 -05:00

Commit Graph

Author	SHA1	Message	Date
Jarek Kowalski	e57020fb70	test(repository): server testability refactoring (#2612 ) - removed repo.OpenAPIServer() which was only needed for testability - introduced servertesting package to replace it	2022-12-01 06:27:52 +00:00
Jarek Kowalski	3d58566644	fix(security): prevent cross-site request forgery in the UI website (#1653 ) * fix(security): prevent cross-site request forgery in the UI website This fixes a [cross-site request forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery) vulnerability in self-hosted UI for Kopia server. The vulnerability allows potential attacker to make unauthorized API calls against a running Kopia server. It requires an attacker to trick the user into visiting a malicious website while also logged into a Kopia website. The vulnerability only affected self-hosted Kopia servers with UI. The following configurations were not vulnerable: * Kopia Repository Server without UI * KopiaUI (desktop app) * command-line usage of `kopia` All users are strongly recommended to upgrade at the earliest convenience. * pr feedback	2022-01-13 11:31:51 -08:00
Jarek Kowalski	23ec78d752	ui: add CLI equivalent button to most pages (#1568 ) Fixes #1419	2021-12-05 22:17:11 -08:00

Author

SHA1

Message

Date

Jarek Kowalski

e57020fb70

test(repository): server testability refactoring (#2612 )

- removed repo.OpenAPIServer() which was only needed for testability
- introduced servertesting package to replace it

2022-12-01 06:27:52 +00:00

Jarek Kowalski

3d58566644

fix(security): prevent cross-site request forgery in the UI website (#1653 )

* fix(security): prevent cross-site request forgery in the UI website

This fixes a [cross-site request forgery (CSRF)](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
vulnerability in self-hosted UI for Kopia server.

The vulnerability allows potential attacker to make unauthorized API
calls against a running Kopia server. It requires an attacker to trick
the user into visiting a malicious website while also logged into a
Kopia website.

The vulnerability only affected self-hosted Kopia servers with UI. The
following configurations were not vulnerable:

* Kopia Repository Server without UI
* KopiaUI (desktop app)
* command-line usage of `kopia`

All users are strongly recommended to upgrade at the earliest
convenience.

* pr feedback

2022-01-13 11:31:51 -08:00

Jarek Kowalski

23ec78d752

ui: add CLI equivalent button to most pages (#1568 )

Fixes #1419

2021-12-05 22:17:11 -08:00

3 Commits