mirror of
https://github.com/minio/minio.git
synced 2024-12-26 23:25:54 -05:00
ec5293ce29
This commit fixes a potential security issue, whereby a full-access token to the server would be available in the GET URL of a download request. This fixes that issue by introducing short-expiry tokens, which are only valid for one minute, and are regenerated for every download request. This commit specifically introduces the short-lived tokens, adds tests for the tokens, adds an RPC call for generating a token given a full-access token, updates the browser to use the new tokens for requests where the token is passed as a GET parameter, and adds some tests with the new temporary tokens. Refs: https://github.com/minio/minio/pull/4673 |
||
---|---|---|
.. | ||
__tests__ | ||
components | ||
actions.js | ||
constants.js | ||
jsonrpc.js | ||
mime.js | ||
reducers.js | ||
utils.js | ||
web.js |