mirror of https://github.com/minio/minio.git
ec5293ce29
This commit fixes a potential security issue, whereby a full-access token to the server would be available in the GET URL of a download request. This fixes that issue by introducing short-expiry tokens, which are only valid for one minute, and are regenerated for every download request. This commit specifically introduces the short-lived tokens, adds tests for the tokens, adds an RPC call for generating a token given a full-access token, updates the browser to use the new tokens for requests where the token is passed as a GET parameter, and adds some tests with the new temporary tokens. Refs: https://github.com/minio/minio/pull/4673 |
||
|---|---|---|
| .. | ||
| css | ||
| fonts/lato | ||
| img | ||
| js | ||
| less | ||
| index.html | ||
| index.js | ||