minio/browser/app/js
Brendan Ashworth ec5293ce29 jwt,browser: allow short-expiry tokens for GETs (#4684)
This commit fixes a potential security issue, whereby a full-access
token to the server would be available in the GET URL of a download
request. This fixes that issue by introducing short-expiry tokens, which
are only valid for one minute, and are regenerated for every download
request.

This commit specifically introduces the short-lived tokens, adds tests
for the tokens, adds an RPC call for generating a token given a
full-access token, updates the browser to use the new tokens for
requests where the token is passed as a GET parameter, and adds some
tests with the new temporary tokens.

Refs: https://github.com/minio/minio/pull/4673
2017-07-24 12:46:37 -07:00
..
__tests__ browser: Update ui-assets and fix the copyright header. (#3790) 2017-02-22 17:27:26 -08:00
components jwt,browser: allow short-expiry tokens for GETs (#4684) 2017-07-24 12:46:37 -07:00
actions.js Browser: Fix Safari Blob download issue (#4357) 2017-05-17 17:03:44 -07:00
constants.js browser: Update ui-assets and fix the copyright header. (#3790) 2017-02-22 17:27:26 -08:00
jsonrpc.js browser: Update ui-assets and fix the copyright header. (#3790) 2017-02-22 17:27:26 -08:00
mime.js browser: Update ui-assets and fix the copyright header. (#3790) 2017-02-22 17:27:26 -08:00
reducers.js browser: Selecting a new bucket appends objects list to previous bucket's list (#4252) 2017-05-04 11:12:46 -07:00
utils.js browser: Update ui-assets and fix the copyright header. (#3790) 2017-02-22 17:27:26 -08:00
web.js jwt,browser: allow short-expiry tokens for GETs (#4684) 2017-07-24 12:46:37 -07:00