ยซ Changelog History


Plik v1.2-RC3 Release Notes

Release Date: 2016-07-18 // almost 8 years ago

  • Hi,

    ๐Ÿ”’ Plik 1.2 RC-3 is targeted at security.

    ๐Ÿ”’ Plik allow users to upload and serve any content as-is, but hosting untrusted HTML raises some well known security concern like phishing, xss, xsrf,... Rendering HTML and executing javascript in the context of Plik is not something we consider a feature. We try to avoid it by overriding Content-Type "text/html" to "text-plain", also the Content-Security-Policy HTTP header should disable sensible features of most recent browsers like resource loading, xhr requests, iframes,...

    ๐ŸŒ We also strongly advise you to use the new DownloadDomain option with a separate (sub-) domain to enforce that download links do not share the same origin than the Plik web client.

    ๐Ÿ”„ Changelist :

    • โž• Add security headers to getFileHandler to avoid HTML rendring in web browser
    • Enforce download domain option
    • โž• Add README security section
    • ๐Ÿ— Display Golang version on build info
    • โšก๏ธ Update go version in travis build

    Cheers,
    The Plik team.