Skip to content
  • Jonne Haß's avatar
    0a70e51f
    Add a token the filename for exported user data · 0a70e51f
    Jonne Haß authored
    Also redirect to it for download, for Amazon S3
    compatibility.
    
    Prior to this patch an attacker could obtain an
    users export by guessing the filename with a high
    chance of success. Fully authenticating the
    download request is a lot harder due to our diverse
    deployment scenarios.
    
    This brings the used method in line with the photo
    export feature.
    
    Thanks to @tomekr for the report.
    0a70e51f
    Add a token the filename for exported user data
    Jonne Haß authored
    Also redirect to it for download, for Amazon S3
    compatibility.
    
    Prior to this patch an attacker could obtain an
    users export by guessing the filename with a high
    chance of success. Fully authenticating the
    download request is a lot harder due to our diverse
    deployment scenarios.
    
    This brings the used method in line with the photo
    export feature.
    
    Thanks to @tomekr for the report.
Loading