aboutsummaryrefslogtreecommitdiffstats
path: root/modules/viewvc/files/setcookieredirect.html
Commit message (Collapse)AuthorAgeFilesLines
* Use more appropriate decoding/encoding when redirectingDan Fandrich2025-06-061-2/+2
|
* Properly escape the target in then anti-robot redirectDan Fandrich2025-06-061-2/+2
| | | | Any additional URL parameters after a & were previously dropped.
* Use an absolute URL when redirectingDan Fandrich2025-05-231-3/+4
| | | | | This reduces the possibility of a malicious URL redirecting to another domain.
* Use a fixed random number in the cookieDan Fandrich2025-05-231-1/+1
| | | | | The intent of this cookie isn't actually to track sessions, so eliminate any privacy impact by using a fixed number instead.
* Add another allowed character for cookie redirectsDan Fandrich2025-05-231-1/+1
|
* Block expensive svnweb operations without a cookieDan Fandrich2025-05-231-0/+27
If an expensive request comes in from anyone without a cookie attached, redirect to a page where the cookie is set using JavaScript, then redirect back. This should block robots from these paths, most of which do not support JavaScript. The collateral damage is that a JavaScript browser is now required for users to access those paths. The contents of the cookie is not currently checked, merely that it is set.
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-08 04:49:16 +0000