Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAS-133839 / 25.10 / Improve file download and allow in STIG mode #15502

Merged
merged 2 commits into from
Jan 28, 2025
Merged

NAS-133839 / 25.10 / Improve file download and allow in STIG mode #15502

merged 2 commits into from
Jan 28, 2025

Conversation

anodos325
Copy link
Contributor

  • Allow creation of single-use auth tokens
    These authentication tokens are suitable for file downloads under enhanced security settings and were approved for use under STIG mode.

  • Add ConnectionOrigin validation for file downloads.
    Prevent download links from being used from unexpected IP addresses.

  • Remove unused legacy TrueCommand-related UI auth

@anodos325
Improve file download and allow in STIG mode
c51be3e 
* Allow creation of single-use auth tokens
These authentication tokens are suitable for file downloads
under enhanced security settings and were approved for use
under STIG mode.

* Add ConnectionOrigin validation for file downloads.
Prevent download links from being used from unexpected IP
addresses.
@bugclerk bugclerk changed the title Improve file download and allow in STIG mode NAS-133839 / 25.10 / Improve file download and allow in STIG mode Jan 28, 2025
@bugclerk
Copy link
Contributor

Jira URL: https://ixsystems.atlassian.net/browse/NAS-133839

@anodos325 anodos325 requested a review from yocalebo January 28, 2025 15:43
billohanlon
billohanlon approved these changes Jan 28, 2025
View reviewed changes
Copy link

@billohanlon billohanlon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@anodos325 anodos325 merged commit a4c32ec into master Jan 28, 2025
2 checks passed
@anodos325 anodos325 deleted the fix-download branch January 28, 2025 16:44
@bugclerk bugclerk mentioned this pull request Jan 28, 2025
Merged
@bugclerk
Copy link
Contributor

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

@truenas truenas locked as resolved and limited conversation to collaborators Jan 28, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@billohanlon billohanlon billohanlon approved these changes

@yocalebo yocalebo yocalebo approved these changes

Assignees
No one assigned
Labels
backport-25.04-RC.1 backported jira-high no-time-tracked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anodos325 @bugclerk @yocalebo @billohanlon