From 5fa395740aea6c9b230453f165cf29046e017108 Mon Sep 17 00:00:00 2001
From: Percy Wegmann <percy@tailscale.com>
Date: Thu, 2 May 2024 21:42:26 -0500
Subject: [PATCH] drive: use secret token to authenticate access to file server
 on localhost

This prevents Mark-of-the-Web bypass attacks in case someone visits the
localhost WebDAV server directly.

Fixes tailscale/corp#19592

Signed-off-by: Percy Wegmann <percy@tailscale.com>
---
 drive/driveimpl/fileserver.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drive/driveimpl/fileserver.go b/drive/driveimpl/fileserver.go
index b17e0b643..e9ea7331e 100644
--- a/drive/driveimpl/fileserver.go
+++ b/drive/driveimpl/fileserver.go
@@ -48,7 +48,6 @@ func NewFileServer() (*FileServer, error) {
 	if err != nil {
 		return nil, fmt.Errorf("listen: %w", err)
 	}
-	// }
 
 	secretToken, err := generateSecretToken()
 	if err != nil {