drive: use secret token to authenticate access to file server on localhost

This prevents Mark-of-the-Web bypass attacks in case someone visits the
localhost WebDAV server directly.

Fixes tailscale/corp#19592

Signed-off-by: Percy Wegmann <percy@tailscale.com>
andrew/debug-integration-tests
Percy Wegmann 6 months ago committed by Percy Wegmann
parent 745fb31bd4
commit a03cb866b4

@ -48,7 +48,6 @@ func NewFileServer() (*FileServer, error) {
if err != nil {
return nil, fmt.Errorf("listen: %w", err)
}
// }
secretToken, err := generateSecretToken()
if err != nil {

Loading…
Cancel
Save