tailscale

Commit Graph

Author	SHA1	Message	Date
Will Norris	3ec5be3f51	all: remove AUTHORS file and references to it This file was never truly necessary and has never actually been used in the history of Tailscale's open source releases. A Brief History of AUTHORS files --- The AUTHORS file was a pattern developed at Google, originally for Chromium, then adopted by Go and a bunch of other projects. The problem was that Chromium originally had a copyright line only recognizing Google as the copyright holder. Because Google (and most open source projects) do not require copyright assignemnt for contributions, each contributor maintains their copyright. Some large corporate contributors then tried to add their own name to the copyright line in the LICENSE file or in file headers. This quickly becomes unwieldy, and puts a tremendous burden on anyone building on top of Chromium, since the license requires that they keep all copyright lines intact. The compromise was to create an AUTHORS file that would list all of the copyright holders. The LICENSE file and source file headers would then include that list by reference, listing the copyright holder as "The Chromium Authors". This also become cumbersome to simply keep the file up to date with a high rate of new contributors. Plus it's not always obvious who the copyright holder is. Sometimes it is the individual making the contribution, but many times it may be their employer. There is no way for the proejct maintainer to know. Eventually, Google changed their policy to no longer recommend trying to keep the AUTHORS file up to date proactively, and instead to only add to it when requested: https://opensource.google/docs/releasing/authors. They are also clear that: > Adding contributors to the AUTHORS file is entirely within the > project's discretion and has no implications for copyright ownership. It was primarily added to appease a small number of large contributors that insisted that they be recognized as copyright holders (which was entirely their right to do). But it's not truly necessary, and not even the most accurate way of identifying contributors and/or copyright holders. In practice, we've never added anyone to our AUTHORS file. It only lists Tailscale, so it's not really serving any purpose. It also causes confusion because Tailscalars put the "Tailscale Inc & AUTHORS" header in other open source repos which don't actually have an AUTHORS file, so it's ambiguous what that means. Instead, we just acknowledge that the contributors to Tailscale (whoever they are) are copyright holders for their individual contributions. We also have the benefit of using the DCO (developercertificate.org) which provides some additional certification of their right to make the contribution. The source file changes were purely mechanical with: git ls-files \| xargs sed -i -e 's/\(Tailscale Inc &\) AUTHORS/\1 contributors/g' Updates #cleanup Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	1 week ago
Patrick O'Doherty	3177e50b14	safeweb: Set Cross-Origin-Opener-Policy for browser requests (#15936 ) Set Cross-Origin-Opener-Policy: same-origin for all browser requests to prevent window.location manipulation by malicious origins. Updates tailscale/corp#28480 Thank you to Triet H.M. Pham for the report. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	9 months ago
Brad Fitzpatrick	8bd04bdd3a	go.mod: bump gorilla/csrf for security fix (#14822 ) For `9dd6af1f6d` Update client/web and safeweb to correctly signal to the csrf middleware whether the request is being served over TLS. This determines whether Origin and Referer header checks are strictly enforced. The gorilla library previously did not enforce these checks due to a logic bug based on erroneous use of the net/http.Request API. The patch to fix this also inverts the library behavior to presume that every request is being served over TLS, necessitating these changes. Updates tailscale/corp#25340 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com> Co-authored-by: Patrick O'Doherty <patrick@tailscale.com>	1 year ago
M. J. Fromberger	6ff85846bc	safeweb: add a Shutdown method to the Server type (#14048 ) Updates #14047 Change-Id: I2d20454c715b11ad9c6aad1d81445e05a170c3a2 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 year ago
Andrew Lytvynov	ddbc950f46	safeweb: add support for custom CSP (#13975 ) To allow more flexibility with CSPs, add a fully customizable `CSP` type that can be provided in `Config` and encodes itself into the correct format. Preserve the `CSPAllowInlineStyles` option as is today, but maybe that'll get deprecated later in favor of the new CSP field. In particular, this allows for pages loading external JS, or inline JS with nonces or hashes (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script) Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Andrew Lytvynov	3477bfd234	safeweb: add support for "/" and "/foo" handler distinction (#13980 ) By counting "/" elements in the pattern we catch many scenarios, but not the root-level handler. If either of the patterns is "/", compare the pattern length to pick the right one. Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Patrick O'Doherty	4ad3f01225	safeweb: allow passing http.Server in safeweb.Config (#13688 ) Extend safeweb.Config with the ability to pass a http.Server that safeweb will use to server traffic. Updates corp#8207 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	1 year ago
Patrick O'Doherty	a3c6a3a34f	safeweb: add StrictTransportSecurityOptions config (#13679 ) Add the ability to specify Strict-Transport-Security options in response to BrowserMux HTTP requests in safeweb. Updates https://github.com/tailscale/corp/issues/23375 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	1 year ago
M. J. Fromberger	5f89c93274	safeweb: add a ListenAndServe method to the Server type (#13498 ) Updates #13497 Change-Id: I398e9fa58ad0b9dc799ea280c9c7a32150150ee4 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 year ago
Andrew Lytvynov	d88be7cddf	safeweb: add Server.Close method (#13160 ) Updates https://github.com/tailscale/corp/issues/14881 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Chris Palmer	7349b274bd	safeweb: handle mux pattern collisions more generally (#11801 ) Fixes #11800 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Chris Palmer	bdfaef4879	safeweb: allow object-src: self in CSP (#11782 ) This change is safe (self is still safe, by definition), and makes the code match the comment. Updates #cleanup Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Chris Palmer	88a7767492	safeweb: set SameSite=Strict, with an option for Lax (#11781 ) Fixes #11780 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Patrick O'Doherty	1535d0feca	safeweb: move http.Serve for HTTP redirects into lib (#11592 ) Refactor the interaction between caller/library when establishing the HTTP to HTTPS redirects by moving the call to http.Serve into safeweb. This makes linting for other uses of http.Serve easier without having to account for false positives created by the old interface. Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 years ago
Andrew Lytvynov	5aa4cfad06	safeweb: detect mux handler conflicts (#11562 ) When both muxes match, and one of them is a wildcard "/" pattern (which is common in browser muxes), choose the more specific pattern. If both are non-wildcard matches, there is a pattern overlap, so return an error. Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Patrick O'Doherty	af61179c2f	safeweb: add opt-in inline style CSP toggle (#11551 ) Allow the use of inline styles with safeweb via an opt-in configuration item. This will append `style-src "self" "unsafe-inline"` to the default CSP. The `style-src` directive will be used in lieu of the fallback `default-src "self"` directive. Updates tailscale/corp#8027 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 years ago
Patrick O'Doherty	b60c4664c7	safeweb: return http.Handler from safeweb.RedirectHTTP (#11538 ) Updates #cleanup Change the return type of the safeweb.RedirectHTTP method to a handler that can be passed directly to http.Serve without any http.HandlerFunc wrapping necessary. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 years ago
Patrick O'Doherty	8f27520633	safeweb: init (#11467 ) Updates https://github.com/tailscale/corp/issues/8027 Safeweb is a wrapper around http.Server & tsnet that encodes some application security defaults. Safeweb asks developers to split their HTTP routes into two http.ServeMuxs for serving browser and API-facing endpoints repsectively. It then wraps these HTTP routes with the context-appropriate security controls. safeweb.Server#Serve will serve the HTTP muxes over the provided listener. Caller are responsible for creating and tearing down their application's listeners. Applications being served over HTTPS that wish to implement HTTP redirects can use the Server#HTTPRedirect handler to do so. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 years ago

18 Commits (dadf15036aba56cbe9cbf2c4f831799a07972ffd)