sigoden/dufs

There is a serious issue with obtaining the hash method with "?hash"

jincandev opened this issue · 1 comments

Problem

If hash request parameters are used to obtain resource hashes, it will violate the principles of the HTTP protocol. When parsing resource collections such as m3u8, if the internal sub resources have already been configured with hash request parameters by default, the entire m3u8 resource cannot be fully parsed. For example, if there is a "data. ts?hash=xxxxxx" in the. m3u8 file.
it is recommended to use "xxx/file.exe:hash" to obtain the file hashes

Configuration

Log

Environment:

  • Dufs version:
  • Browser/Webdav info:
  • OS info:
  • Proxy server: e.g. nginx, cloudflare

Any design requires a balance between convenience and safety. In the dufs service, avoiding the use of ?hash should not be difficult.