Open
Conversation
Also remove some obsolete build parameters (suggested by XCode)
This adds a new NSTextfield for a "secret key" which is sent with the image's upload request. OpenSSL is used to base64-encode the token, as a HTTP Header needs to be 7Bit ASCII clean, as per RFC1945.
Use the $_SERVER array to get to the HTTP-Request-Header data.
This may be usefull to people with a self-signed SSL certificate, which they themselves have marked as valid, but other people receiving the link might not.
The user may choose to re-edit the URL or ignore the error, for ever (saved to NSUserDefaults).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi there,
I've been using Scrup for a few weeks now and have fallen in love with it, but the authentication-thing has also been bugging me.
I understand that transmitting a secret key together with an upload request over an insecure connection is not "secure" either (as you mentioned in the PR of 16a2da6), but there are a few points to this change:
So, I took the freedom of forking your code and came up with this:
I've also thought about enforcing the use of HTTPS if the secret is set (as you suggested), but I came to the conclusion that this may be limiting pro-users.
I tried to keep it simple, please let me know what you think! I'd really like to see such a feature in Scrup, but probably don't have the experience to properly maintain a fork for long. :o
Also, please be gentle with my Objective-C, it's not exactly my every-other-day language. :-)