diff --git a/Teknik/Areas/Privacy/Views/Privacy/Index.cshtml b/Teknik/Areas/Privacy/Views/Privacy/Index.cshtml
index ff3c859..2a02521 100644
--- a/Teknik/Areas/Privacy/Views/Privacy/Index.cshtml
+++ b/Teknik/Areas/Privacy/Views/Privacy/Index.cshtml
@@ -46,13 +46,8 @@
- TeknikAuth - Stores the authentication ticket for a login session.
- TeknikTrustedDevice_<username> - Used for determining if the browser has been trusted by the 2-Factor Auth system.
- - __RequestVerificationToken - Validation Token sent with every request to the server for Anti-Forgery purposes.
+ - TeknikAntiForgery - Validation Token sent with every request to the server for Anti-Forgery purposes.
- Analytics
-
- We use Piwik to track user interaction with the site. We keep it hosted on the server locally, so no analytic data is leaving the server. This will store the first 2 bytes of your IP Address (e.g. 192.168.xxx.xxx) as an identifier. If you do not want to be tracked, enable Do Not Track in your browser (Recommended), or by unchecking below.
-
-
@@ -67,7 +62,7 @@
gitFullUrl = gitUrl.ToString();
}
}
-
Last Modified February 15, 2017 - View History
+
Last Modified June 20th, 2018 - View History
diff --git a/Teknik/Controllers/DefaultController.cs b/Teknik/Controllers/DefaultController.cs
index 3863609..e1970b1 100644
--- a/Teknik/Controllers/DefaultController.cs
+++ b/Teknik/Controllers/DefaultController.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Mvc.ViewEngines;
using Microsoft.AspNetCore.Mvc.ViewFeatures;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Logging;
+using Microsoft.Net.Http.Headers;
using System;
using System.IO;
using System.Threading.Tasks;
@@ -55,7 +56,7 @@ namespace Teknik.Controllers
// Get the Favicon
[HttpGet]
[AllowAnonymous]
- [ResponseCache(Duration = 31536000, Location = ResponseCacheLocation.Any)]
+ [ResponseCache(Duration = 60 * 60 * 24, Location = ResponseCacheLocation.Any)]
public IActionResult Favicon([FromServices] IHostingEnvironment env)
{
string imageFile = FileHelper.MapPath(env, Constants.FAVICON_PATH);
@@ -66,7 +67,7 @@ namespace Teknik.Controllers
// Get the Logo
[HttpGet]
[AllowAnonymous]
- [ResponseCache(Duration = 31536000, Location = ResponseCacheLocation.Any)]
+ [ResponseCache(Duration = 60 * 60 * 24, Location = ResponseCacheLocation.Any)]
public IActionResult Logo([FromServices] IHostingEnvironment env)
{
string imageFile = FileHelper.MapPath(env, Constants.LOGO_PATH);
diff --git a/Teknik/Routes.cs b/Teknik/Routes.cs
index c2bf71c..3bfcdd6 100644
--- a/Teknik/Routes.cs
+++ b/Teknik/Routes.cs
@@ -49,7 +49,7 @@ namespace Teknik
name: "Default.Logo",
domains: new List() { config.Host, config.ShortenerConfig.ShortenerHost },
subDomains: new List() { "*" },
- template: "Logo",
+ template: "logo.svg",
defaults: new { area = "Default", controller = "Default", action = "Logo" }
);
routes.MapSubdomainRoute(
@@ -64,7 +64,7 @@ namespace Teknik
domains: new List() { config.Host, config.ShortenerConfig.ShortenerHost },
subDomains: new List() { "*" },
template: "{url}",
- defaults: new { area = "Default", controller = "Default", action = "NotFound" },
+ defaults: new { area = "Error", controller = "Error", action = "Http404" },
constraints: new { url = "{*url}" }
);
}
diff --git a/Teknik/Scripts/Upload/Upload.js b/Teknik/Scripts/Upload/Upload.js
index c014ae1..a9276e1 100644
--- a/Teknik/Scripts/Upload/Upload.js
+++ b/Teknik/Scripts/Upload/Upload.js
@@ -384,53 +384,57 @@ function uploadComplete(fileID, key, encrypt, token, evt) {
// Cancel out cancel token
token.callback = null;
- var obj = JSON.parse(evt.target.responseText);
- if (obj.result != null) {
- var itemDiv = $('#upload-panel-' + fileID);
- if (itemDiv) {
- var name = obj.result.name;
- var fullName = obj.result.url;
- if (encrypt) {
- fullName = fullName + '#' + key;
+ try {
+ var obj = JSON.parse(evt.target.responseText);
+ if (obj.result != null) {
+ var itemDiv = $('#upload-panel-' + fileID);
+ if (itemDiv) {
+ var name = obj.result.name;
+ var fullName = obj.result.url;
+ if (encrypt) {
+ fullName = fullName + '#' + key;
+ }
+ var contentType = obj.result.contentType;
+ var contentLength = obj.result.contentLength;
+ var deleteUrl = obj.result.deleteUrl;
+
+ // Set progress bar
+ setProgress(fileID, 100, 'progress-bar-success', '', 'Complete');
+
+ // Set the panel to success
+ itemDiv.find('.panel').addClass('panel-success');
+
+ // Add the upload details
+ itemDiv.find('#upload-url').val(name);
+ itemDiv.find('#upload-link').attr('href', fullName);
+ itemDiv.find('#upload-link').text(fullName);
+ itemDiv.find('#upload-contentType').html(contentType);
+ itemDiv.find('#upload-contentLength').html(contentLength);
+
+ // Setup the buttons
+ linkUploadDelete(itemDiv.find('#delete-link'), deleteUrl);
+ linkShortenUrl(itemDiv.find('#shortenUrl'), fileID, fullName);
+
+ // Hide the progress bar
+ itemDiv.find('#upload-progress-panel').hide();
+
+ // Show the details
+ itemDiv.find('#upload-link-panel').show();
+
+ // Allow actions for all uploads
+ $('#upload-action-buttons').show();
}
- var contentType = obj.result.contentType;
- var contentLength = obj.result.contentLength;
- var deleteUrl = obj.result.deleteUrl;
-
- // Set progress bar
- setProgress(fileID, 100, 'progress-bar-success', '', 'Complete');
-
- // Set the panel to success
- itemDiv.find('.panel').addClass('panel-success');
-
- // Add the upload details
- itemDiv.find('#upload-url').val(name);
- itemDiv.find('#upload-link').attr('href', fullName);
- itemDiv.find('#upload-link').text(fullName);
- itemDiv.find('#upload-contentType').html(contentType);
- itemDiv.find('#upload-contentLength').html(contentLength);
-
- // Setup the buttons
- linkUploadDelete(itemDiv.find('#delete-link'), deleteUrl);
- linkShortenUrl(itemDiv.find('#shortenUrl'), fileID, fullName);
-
- // Hide the progress bar
- itemDiv.find('#upload-progress-panel').hide();
-
- // Show the details
- itemDiv.find('#upload-link-panel').show();
-
- // Allow actions for all uploads
- $('#upload-action-buttons').show();
+ }
+ else {
+ var errorMessage = 'Unable to Upload File';
+ if (obj.error != null) {
+ errorMessage = obj.error.message;
+ }
+ setProgress(fileID, 100, 'progress-bar-danger', '', errorMessage);
}
}
- else
- {
- var errorMessage = 'Unable to Upload File';
- if (obj.error != null) {
- errorMessage = obj.error.message;
- }
- setProgress(fileID, 100, 'progress-bar-danger', '', errorMessage);
+ catch {
+ setProgress(fileID, 100, 'progress-bar-danger', '', 'Unable to Upload File');
}
}
diff --git a/Teknik/Startup.cs b/Teknik/Startup.cs
index 42cb814..b217cd3 100644
--- a/Teknik/Startup.cs
+++ b/Teknik/Startup.cs
@@ -28,6 +28,7 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Teknik.Security;
using Teknik.Attributes;
using Teknik.Filters;
+using Microsoft.Net.Http.Headers;
namespace Teknik
{
@@ -77,7 +78,7 @@ namespace Teknik
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
- options.MinimumSameSitePolicy = SameSiteMode.None;
+ options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;
});
// Setup Authentication Service
@@ -85,7 +86,7 @@ namespace Teknik
.AddCookie(options =>
{
options.Cookie.Domain = null;
- options.Cookie.Name = "TeknikAuthCore";
+ options.Cookie.Name = "TeknikAuth";
options.LoginPath = "/User/User/Login";
options.LogoutPath = "/User/User/Logout";
options.EventsType = typeof(TeknikCookieAuthenticationEvents);
@@ -100,7 +101,7 @@ namespace Teknik
services.AddHttpsRedirection(options =>
{
- options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
+ options.RedirectStatusCode = StatusCodes.Status301MovedPermanently;
});
// Sessions
@@ -108,6 +109,9 @@ namespace Teknik
services.AddMemoryCache();
services.AddSession();
+ // Set the anti-forgery cookie name
+ services.AddAntiforgery(options => options.Cookie.Name = "TeknikAntiForgery");
+
// Core MVC
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
@@ -147,10 +151,6 @@ namespace Teknik
//app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
- else
- {
- //app.UseHsts();
- }
// Performance Monitor the entire request
app.UsePerformanceMonitor();
@@ -164,12 +164,26 @@ namespace Teknik
// Cache Responses
app.UseResponseCaching();
+ // Force a HTTPS redirection (301)
app.UseHttpsRedirection();
- app.UseStaticFiles();
+
+ // Setup static files anc cache them client side
+ app.UseStaticFiles(new StaticFileOptions
+ {
+ OnPrepareResponse = ctx =>
+ {
+ const int durationInSeconds = 60 * 60 * 24;
+ ctx.Context.Response.Headers[HeaderNames.CacheControl] = "public,max-age=" + durationInSeconds;
+ }
+ });
+
+ // Enable Cookie Policy
app.UseCookiePolicy();
+ // Authorize all the things!
app.UseAuthentication();
+ // And finally, let's use MVC
app.UseMvc(routes =>
{
routes.BuildRoutes(config);