• Jonne Haß's avatar
    Add a token the filename for exported user data · 0a70e51f
    Jonne Haß authored
    Also redirect to it for download, for Amazon S3
    Prior to this patch an attacker could obtain an
    users export by guessing the filename with a high
    chance of success. Fully authenticating the
    download request is a lot harder due to our diverse
    deployment scenarios.
    This brings the used method in line with the photo
    export feature.
    Thanks to @tomekr for the report.
secure_uploader.rb 254 Bytes