mirror of
https://github.com/kovidgoyal/calibre.git
synced 2025-07-09 03:04:10 -04:00
...
This commit is contained in:
parent
734a0ba2e2
commit
5955aa775f
@ -69,6 +69,13 @@ class AuthController(object):
|
|||||||
cookies are passed to the download process. The cookie expires after
|
cookies are passed to the download process. The cookie expires after
|
||||||
MAX_AGE seconds.
|
MAX_AGE seconds.
|
||||||
|
|
||||||
|
The android browser appears to send a GET request to the server and only if
|
||||||
|
that request succeeds is the download handed off to the download process.
|
||||||
|
Therefore, even if the user clicks Get after MAX_AGE, it should still work.
|
||||||
|
In fact, we could reduce MAX_AGE, but we leave it high as the download
|
||||||
|
process might have downloads queued and therefore not start the download
|
||||||
|
immediately.
|
||||||
|
|
||||||
Note that this makes the server vulnerable to session-hijacking (i.e. some
|
Note that this makes the server vulnerable to session-hijacking (i.e. some
|
||||||
one can sniff the traffic and create their own requests to /get with the
|
one can sniff the traffic and create their own requests to /get with the
|
||||||
appropriate cookie, for an hour). The fix is to use https, but since this
|
appropriate cookie, for an hour). The fix is to use https, but since this
|
||||||
|
Loading…
x
Reference in New Issue
Block a user