Ellie Goulding - Stay Awake (kors k Hardcore Bootleg).mp3
- 👆 the read-only demo server at https://a.ocv.me/pub/demo/
breaking changes
but nothing is affected (that i know of):
- all requests must pass cors validation
- but they almost definitely did already
- sharex and others are OK since they don't supply an
Originheader
- API calls
?deleteand?moveare now POST instead of GET- not aware of any clients using these
known issues
- the document sandbox is a bit laggy and sometimes eats hotkeys
- disable it with
--no-sb-md --no-sb-lgif you trust everyone who has write and/or move access
- disable it with
new features
- event hooks -- run programs on new uploads, renames, deletes
- configurable cors (cross-origin resource sharing) behavior; defaults are mostly same as before
--allow-csrfdisables all csrf protections and makes it intentionally trivial to send authenticated requests from other domains
- sandboxed readme.md / prologues / epilogues
- documents can still run scripts like before, but can no longer tamper with the web-ui / read the login session, so the old advice of
--no-readmeand--no-loguesis mostly deprecated - unfortunately disables hotkeys while the text has focus + blocks dragdropping files onto that area, oh well
- documents can still run scripts like before, but can no longer tamper with the web-ui / read the login session, so the old advice of
- password can be provided through http header
PW:(instead of cookiecppwdor or url-param?pw) - detect network changes (new NICs, IPs) and reconfigure / reannoucne zeroconf
- fixes mdns when running as a systemd service and copyparty is started before networking is up
- add
--freebindto start listening on IPs before the NIC is up yet (linux-only) - per-volume deduplication-control with volflags
hardlink,neversymlink,copydupes - detect curl and return a colorful, sortable plaintext directory listing instead
- add optional powered-by-copyparty footnode on the controlpanel
- can be disabled with
-nbor redirected with--pb-url
- can be disabled with
bugfixes
- change some API calls (
?delete,?move) fromGETtoPOST- don't panic! this was safe against authenticated csrf thanks to SameSite=Lax
--getmodrestores the GETs if you need the convenience and accept the risks
- u2cli (command-line uploader):
- recover from network hiccups
- add
-nsfor slow uefi TTYs
- separate login cookies for http / https
- avoids an https login from getting accidentally sent over plaintext
- sadly no longer possible to login with internet explorer 4.0 / windows 3.11
- tar/zip-download of hidden folders
- unpost filtering was buggy for non-ascii characters
- moving a deduplicated file on a volume where deduplication was since disabled
- improved the linux 6.0.16 kernel bug workaround because there is similar funk in 5.x
- add custom text selection colors because chrome is currently broken on fedora
- blockdevs (
/dev/nvme0n1) couldn't be downloaded as files - misc fixes for location-based reverse-proxying
- macos dualstack thing
other changes
- added a collection of cursed usecases
- and comparisons to similar software in case you ever wanna jump ship