PrivateBin
Replies: 1 comment
-
|
First of all, see https://github.com/PrivateBin/PrivateBin/wiki/FAQ#how-can-i-link-to-a-read-only-mode-where-users-cant-submit-pastes please, for how to properly setup such a system where only some users can submit a paste. Using two instances as you want is possible, but you could also achieve it with web server config etc. Secondly, if you adjust the JS files, you must regenerate the SRI hashes, yes. See the latest doc at https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources for that. For obvious reasons, you must do this after each change of them. You should get browser errors if they don't equal.
Maybe you have changes more than the SRI tokens, or so, so it cannot find them. As said, check your browser errors or HTML source code and compare them. It could also be a caching problem. Also, you can also leave the JS files as they are and only remove the HTML part for the new button instead. Actually, I would recommend this. It's easier and better to maintain. (Note still this can be circumvented by just doing manual requests, please see the doc linked before for how to fix that.) In the future, updating SRI hashes will be easier: #1372 |
Beta Was this translation helpful? Give feedback.
-
Describe the problem/question
Hi Everyone,
I was looking into how to generate links differently than what was originally setup. The reason is because we want to remove the "New" button but if you remove that button no one can make a new paste. We just want to remove the option for customers as if given the option they seem to click everything.
My Thinking:
I would setup glusterfs and mount the data folders so that anything created with privatebin1 (pb1) would be accessible by privatebin2 (pb2)
pb2 would then have an edited template that removes the new button
pb1 changes their generated links from pb1.domain.com/?XXX to pb2.domain.com/?XXX
I'm trying to just change the "pb#.domain.com" section to that of the 2nd privatebin
The hope is that by only changing this it means that the links are now redirecting to the 2nd privatebin and that since the data directory is to be pulled from a mounted shared folder then it should work right?
Well I tried to look for the code to adjust and, not a programmer, just change the baseUri in the privatebin.js on line 521?
Another thing I saw was under https://github.com/PrivateBin/PrivateBin/wiki/Development#subresource-integrity-for-javascript-resources public function create($pasteid, $paste).
Below the part referencing the code for creating a pasteid value there's the part for SRI Token
I tried to use the composer install --no-dev --optimize-autoloader and it looks like it did change the sri token in the bootstrap.php template. Nothing broke right after so I tried the other option: openssl dgst -sha512 -binary js/privatebin.js | openssl enc -base64
Same thing, it told me the new token and put it into the bootstrap.php referencing the javascript file.
The problem with the above is that I then tried to actually edit the .js file, first just removing the comments at the top and it didn't break initially. I then tried to change the baseURi from earlier and now I'm getting the forever loading error.
I tried the generation of a new token again and now it's not updating in the bootstrap template. I manually added the token and no change.
https://github.com/orgs/PrivateBin/discussions/1381
*This link above is the last convo and I tried following the guides on SRI Tokens.
Did you use the FAQ section?
What you did?
All information presented in Problem/Question.
What happens
No response
What should happen
No response
Additional information
No response
Server address
No response
Server OS
Ubuntu 22 Server
Webserver
Apache2
PrivateBin version
v1.7.3
Browser and version
No response
Local operating system and version
No response
Issue reproducibility
No, I cannot reproduce it on https://privatebin.net.
Beta Was this translation helpful? Give feedback.
All reactions