Files
wisp/client
explewd 121dbe81f1
All checks were successful
Docker / build-and-push (push) Successful in 3m8s
Add a hash-based password bypass link
The upload password gate can now be skipped with a bookmarkable
#psst=<sha256-hash> fragment instead of typing the password each time.
The server accepts either the plaintext password (X-Upload-Password) or
its SHA-256 hash (X-Upload-Password-Hash), compared timing-safely. The
client computes the hash locally after a normal password entry, so the
bypass link never contains the real password — only a one-way digest of
it, kept out of the URL query string (and thus server logs) by living in
the fragment, same as the decryption key.
2026-07-09 19:48:56 +02:00
..
2026-07-09 19:48:56 +02:00