mirror/archivebox
1
0
Fork 0
mirror of https://github.com/pirate/ArchiveBox.git synced 2025-08-19 12:51:49 +02:00
Code Issues Releases Wiki Activity

Updated Publishing Your Archive (markdown)

Nick Sweeting
2024-05-10 15:41:52 -07:00
parent bdd15196da
commit f8c2b3e763
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Publishing-Your-Archive.md

@@ -76,6 +76,8 @@ Make sure you thoroughly understand the dangers of [hosting untrusted HTML/JS/CS
The industry standard approach is to use a separate domain for untrusted content, for example Github uses `githubusercontent.com` and Google uses `googleusercontent.com` for all user-uploaded files. If hosting ArchiveBox publicly, do the same and keep it on an isolated domain in order to mitigate potential damage of leaked cookies, CORS, and CSRF attack. The industry standard approach is to use a separate domain for untrusted content, for example Github uses `githubusercontent.com` and Google uses `googleusercontent.com` for all user-uploaded files. If hosting ArchiveBox publicly, do the same and keep it on an isolated domain in order to mitigate potential damage of leaked cookies, CORS, and CSRF attack.
### Protecting the Admin Dashboard
To protect the Admin dashboard, it's also recommended to serve all content under `/archive/` on a separate domain from `/admin/`. We do this on our servers using a simple redirect rule in nginx/cloudflare like so: To protect the Admin dashboard, it's also recommended to serve all content under `/archive/` on a separate domain from `/admin/`. We do this on our servers using a simple redirect rule in nginx/cloudflare like so:
- https://demo.archivebox.io: only serves `/`, redirects `/archive/*` to `demo-static.` - https://demo.archivebox.io: only serves `/`, redirects `/archive/*` to `demo-static.`
@@ -83,6 +85,7 @@ To protect the Admin dashboard, it's also recommended to serve all content under
<img src="https://github.com/ArchiveBox/ArchiveBox/assets/511499/8d855976-3b4a-4fa8-ad52-999b3c3deba4" width="800px" alt="Cloudflare redirect rule for /archive/ to another domain"/> <img src="https://github.com/ArchiveBox/ArchiveBox/assets/511499/8d855976-3b4a-4fa8-ad52-999b3c3deba4" width="800px" alt="Cloudflare redirect rule for /archive/ to another domain"/>
> Note: This is still recommended, but less critical if your `/archive/` folder does not contain any archived JS that could execute on replay (e.g. if you [set `SAVE_WGET=False` and `SAVE_DOM=False`](https://github.com/ArchiveBox/ArchiveBox#security-risks-of-viewing-archived-js)).
More info: More info:
- https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview - https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview