问题描述
- mino 该文件怎么修改或者删除 crossdomain.xml
安全扫描
- 安全部门认为这是不安全的,所以要处理
已尝试
- 有接触过minio或者修改过该问题的麻烦指教指教
crossdomain.xml 这个配置在源码里面,定义为一个常量,你要修改源码重新编译才行了
源文件路径:minio/cmd/crossdomain-xml-handler.go
package cmd
import "net/http"
// Standard cross domain policy information located at https://s3.amazonaws.com/crossdomain.xml
const crossDomainXML = `<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-doma
in-policy>`
// Standard path where an app would find cross domain policy information.
const crossDomainXMLEntity = "/crossdomain.xml"
// A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player
// or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.
// When clients request content hosted on a particular source domain and that content make requests
// directed towards a domain other than its own, the remote domain needs to host a cross-domain
// policy file that grants access to the source domain, allowing the client to continue the transaction.
func setCrossDomainPolicyMiddleware(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// Look for 'crossdomain.xml' in the incoming request.
if r.URL.Path == crossDomainXMLEntity {
// Write the standard cross domain policy xml.
w.Write([]byte(crossDomainXML))
// Request completed, no need to serve to other handlers.
return
}
h.ServeHTTP(w, r)
})
}
处理步骤:
下载源码:
安装go
修改crossdomain-xml-handler.go里面的配置,如q*.qq.com
在根目录编译:
make
将生成minio执行文件
重构镜像,替换镜像中的minio执行文件
编写:Dockerfile
FROM minio/minio:latest
COPY ./minio /usr/bin/minio
docker build -t minio:latest2 .
构建生成新的镜像
使用新的镜像启动测试:
domain已显示为*.qq.com"