1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
Source: camo
Maintainer: Zulip Debian Packaging Team <debian@zulip.com>
Uploaders: Luke Faraone <lfaraone@debian.org>
Section: web
Priority: optional
Build-Depends: debhelper-compat (= 13),
coffeescript,
rake,
ruby-rest-client,
ruby-addressable,
procps
Standards-Version: 4.7.0
Vcs-Browser: https://salsa.debian.org/debian/camo
Vcs-Git: https://salsa.debian.org/debian/camo.git
Homepage: https://github.com/atmos/camo
Rules-Requires-Root: no
Package: camo
Architecture: all
Depends: nodejs,
${misc:Depends},
openssl
Pre-Depends: ${misc:Pre-Depends},
init-system-helpers
Description: SSL/TLS image proxy to prevent mixed-content warnings
Camo is an image proxy to prevent mixed content warnings on secure
pages.
.
It should not be installed by an end-user; instead people who operate
websites that allow user-specified image embeds by URL can run this as
a daemon to proxy such images through their own servers and serve the
resulting content over SSL/TLS.
.
This provides integrity protection and last-mile confidentiality to
images, thus preventing a local network attacker from seeing the images
you request (allowing for possible disclosure of the content you're
viewing) or changing their content (to misinform, confuse, or shock).
.
It of course does not prevent an attacker from modifying the content or
noticing its access if the attacker is in the path between your
datacentre and the image source.
.
However, even in this case, it provides some security insofar as it
may prevent the attacker from knowing who is accessing the image.
.
Using a shared key, proxy URLs are encrypted with hmac so we can bust
caches/ban/rate limit if needed.
.
Features include:
* Proxy Google charts
* Proxy images under 5 MB
* Follow redirects to a configurable depth
* Proxy remote images with a content-type of image/*
* Disallows proxying to private IP ranges
|
