dutchcoders/transfer.sh
1
0
Fork 0
mirror of https://github.com/dutchcoders/transfer.sh.git synced 2026-02-03 14:13:26 +00:00
Code Issues 48 Actions Packages Projects Releases Wiki Activity

Permission problems SSO? #91

New Issue
Closed
opened 2026-01-19 18:28:56 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:28:56 +00:00
Owner
Copy Link

Originally created by @mg-dev25 on GitHub.

Hello, I tried multiple command on multiple SHELL and computer, but it seems that I miss something.

Transfer.sh is installed on my Yunohost server, the installation work fine I can connect to the webpage, give my credential, and upload and download my file using the graphic interface of the web browser.

The problems are with the terminal, I tried with Wget, curl, and the function transfer, but it's not working. Maybe it's because of the security (SSO) identification?

Here are some of the command that I have used.

transfer dns.txt
wget --method PUT --body-file=dns.txt https://transfer.mg-dev25.com/dns.txt -O - -nv
curl -v --upload-file ./dns.txt https://transfer.mg-dev25.com/dns.txt

The curl command gives me some debugging information if it can help.

Trying 130.180.211.149:443...

  • Connected to transfer.mg-dev25.com (130.180.211.149) port 443 (#0)
  • ALPN: offers h2
  • ALPN: offers http/1.1
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: none
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN: server accepted h2
  • Server certificate:
  • subject: CN=transfer.mg-dev25.com
  • start date: Oct 29 14:37:04 2022 GMT
  • expire date: Jan 27 14:37:03 2023 GMT
  • subjectAltName: host "transfer.mg-dev25.com" matched cert's "transfer.mg-dev25.com"
  • issuer: C=US; O=Let's Encrypt; CN=R3
  • SSL certificate verify ok.
  • Using HTTP2, server supports multiplexing
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • h2h3 [:method: PUT]
  • h2h3 [:path: /dns.txt]
  • h2h3 [:scheme: https]
  • h2h3 [:authority: transfer.mg-dev25.com]
  • h2h3 [user-agent: curl/7.85.0]
  • h2h3 [accept: /]
  • h2h3 [content-length: 749]
  • Using Stream ID: 1 (easy handle 0x5615b9efab20)

PUT /dns.txt HTTP/2
Host: transfer.mg-dev25.com
user-agent: curl/7.85.0
accept: /
content-length: 749

  • We are completely uploaded and fine
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • old SSL session ID is stale, removing
  • Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
    < HTTP/2 200
    < server: nginx
    < date: Tue, 01 Nov 2022 08:00:49 GMT
    < content-type: text/plain
    < content-length: 44
    < x-sso-wat: You've just been SSOed
    < x-made-with: <3 by DutchCoders
    < x-served-by: Proudly served by DutchCoders
    < x-url-delete: https://transfer.mg-dev25.com/qDlRVy/dns.txt/Uf0FNrJImyPi
    < content-security-policy: upgrade-insecure-requests
    < x-content-type-options: nosniff
    < x-xss-protection: 1; mode=block
    < x-download-options: noopen
    < x-permitted-cross-domain-policies: none
    < x-frame-options: SAMEORIGIN
    < permissions-policy: interest-cohort=()
    < strict-transport-security: max-age=63072000; includeSubDomains; preload
    <
  • Connection #0 to host transfer.mg-dev25.com left intact

And here are the log from my server.

https://paste.yunohost.org/zacazirunu

Thanks for your helps.

Originally created by @mg-dev25 on GitHub. Hello, I tried multiple command on multiple SHELL and computer, but it seems that I miss something. Transfer.sh is installed on my Yunohost server, the installation work fine I can connect to the webpage, give my credential, and upload and download my file using the graphic interface of the web browser. The problems are with the terminal, I tried with Wget, curl, and the function transfer, but it's not working. Maybe it's because of the security (SSO) identification? Here are some of the command that I have used. transfer dns.txt wget --method PUT --body-file=dns.txt https://transfer.mg-dev25.com/dns.txt -O - -nv curl -v --upload-file ./dns.txt https://transfer.mg-dev25.com/dns.txt The curl command gives me some debugging information if it can help. > Trying 130.180.211.149:443... > * Connected to transfer.mg-dev25.com (130.180.211.149) port 443 (#0) > * ALPN: offers h2 > * ALPN: offers http/1.1 > * CAfile: /etc/ssl/certs/ca-certificates.crt > * CApath: none > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS handshake, Server hello (2): > * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): > * TLSv1.3 (IN), TLS handshake, Certificate (11): > * TLSv1.3 (IN), TLS handshake, CERT verify (15): > * TLSv1.3 (IN), TLS handshake, Finished (20): > * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): > * TLSv1.3 (OUT), TLS handshake, Finished (20): > * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 > * ALPN: server accepted h2 > * Server certificate: > * subject: CN=transfer.mg-dev25.com > * start date: Oct 29 14:37:04 2022 GMT > * expire date: Jan 27 14:37:03 2023 GMT > * subjectAltName: host "transfer.mg-dev25.com" matched cert's "transfer.mg-dev25.com" > * issuer: C=US; O=Let's Encrypt; CN=R3 > * SSL certificate verify ok. > * Using HTTP2, server supports multiplexing > * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 > * h2h3 [:method: PUT] > * h2h3 [:path: /dns.txt] > * h2h3 [:scheme: https] > * h2h3 [:authority: transfer.mg-dev25.com] > * h2h3 [user-agent: curl/7.85.0] > * h2h3 [accept: */*] > * h2h3 [content-length: 749] > * Using Stream ID: 1 (easy handle 0x5615b9efab20) > > PUT /dns.txt HTTP/2 > > Host: transfer.mg-dev25.com > > user-agent: curl/7.85.0 > > accept: */* > > content-length: 749 > > > * We are completely uploaded and fine > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): > * old SSL session ID is stale, removing > * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! > < HTTP/2 200 > < server: nginx > < date: Tue, 01 Nov 2022 08:00:49 GMT > < content-type: text/plain > < content-length: 44 > < x-sso-wat: You've just been SSOed > < x-made-with: <3 by DutchCoders > < x-served-by: Proudly served by DutchCoders > < x-url-delete: https://transfer.mg-dev25.com/qDlRVy/dns.txt/Uf0FNrJImyPi > < content-security-policy: upgrade-insecure-requests > < x-content-type-options: nosniff > < x-xss-protection: 1; mode=block > < x-download-options: noopen > < x-permitted-cross-domain-policies: none > < x-frame-options: SAMEORIGIN > < permissions-policy: interest-cohort=() > < strict-transport-security: max-age=63072000; includeSubDomains; preload > < > * Connection #0 to host transfer.mg-dev25.com left intact And here are the log from my server. https://paste.yunohost.org/zacazirunu Thanks for your helps.
michael commented 2026-01-19 18:28:56 +00:00
Author
Owner
Copy Link

@paolafrancesca commented on GitHub:

hello @mg-dev25

from the server logs it seems you do a GET requesto to the delete url (https://transfer.mg-dev25.com/qDlRVy/dns.txt/Uf0FNrJImyPi). It returns 405, method not allowed, because that url accepts DELETE request

I tried curl -v --upload-file ./hello.txt https://transfer.mg-dev25.com/hello.txt and the server seems to work properly: https://transfer.mg-dev25.com/z5vibr/hello.txt

the final upload url is print on stdout with no trailing newline, so it will be joined with the prompt of the shell

you might have missed it when making the curl request: it's missing indeed for the output you shared

@paolafrancesca commented on GitHub: hello @mg-dev25 from the server logs it seems you do a `GET` requesto to the delete url (https://transfer.mg-dev25.com/qDlRVy/dns.txt/Uf0FNrJImyPi). It returns 405, method not allowed, because that url accepts `DELETE` request I tried `curl -v --upload-file ./hello.txt https://transfer.mg-dev25.com/hello.txt` and the server seems to work properly: https://transfer.mg-dev25.com/z5vibr/hello.txt the final upload url is print on stdout with no trailing newline, so it will be joined with the prompt of the shell you might have missed it when making the curl request: it's missing indeed for the output you shared
michael commented 2026-01-19 18:28:56 +00:00
Author
Owner
Copy Link

@mg-dev25 commented on GitHub:

Hi, thanks for the help, it resolves my issue. I also update the transfer function on the one that is with in the Git page, which add more dialogue and information like download command, delete token, etc.

The transfer function indicate in the website simple used case is not the same, maybe it needs to be updated?

@mg-dev25 commented on GitHub: Hi, thanks for the help, it resolves my issue. I also update the transfer function on the one that is with in the Git page, which add more dialogue and information like download command, delete token, etc. The transfer function indicate in the website simple used case is not the same, maybe it needs to be updated?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
docker
enhancement
hacktoberfest
help wanted
invalid
question
storage provider
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#91
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?