SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

release: v4.8.11 file transfer reliability fix
CodeQL Analysis / Analyze CodeQL (push) Waiting to run
Details
Deploy Application / deploy (push) Waiting to run
Details
Mirror to Codeberg / mirror (push) Waiting to run
Details
Mirror to PrivacyGuides / mirror (push) Waiting to run
Details

Browse Source 
fix(file-transfer): size chunks under the 64KB SCTP message limit

Each 64KB chunk became a ~87KB AES-GCM+Base64 file_chunk message,
exceeding WebRTC's 64KB SCTP message-size floor. The consent handshake
(small messages) succeeded, but no chunk was ever delivered on Safari
and cross-browser connections whose SDP omits a=max-message-size, so
files never transferred. Send chunk size is now 16KB (~22KB on the
wire); inbound chunks up to 64KB stay accepted for backward compat.

fix(file-transfer): make MIME advisory, drive validation by extension

The client-supplied MIME type is easily spoofed and varies across
browsers/OSes, yet was a hard gate: files with an empty MIME or a
cross-OS variant (application/x-zip-compressed, image/jpg) were wrongly
rejected. Extension allow-list plus BLOCKED_EXTENSIONS is now the
boundary; a blatantly foreign MIME on a safe extension is still rejected
and per-type size limits still apply.
This commit is contained in:
lockbitchat
2026-06-16 18:24:29 -04:00
parent 9244250835
commit be1d02f1f7
10 changed files with 133 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
index.html
+5 -5
View File
@@ -113,7 +113,7 @@
<!-- GitHub Pages SEO -->
<meta name="description" content="SecureBit.chat v4.8.10 — P2P messenger with ECDH + DTLS + SAS security and 18-layer military-grade cryptography">
<meta name="description" content="SecureBit.chat v4.8.11 — P2P messenger with ECDH + DTLS + SAS security and 18-layer military-grade cryptography">
<meta name="keywords" content="P2P messenger, ECDH, DTLS, SAS, encryption, WebRTC, privacy, ASN.1 validation, military-grade security, 18-layer defense, MITM protection, PFS">
<meta name="author" content="Volodymyr">
<link rel="canonical" href="https://github.com/SecureBitChat/securebit-chat/">
@@ -148,13 +148,13 @@
<!-- Update Manager - система принудительного обновления -->
<script src="src/utils/updateManager.js"></script>
<script type="module" src="src/components/UpdateChecker.jsx"></script>
<script type="module" src="dist/qr-local.js?v=1781588965220"></script>
<script type="module" src="src/components/QRScanner.js?v=1781588965220"></script>
<script type="module" src="dist/qr-local.js?v=1781648539643"></script>
<script type="module" src="src/components/QRScanner.js?v=1781648539643"></script>
</head>
<body>
<div id="root"></div>
<script type="module" src="dist/app-boot.js?v=1781588965220"></script>
<script type="module" src="dist/app.js?v=1781588965220"></script>
<script type="module" src="dist/app-boot.js?v=1781648539643"></script>
<script type="module" src="dist/app.js?v=1781648539643"></script>
<script src="src/scripts/pwa-register.js"></script>
<script src="./src/pwa/install-prompt.js" type="module"></script>