The Throwback (retro) template. With large folder and mobile support.

[LeoNeeson]

@bmartino: I agree, the 'Throwback7rev1-preview.tpl' code I've uploaded here, is ready to be tweaked (it only need a few adjustments to be working). If DJ, Mars, or any other macro experts could have a look, it would be great. I also have on stand by my other two templates (Remote Upload and Contact form), and I hope to have some free time on the upcoming weekends to continue them (but I can't promise anything).
Cheers!
Leo.-

[dj]

Throwback7rev with delete
Alternativ you can use a a modal dialog

I'm on holiday next week

[LeoNeeson]

Throwback7rev with delete
Alternativ you can use a a modal dialog

I'm on holiday next week

@DJ: Today I was trying to add the rest of the functions, but before touching the code, I found that after your modifications the modal dialog doesn't show up. I've spent a good time trying to figure out the error, but I can't find the way to fix it. There must be a typo somewhere, I guess...

[dj]

@DJ: Today I was trying to add the rest of the functions, but before touching the code, I found that after your modifications the modal dialog doesn't show up. I've spent a good time trying to figure out the error, but I can't find the way to fix it. There must be a typo somewhere, I guess...

I tested it again and it works in Chrome, FF and Edge.
Which browser do you use? Report the webconsole errors?

I added a version, which also works in IE11.

[LeoNeeson]

I tested it again and it works in Chrome, FF and Edge.
Which browser do you use? Report the webconsole errors?

I added a version, which also works in IE11.

@DJ: It looks like the 'forEach' function is not recognized. I've tested several not-so-updated browsers:

In Chrome 31 (old version), the console shows this error:

Code: [Select]

Uncaught TypeError: Object #<NodeList> has no method 'forEach' (index):130
In Firefox 24 ESR (old version), the console shows this error:

Code: [Select]

TypeError: document.querySelectorAll(...).forEach is not a function
In Firefox (another old version), the console shows this error:

Code: [Select]

Error: document.querySelectorAll(".option_button").forEach is not a function
In KMeleon (an old fork of Firefox), the console shows this error:

Code: [Select]

Error: TypeError: document.querySelectorAll(...).forEach is not a function
On QtWeb (an old fork of Chrome), the console shows this error:

Code: [Select]

TypeError: 'undefined' is not a function (evaluating 'document.querySelectorAll(".option_button").forEach(function(o){o.onclick=function(){window.alert(o.value)}})')
Differences:

In Throwback7rev2.tpl there is no modal dialog at all (and the 'Uncaught TypeError' shows up on the console only once, when loading the page).

In Throwback7rev2.2.tpl the modal dialog shows up, but the file doesn't get deleted (it asks: 'Delete filename.xxx?', but when clicking on 'OK' the 'Uncaught TypeError' shows up again on the console (this error also appears when loading the page).

It would be great if we can use another function compatible with those browsers. I'm not expert on these matters, but perhaps using for loop instead of forEach, could solve this problem (or else using another methods).

[bmartino1]

@DJ: It looks like the 'forEach' function is not recognized. I've tested several not-so-updated browsers:

In Chrome 31 (old version), the console shows this error:

Code: [Select]

Uncaught TypeError: Object #<NodeList> has no method 'forEach' (index):130
In Firefox 24 ESR (old version), the console shows this error:

Code: [Select]

TypeError: document.querySelectorAll(...).forEach is not a function
In Firefox (another old version), the console shows this error:

Code: [Select]

Error: document.querySelectorAll(".option_button").forEach is not a function
In KMeleon (an old fork of Firefox), the console shows this error:

Code: [Select]

Error: TypeError: document.querySelectorAll(...).forEach is not a function
On QtWeb (an old fork of Chrome), the console shows this error:

Code: [Select]

TypeError: 'undefined' is not a function (evaluating 'document.querySelectorAll(".option_button").forEach(function(o){o.onclick=function(){window.alert(o.value)}})')
Differences:

In Throwback7rev2.tpl there is no modal dialog at all (and the 'Uncaught TypeError' shows up on the console only once, when loading the page).

In Throwback7rev2.2.tpl the modal dialog shows up, but the file doesn't get deleted (it asks: 'Delete filename.xxx?', but when clicking on 'OK' the 'Uncaught TypeError' shows up again on the console (this error also appears when loading the page).

It would be great if we can use another function compatible with those browsers. I'm not expert on these matters, but perhaps using for loop instead of forEach, could solve this problem (or else using another methods).

or setup if statement to check if it can run then run if it can
https://www.w3.org/community/webed/wiki/Optimizing_content_for_different_browsers:_the_RIGHT_way

Why feature detection is better
Feature detection is a much better way to do things — instead of seeing what browser is accessing the content and serving appropriate code, the idea here is to query the browser to detect whether it supports the features our content relies on, and then serve content as appropriate. Let's take HTML5 video as an example. You could detect support using some simple code such as this:

javascript code:

Code: [Select]

if(!!document.createElement('video').canPlayType === true) {
  // run some code that relies on HTML5 video
} else {
  // do something else
}
This is much more future proof, because existing browsers that support HTML5 video will run the correct code, and future browsers that support HTML5 video will do as well. You don't have to keep updating your code each time a new browser is released.

[dj]

It would be great if we can use another function compatible with those browsers. I'm not expert on these matters, but perhaps using for loop instead of forEach, could solve this problem (or else using another methods).

Yes, I replaced the forEach with a loop in rev2.2.
The problem isn't the Array.forEach, it's the Nodelist.forEach.

[bmartino1]

?
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/forEach

https://www.w3schools.com/jsref/jsref_forEach.asp

[bmartino1]

That uses a browser's built in (or not) basic auth pop-up login box.  Support for that is diminishing.  We need an html login form instead. 

I think it would be elegant to add a real html login form into the error handler [unauthorized] section, because it is the default landing page for all browsers that don't have a basic auth login box built in.  So, then, instead of a nonstop error, you'd just log in (with a real login form).  It is very nice when error pages actually solve errors.  However, still need that login form. 
Code for it should probably have form and post tags.

So I'm looking into this more and more,  and getting a bit more Info to attempt to begin codeing and testing this form login page...

Login form for HFS...
website key notes and code sources:

http://blog.stevensanderson.com/2008/08/25/using-the-browsers-native-login-prompt/
https://www.w3schools.com/howto/howto_css_login_form.asp
https://www.formget.com/javascript-login-form/
HFS default template...
?raybob script for filezilla
?stunnel for security? ...

Looks like it will be a basic form page with Passing macro credentials of the users to hfs.

Rayboy; Has some similar code from fhfs for filezilla...

ATM, it looks like there will be a need for a basic stunnel config as regardless of encoding, it still clear text over the internet....

////////////////////////////////////////
ATM , But not finding a good solution/way to parse that to hfs for the ability to login nor pas its credentials?

Mars/Rejeto might have some answer/Clues.
*(may even have to have a special link hard coded to hfs (but this may become insecure/ create a vulnerability...

So, here is a sample of that code (still writing and some what untested, but to show you what i have atm:

Code will uses basic browser form to pass authentication ... ATM still using hfs default template code and login link...

Working form, but no parse macro code atm...:

Code: [Select]


<!DOCTYPE html>
<!-- I should be in a VITURAL FOLDER! called AUTH -->
<html>
<head>
<meta charset=UTF-8 />
<meta name="viewport" content="width=device-width, initial-scale=1">
    <title>HFS Login Form</title>
<link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
    <script type="text/javascript" src="/?mode=jquery"></script>
<link rel="shortcut icon" href="/favicon.ico">
<style class='trash-me'>
.onlyscript, button[onclick] { display:none; }
</style>
    <script>
    // this object will store some %symbols% in the javascript space, so that libs can read them
    HFS = { folder:'{.js encode|%folder%.}', number:%number%, paged:{.!option.paged.} };
    </script>
<script type="text/javascript" src="/?mode=section&id=lib.js"></script>
</head>

[box login]
<fieldset id='login'>
<legend><img src="/~img27"> {.!User.}</legend>
<center>
{.if| {.length|%user%.} |{:
            %user%
            {.if|{.can change pwd.} |
                <button onclick='changePwd.call(this)' style='font-size:x-small;'>{.!Change password.}</button>
            .}
            :}
            | <a href="~login">Login</a>
        .}
</center>
</fieldset>       

[lib.js|no log]
<script>
function changePwd() {
    ezprompt(this.innerHTML, {type:'password'}, function(s){
        if (s) ajax('changepwd', {'new':s}, getStdAjaxCB([
            "!{.!Password changed, you'll have to login again..}",
            '>~login'
        ]));
    });
}//changePwd
</script>

[]
<!-- Fix Permission to folder upload access (hfs macro) for login to authenticate may not be needed -->
{.set item|%folder%|add upload=@anyone.}

<!-- include css file here-->
    <style> /* below line is write to use google font online  */
@import url(http://fonts.googleapis.com/css?family=Ubuntu);
 
h2{
 background-color: #FEFFED;
 padding: 30px 35px;
 margin: -10px -50px;
 text-align:center;
 border-radius: 10px 10px 0 0;
}
 
hr{
 margin: 10px -50px;
 border: 0;
 border-top: 1px solid #ccc;
 margin-bottom: 40px;
}
 
div.container{
 width: 900px;
 height: 610px;
 margin:35px auto;
 font-family: 'Ubuntu', sans-serif;
}
 
div.main{
 width: 300px;
 padding: 10px 50px 25px;
 border: 2px solid gray;
 border-radius: 10px;
 font-family: raleway;
 float:left;
 margin-top:50px;
}
 
input[type=text],input[type=password]{
 width: 100%;
 height: 40px;
 padding: 5px;
 margin-bottom: 25px;
 margin-top: 5px;
 border: 2px solid #ccc;
 color: #4f4f4f;
 font-size: 16px;
 border-radius: 5px;
}

label{
 color: #464646;
 text-shadow: 0 1px 0 #fff;
 font-size: 14px;
 font-weight: bold;
}

center{
 font-size:32px;
}

.note{
 color:red;
}
 
.valid{
 color:green;
}

.back{
 text-decoration: none;
 border: 1px solid rgb(0, 143, 255);
 background-color: rgb(0, 214, 255);
 padding: 3px 20px;
 border-radius: 2px;
 color: black;
}
 
input[type=button]{
 font-size: 16px;
 background: linear-gradient(#ffbc00 5%, #ffdd7f 100%);
 border: 1px solid #e5a900;
 color: #4E4D4B;
 font-weight: bold;
 cursor: pointer;
 width: 100%;
 border-radius: 5px;
 padding: 10px 0;
 outline:none;
}
 
input[type=button]:hover{
 background: linear-gradient(#ffdd7f 5%, #ffbc00 100%);
}

.fugo{
 float:right;
} </style>

<!-- include javascript file here-->
    <script>

var attempt = 3; //Variable to count number of attempts

//Below function Executes on click of login button
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;

if ( username == "" && password == ""){
alert ("Login successfully");
window.location = "/"; //redirecting to other page
return false;
}
else{
attempt --;//Decrementing by one
alert("You have left "+attempt+" attempt;");

//Disabling fields after 3 attempts
if( attempt == 0){
document.getElementById("username").disabled = true;
producePrompt('Disabled', 'uname-error', 'red');
document.getElementById("password").disabled = true;
producePrompt('Disabled', 'pw-error', 'red');
document.getElementById("login").disabled = true;
producePrompt('Disabled', 'submit-error', 'red');
return false;
}
}
}
</script>
     

  <body>
<div class="container">
  <div class="main">
<h2>Login Form</h2><hr/>
<form id="form_id" method="post" name="myform">
  <label for="uname">User Name :</label></br>
  <input type="text" class="form-control" tabindex="1" placeholder="Please Enter Your Username" name="username" id="username" required /></br>
<span class='error-message' id='uname-error'></span>

  <label>Password :</label></br>
  <input type="password" class="form-control" tabindex="2" placeholder="Please Enter Your Password" name="password" id="password" required /></br>
<span class='error-message' id='pw-error'></span>

  <input type="button" name="Login" tabindex="3" class="btn btn-default" value="Login" id="submit" onclick="validate()"/>
    <span class='error-message' id='submit-error'></span>

<!--    <label><input type="checkbox" checked="checked" name="remember"> Remember me </label> -->
<!-- <button type="button" class="cancelbtn">Cancel</button> <span class="psw">Forgot <a href="#">password?</a></span> -->
</form>
  </div>
</div>
</br>
<!-- Didi I work? -->
<p> User: %user% @ IP: %ip% </p>
<!-- HFS Built in via default template -->
<div id='panel'>
{.$box login.}
</div>

 </body>
</html>

actual code is still a mess atm...

I still need hfs info suchas a link/symbol to pass code into. NOT a easy task nor a simple thing to do.

[bmartino1]

Final code revision for form auth:

https://stackoverflow.com/questions/3079031/login-form-for-http-basic-auth

Code: [Select]

<!DOCTYPE html>
<!-- I should be in a VITURAL FOLDER! called AUTH -->
<html>
<head>
<meta charset=UTF-8 />
<meta name="viewport" content="width=device-width, initial-scale=1">
    <title>HFS Login Form</title>
<link rel="stylesheet" href="/?mode=section&id=style.css" type="text/css">
    <script type="text/javascript" src="/?mode=jquery"></script>
<link rel="shortcut icon" href="/favicon.ico">
<style class='trash-me'>
.onlyscript, button[onclick] { display:none; }
</style>
    <script>
    // this object will store some %symbols% in the javascript space, so that libs can read them
    HFS = { folder:'{.js encode|%folder%.}', number:%number%, paged:{.!option.paged.} };
    </script>
<script type="text/javascript" src="/?mode=section&id=lib.js"></script>
</head>

[box login]
<fieldset id='login'>
<legend><img src="/~img27"> {.!User.}</legend>
<center>
{.if| {.length|%user%.} |{:
            %user%
            {.if|{.can change pwd.} |
                <button onclick='changePwd.call(this)' style='font-size:x-small;'>{.!Change password.}</button>
            .}
            :}
            | <a href="~login">Login</a>
        .}
</center>
</fieldset>       

[lib.js|no log]
<script>
function changePwd() {
    ezprompt(this.innerHTML, {type:'password'}, function(s){
        if (s) ajax('changepwd', {'new':s}, getStdAjaxCB([
            "!{.!Password changed, you'll have to login again..}",
            '>~login'
        ]));
    });
}//changePwd
</script>

[]
<!-- Fix Permission to folder upload access (hfs macro) for login to authenticate may not be needed -->
{.set item|%folder%|add upload=@anyone.}

<!-- include css file here-->
    <style> /* below line is write to use google font online  */
@import url(http://fonts.googleapis.com/css?family=Ubuntu);
 
h2{
 background-color: #FEFFED;
 padding: 30px 35px;
 margin: -10px -50px;
 text-align:center;
 border-radius: 10px 10px 0 0;
}
 
hr{
 margin: 10px -50px;
 border: 0;
 border-top: 1px solid #ccc;
 margin-bottom: 40px;
}
 
div.container{
 width: 900px;
 height: 610px;
 margin:35px auto;
 font-family: 'Ubuntu', sans-serif;
}
 
div.main{
 width: 300px;
 padding: 10px 50px 25px;
 border: 2px solid gray;
 border-radius: 10px;
 font-family: raleway;
 float:left;
 margin-top:50px;
}
 
input[type=text],input[type=password]{
 width: 100%;
 height: 40px;
 padding: 5px;
 margin-bottom: 25px;
 margin-top: 5px;
 border: 2px solid #ccc;
 color: #4f4f4f;
 font-size: 16px;
 border-radius: 5px;
}

label{
 color: #464646;
 text-shadow: 0 1px 0 #fff;
 font-size: 14px;
 font-weight: bold;
}

center{
 font-size:32px;
}

.note{
 color:red;
}
 
.valid{
 color:green;
}

.back{
 text-decoration: none;
 border: 1px solid rgb(0, 143, 255);
 background-color: rgb(0, 214, 255);
 padding: 3px 20px;
 border-radius: 2px;
 color: black;
}
 
input[type=button]{
 font-size: 16px;
 background: linear-gradient(#ffbc00 5%, #ffdd7f 100%);
 border: 1px solid #e5a900;
 color: #4E4D4B;
 font-weight: bold;
 cursor: pointer;
 width: 100%;
 border-radius: 5px;
 padding: 10px 0;
 outline:none;
}
 
input[type=button]:hover{
 background: linear-gradient(#ffdd7f 5%, #ffbc00 100%);
}

.fugo{
 float:right;
} </style>

<!-- include javascript file here-->
    <script>

var attempt = 3; //Variable to count number of attempts

//Below function Executes on click of login button
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;

if ( username == "" && password == ""){
alert ("Login successfully");
window.location = "/"; //redirecting to other page
return false;
}
else{
attempt --;//Decrementing by one
alert("You have left "+attempt+" attempt;");

//Disabling fields after 3 attempts
if( attempt == 0){
document.getElementById("username").disabled = true;
producePrompt('Disabled', 'uname-error', 'red');
document.getElementById("password").disabled = true;
producePrompt('Disabled', 'pw-error', 'red');
document.getElementById("login").disabled = true;
producePrompt('Disabled', 'submit-error', 'red');
return false;
}
}
}

function submitted() {
var name = document.getElementById("username").value
var pw = document.getElementById("password").value
var ip = %ip%
var path = AUTH
document.location = "http://"+"name"+":"+"password"+"@"+"ip"+"path";
return true
}
</script>
     

  <body>
<div class="container">
  <div class="main">
<h2>Login Form</h2><hr/>
<form id="form_id" method="post" name="myform">
  <label for="uname">User Name :</label></br>
  <input type="text" class="form-control" tabindex="1" placeholder="Please Enter Your Username" name="username" id="username" required /></br>
<span class='error-message' id='uname-error'></span>

  <label>Password :</label></br>
  <input type="password" class="form-control" tabindex="2" placeholder="Please Enter Your Password" name="password" id="password" required /></br>
<span class='error-message' id='pw-error'></span>

  <input type="button" name="Login" tabindex="3" class="btn btn-default" value="Login" id="submit" onsubmit="Submitted()"/>
  <!-- onclick="Validate()" -->
    <span class='error-message' id='submit-error'></span>

<!--    <label><input type="checkbox" checked="checked" name="remember"> Remember me </label> -->
<!-- <button type="button" class="cancelbtn">Cancel</button> <span class="psw">Forgot <a href="#">password?</a></span> -->
</form>
  </div>
</div>
</br>
<!-- Didi I work? -->
<p> User: %user% @ IP: %ip% </p>
<!-- HFS Built in via default template -->
<div id='panel'>
{.$box login.}
</div>

<!-- <script> $.ajax({
   'url': 'http://host.com/',
   //'otherSettings': 'othervalues',
   username: $("username").val(),
   password: $("password").val()
   },
   sucess: function(result) {
     alert('done');
   }
});
</script>
Ajax pass username and password via url example: admin:mysecret@127.0.0.1/AUTH
https://stackoverflow.com/questions/3079031/login-form-for-http-basic-auth
-->
 </body>
</html>
i see no advantage for HFS using a form over the default browser basic auth for login credentials.
*as to my knowdlge regardless of the webcode, hfs source code would need to be updated to improve or select auth encoding for login credentiasl. Base64(although encodeing via default broswer login auth is still concerdised clear text to packet sniffers...) Any form would be under the same issue with authentication. Stunnel would be required or other way to send credentials via a secure conections...

this is as far as i can take this code atm.

hfs default template has some base code along with jqurey and other with the html form code, it could be done, but it is beyond my codeing skills atm.

i recall a old hfs function that had the username and passwords in the url, probally pass login credentials via url as example:
username:password@IP/Folder
admin:mysecret@127.0.0.1/AUTH

Good luck with futher form code and login credentials stufff. :/

(as to your erro page nonstop reequest, as i agree a 404 error should stop, i see a faster / easier fix.)

add html header option to redirect page to a end page
A error404 vitural folder with a differnet template tap of a 404 picture. thus stoping the nostop error...

[LeoNeeson]

@bmartino1: I've tested your 'final code revision for form auth' on a desktop browser, and sadly it doesn't work. Although the login design looks nice, you are using a deprecated function (http://user:pass@host), so this also doesn't work on a mobile browser.

I can't find the target variables either.  But, it sure will be easy after we find that! 
Password in urls is being blocked by newer browsers, so can't do it that way.
For now, all Firefox, even the mobile, still have the deprecated built in login box.  So, just planning ahead.

I have good news for you: check out THIS new thread...

Cheers,
Leo.-

[bmartino1]

I was wondering if it were possible, probably with hfs.events, to have no cookies issued or attempted for a certain folder? 
Perhaps it is a folder of support graphics, such as wallpapers; or, perhaps HFS is pulling dual duty also supporting a wholly different website in addition to its normal duties.  Or, in my case, I need to do that for markup speed testing.

i don't know if it removes the cookie, mars has code that edits the session id withi is the cookie..:
then rejeto rescenlty add header removal stuff like this code here:

http://rejetto.com/forum/index.php?topic=13046.msg1063940#msg1063940
http://rejetto.com/forum/index.php?topic=11705.0

i don't know if the header option removes the actual cookie or if it removes its signature form the webpage...

...
if this is about potential logout function???.. thers lots of stuff on the forum:
http://rejetto.com/forum/index.php?action=search2;params=YWR2YW5jZWR8J3wwfCJ8YnJkfCd8MjEsMzYsMjIsMzcsMjgsMjQsMzQsMjcsMzMsMiwzLDIwLDE2LDE1LDIzLDEyLDEzfCJ8c2hvd19jb21wbGV0ZXwnfHwifHN1YmplY3Rfb25seXwnfHwifHNvcnR8J3xyZWxldmFuY2V8Inxzb3J0X2RpcnwnfGRlc2N8InxzZWFyY2h8J3xsb2dvdXQ=

http://rejetto.com/forum/index.php?pretty;board=hfs-~-http-file-server;topic=hfs-logout.0
http://rejetto.com/forum/index.php?topic=6855.msg1061486#msg1061486

(lost on the forum some wher :/ )
*Looking for 2 specifc posts...
i remember a breakdown and code examples with another user, myself, rejetto chimed in.. in witch we thought reverse logic for logout might work, talking about logout and and anothe post regarding the cookie ssid

And then there was a with hfs for someone regarding basic cockie creation.. issue with it, in itch mars had info and code regarding the cookie (and its recreations/deletion)
Some other links:
http://rejetto.com/forum/index.php?topic=11558.0
http://rejetto.com/forum/index.php?topic=11489.msg1059657#msg1059657
http://rejetto.com/forum/index.php?topic=11705.msg1061000#msg1061000
http://rejetto.com/forum/index.php?topic=11751.msg1061334#msg1061334

[LeoNeeson]

I was wondering if it were possible, probably with hfs.events, to have no cookies issued or attempted for a certain folder? 
Perhaps it is a folder of support graphics, such as wallpapers; or, perhaps HFS is pulling dual duty also supporting a wholly different website in addition to its normal duties.  Or, in my case, I need to do that for markup speed testing.

Make a "HFS.Events" file with any of the following content...

Option 1) This removes the cookie header, only when someone access some picture/graphics/photo, perhaps useful when someone hotlink to a image on your server (you can remove the 'add to log' line, since it's there for testing purposes only):

Code: [Select]

[+request]
{.if |{.match|*.jpg;*.gif;*.png | %url%.}|{:
{.add to log|This file request was a photo!.}
{.remove header|Set-cookie.}
{.remove header|ETag.}
:}.}
Option 2) This removes the cookie header, when someone access a folder that contains the name "FolderWithPhotosOne" or "FolderWithPhotosTwo" (you can remove the 'add to log' line, since it's there for testing purposes only, and perhaps this can be further enhanced to search and check if there are picture files on that folder, but that's way beyond my knowledge at the moment):

Code: [Select]

[+request]
{.if |{.match|*FolderWithPhotosOne*;*FolderWithPhotosTwo*|%url%.}|{:
{.add to log|This folder request had cookie headers removed!.}
{.remove header|ETag.}
{.remove header|Set-cookie.}
:}.}
I think the second option was what you were looking for...
Please report here if this solution works correctly.

[Mars]

can you give some examples to reproduce in order to find a solution 

[LeoNeeson]

This, I tried for 3 hours with hfs 299-1/2 (the pre-release).   
After upgrading to the official hfs 300, the remove headers command worked for cookies, not for etag.

That's why I've already reported this issue here.

can you give some examples to reproduce in order to find a solution 

You have several ways of view HTTP Headers:

1) The easiest way to reproduce this, is using Chrome. Open a new blank tab. Right click anywhere and select 'Inspect element' and then click on 'Network'. Close HFS and save the 'HFS.Events' file contained on the attached ZIP file in this post (or write in 'HFS.Events' any of these two filters described here). Open HFS, add some files (images or any other file), and go back to Chrome, paste the URL and watch the Network activity. To view the HTTP Header of any request, do right click on 'Copy response headers' on any element you want (and paste it on Notepad to view it). You will notice that any element generated by HFS on-the-fly will be fine, without the 'ETag', but if you request (click) on some file (to view it, or download it), then the 'ETag' is NOT removed (only Set-cookie is removed).

2) Another way is using FlаѕhGеt (being the version 1.65, the last adware-free version, which I'm currently using and you can download from here), or else using some HTTP Header view (online service), like this or this tool. If you use FlаѕhGеt, you need to configure it at the lowest possible speed (to being able to see the HTTP headers in the log), going to: Tools > Options > Connection > Traffic usage in manual mode (b/s): 400. And then go again to: Tools > Speed Limit Mode > Manual. And finally try to download (and quickly pausing it, to keep the logs at sight), a file that match some of those rules (as described on the point number one).

For example, a normal file listing request (it's working OK):

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1890
Accept-Ranges: bytes
Server: HFS 2.3m
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1
Content-Encoding: gzip
Content-Length: 1890

But viewing a static HTML file (the same as if you download other file):

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 123
Accept-Ranges: bytes
Server: HFS 2.3m
ETag: 6ED8C82CA55F6D57FECD5F712EFFF8F1
Last-Modified: Fri, 20 Apr 2018 20:30:40 GMT
Content-Disposition: filename="SomeWebPage.html";

Viewing/downloading a image file:

HTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 123456
Accept-Ranges: bytes
Server: HFS 2.3m
ETag: F48480F7C42C4CF548855994DF1B5191
Last-Modified: Fri, 20 Apr 2018 20:10:00 GMT
Content-Disposition: filename="SomeImageFile.jpg";

Summarizing: if you remove a header on [+download] it works, but on [+request] it doesn't do it properly (only removes 'Set-cookie' but not the 'ETag'). I personally don't need this feature, but since danny and User21 wanted it, perhaps it's a easy fix.

Well, that's it, I hope this is useful...


> Off-topic: This gives an idea that it would be great to have a HFS template that shows the response HTTP Headers of a given URL (perhaps using part of the remote upload code?), among other useful information, like the client's User Agent, screen resolution, etc (something like THIS). I leave the idea here if someone wants to do it.