commit 85993e64e5ae8fab33cece26e3628509d56f9ec7
from: Tracey Emery <tracey@traceyemery.net>
date: Mon Feb 17 17:09:49 2020 UTC

apply unveil earlier in gw_summary, instead of waiting on gw_briefs

commit - 66dc90655fcdeb0dda20a74919eac65362271bb3
commit + 85993e64e5ae8fab33cece26e3628509d56f9ec7
blob - 90aca11b30f8d341264a5846b631794a1939800a
blob + b6a5311103d7d189b20a62bbe55ba495fd3b4b00
--- gotweb/gotweb.c
+++ gotweb/gotweb.c
@@ -1076,9 +1076,11 @@ gw_briefs(struct gw_trans *gw_trans)
 		goto done;
 	}
 
-	error = gw_apply_unveil(gw_trans->gw_dir->path);
-	if (error)
-		goto done;
+	if (gw_trans->action != GW_SUMMARY) {
+		error = gw_apply_unveil(gw_trans->gw_dir->path);
+		if (error)
+			goto done;
+	}
 
 	if (gw_trans->action == GW_SUMMARY)
 		error = gw_get_header(gw_trans, header, D_MAXSLCOMMDISP);
@@ -1251,7 +1253,9 @@ gw_summary(struct gw_trans *gw_trans)
 	if (pledge("stdio rpath proc exec sendfd unveil", NULL) == -1)
 		return got_error_from_errno("pledge");
 
-	/* unveil is applied with gw_briefs below */
+	error = gw_apply_unveil(gw_trans->gw_dir->path);
+	if (error)
+		goto done;
 
 	kerr = khtml_attr(gw_trans->gw_html_req, KELEM_DIV, KATTR_ID,
 	    "summary_wrapper", KATTR__MAX);