Commit Graph

140 Commits

Author SHA1 Message Date
Christoph (Sheogorath) Kern 7de6e3211f
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
2018-01-22 20:43:46 +01:00
Wu Cheng-Han 608008753f Fix not passing app key correctly in dropbox config 2018-01-19 00:25:08 +08:00
Rwing 362a7eaf65 support Simplified Chinese and rename original zh to Traditional Chinese 2017-10-23 17:38:04 +08:00
Literallie 04f5e3a341
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
2017-10-22 02:18:45 +02:00
Literallie e5f03fe135
Add dirty workaround for speakers view inline script 2017-10-22 00:03:46 +02:00
Literallie 2b2b8d6d1d
Allow any connect-src in CSP
Managing these for all the integrations seems like a lot of effort
2017-10-22 00:03:46 +02:00
Literallie d51da8c12c
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
2017-10-22 00:03:46 +02:00
Literallie 91101c856c
Change CSP config format to be more intuitive 2017-10-22 00:03:46 +02:00
Literallie 996cb37991
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
2017-10-22 00:03:45 +02:00
Literallie 4238b9b3ef
Fix MathJax CSP issues 2017-10-22 00:03:45 +02:00
Literallie 080436aebb
CSP: Add nonce to slide view inline JS 2017-10-22 00:03:45 +02:00
Literallie 5d2d3ec875
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
2017-10-22 00:03:45 +02:00
Literallie ba183ce654
Add basic CSP support 2017-10-22 00:03:44 +02:00
Literallie 56411ca0e1
Make HSTS behaviour configurable; Fixes #584 2017-10-13 01:42:05 +02:00
Wu Cheng-Han c8d3951d32 Add support of Danish locale 2017-06-11 15:52:04 +08:00
Wu Cheng-Han cceb5b1a26 Fix import module name typo in app.js 2017-05-08 20:35:51 +08:00
Raccoon Li d79997808a fix(imageRouter): import missing dependency: getImageMimeType 2017-05-08 20:04:05 +08:00
BoHong Li 60ca6ed56c refactor: Rename checkURiVaild to checkURIValid to fit coding standard 2017-05-08 19:29:07 +08:00
BoHong Li 3919d4fc0e fix(app.js): Change config.maintenance to realtime.maintenance 2017-05-08 19:29:07 +08:00
BoHong Li ecb0533605 refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
2017-05-08 19:29:07 +08:00
BoHong Li 4738ba7d36 fix: Add 'use strict' on app.js 2017-05-08 19:29:07 +08:00
BoHong Li aca01f064d refactor: Remove `require` extension filename 2017-05-08 19:29:06 +08:00
BoHong Li d88502e331 refactor(app.js): Move passport serialize and deserialize to auth module 2017-05-08 19:29:06 +08:00
BoHong Li 7ef17fd4e6 refactor(app.js): Extract tooBusy 2017-05-08 19:29:06 +08:00
BoHong Li 768943002c refactor(app.js): Extract upload image 2017-05-08 19:29:06 +08:00
BoHong Li d90bd6da31 fix(app.js): Fixed typo 2017-05-08 19:24:38 +08:00
BoHong Li 689bade730 refactor(app.js): Extract note action 2017-05-08 19:24:38 +08:00
BoHong Li e2ac73f5a3 refactor(app.js): Extract /me page 2017-05-08 19:24:38 +08:00
BoHong Li e3fde01e3a refactor(app.js): Remove unused modules 2017-05-08 19:24:38 +08:00
BoHong Li 706df11e23 refactor(app.js): Extract history api 2017-05-08 19:24:38 +08:00
BoHong Li c99ae8e1f8 refactor(app.js): Remove unused import modules 2017-05-08 19:24:38 +08:00
BoHong Li 69a9f7ca38 refactor(app.js, auth.js): Extract all auth method to individual modules 2017-05-08 19:24:38 +08:00
BoHong Li 766022378a refactor(app.js): Extract status pages 2017-05-08 19:24:37 +08:00
BoHong Li 66c68254b4 refactor(app.js): Extract index, 403, 404, 500 pages 2017-05-08 19:24:37 +08:00
BoHong Li 9f1f16c8e3 refactor(app.js): Extract urlencodedParser to utils module 2017-05-08 19:24:37 +08:00
BoHong Li dee77c459a refactor(app.js): Extract middleware to module
extract check URi is valid, redirect without trailing slashes
2017-05-08 19:24:37 +08:00
BoHong Li 7ba0d600f1 fix(app.js): Stream log
use logger instead of logger.stream
2017-05-08 19:24:37 +08:00
LluisArevalo 6e277100ca Add reference to utils library 2017-05-08 10:52:30 +02:00
LluisArevalo 03ef1bf4f0 Add Content-Type to the images uploaded to AWS S3 2017-05-08 10:22:52 +02:00
Wu Cheng-Han dde6e622a4 Fix front-end constants generation not getting config properly 2017-03-23 20:00:48 +08:00
Wu Cheng-Han 011d043b2a Update to indicate version in status API header 2017-03-22 23:44:09 +08:00
Wu Cheng-Han e751684aa3 Update to print info on exit term signals handled 2017-03-22 15:31:39 +08:00
Wu Cheng-Han 0bcd83576f Update to handle SIGQUIT 2017-03-22 15:26:35 +08:00
Wu Cheng-Han 7989b89591 Add support of Catalan locale 2017-03-20 14:52:25 +08:00
Wu Cheng-Han 19a64f6b06 Fix typo and possible wrong value on provider is false on generating front-end constants 2017-03-20 01:54:44 +08:00
Wu Cheng-Han 448b006194 Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
2017-03-20 01:39:09 +08:00
Wu Cheng-Han 506a381eca Add config option for gitlab api scope and auto adapt gitlab snippet feature on it 2017-03-14 18:04:23 +08:00
BoHong Li 4889e9732d Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
2017-03-08 18:45:51 +08:00
NV 90c83ebd5b Fix image path problem when using filesystem backend 2017-02-09 14:07:36 +09:00
Wu Cheng-Han 92ad67b813 Update to remove history cache to lower application coupling 2017-02-03 21:39:08 +08:00