Christoph (Sheogorath) Kern
|
7de6e3211f
|
Merge pull request #598 from xxyy/feature/csp
Implement basic CSP support
|
2018-01-22 20:43:46 +01:00 |
Wu Cheng-Han
|
608008753f
|
Fix not passing app key correctly in dropbox config
|
2018-01-19 00:25:08 +08:00 |
Rwing
|
362a7eaf65
|
support Simplified Chinese and rename original zh to Traditional Chinese
|
2017-10-23 17:38:04 +08:00 |
Literallie
|
04f5e3a341
|
Move CSP logic to new file, Fix boolean config examples
Not sure why I was quoting these in the first place
|
2017-10-22 02:18:45 +02:00 |
Literallie
|
e5f03fe135
|
Add dirty workaround for speakers view inline script
|
2017-10-22 00:03:46 +02:00 |
Literallie
|
2b2b8d6d1d
|
Allow any connect-src in CSP
Managing these for all the integrations seems like a lot of effort
|
2017-10-22 00:03:46 +02:00 |
Literallie
|
d51da8c12c
|
Don't add nonce to CSP if unsafe-inline is on
Browsers ignore unsafe-inline if a nonce is sent
|
2017-10-22 00:03:46 +02:00 |
Literallie
|
91101c856c
|
Change CSP config format to be more intuitive
|
2017-10-22 00:03:46 +02:00 |
Literallie
|
996cb37991
|
CSP: Workaround for ws:// protocol
The spec allows wss:// for 'self', but not ws:// :(
|
2017-10-22 00:03:45 +02:00 |
Literallie
|
4238b9b3ef
|
Fix MathJax CSP issues
|
2017-10-22 00:03:45 +02:00 |
Literallie
|
080436aebb
|
CSP: Add nonce to slide view inline JS
|
2017-10-22 00:03:45 +02:00 |
Literallie
|
5d2d3ec875
|
CSP: Upgrade insecure requests if possible
Config option; default is to only upgrade if usessl
|
2017-10-22 00:03:45 +02:00 |
Literallie
|
ba183ce654
|
Add basic CSP support
|
2017-10-22 00:03:44 +02:00 |
Literallie
|
56411ca0e1
|
Make HSTS behaviour configurable; Fixes #584
|
2017-10-13 01:42:05 +02:00 |
Wu Cheng-Han
|
c8d3951d32
|
Add support of Danish locale
|
2017-06-11 15:52:04 +08:00 |
Wu Cheng-Han
|
cceb5b1a26
|
Fix import module name typo in app.js
|
2017-05-08 20:35:51 +08:00 |
Raccoon Li
|
d79997808a
|
fix(imageRouter): import missing dependency: getImageMimeType
|
2017-05-08 20:04:05 +08:00 |
BoHong Li
|
60ca6ed56c
|
refactor: Rename checkURiVaild to checkURIValid to fit coding standard
|
2017-05-08 19:29:07 +08:00 |
BoHong Li
|
3919d4fc0e
|
fix(app.js): Change config.maintenance to realtime.maintenance
|
2017-05-08 19:29:07 +08:00 |
BoHong Li
|
ecb0533605
|
refactor(config.js): Extract config file
* Separate different config source to each files
* Freeze config object
|
2017-05-08 19:29:07 +08:00 |
BoHong Li
|
4738ba7d36
|
fix: Add 'use strict' on app.js
|
2017-05-08 19:29:07 +08:00 |
BoHong Li
|
aca01f064d
|
refactor: Remove `require` extension filename
|
2017-05-08 19:29:06 +08:00 |
BoHong Li
|
d88502e331
|
refactor(app.js): Move passport serialize and deserialize to auth module
|
2017-05-08 19:29:06 +08:00 |
BoHong Li
|
7ef17fd4e6
|
refactor(app.js): Extract tooBusy
|
2017-05-08 19:29:06 +08:00 |
BoHong Li
|
768943002c
|
refactor(app.js): Extract upload image
|
2017-05-08 19:29:06 +08:00 |
BoHong Li
|
d90bd6da31
|
fix(app.js): Fixed typo
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
689bade730
|
refactor(app.js): Extract note action
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
e2ac73f5a3
|
refactor(app.js): Extract /me page
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
e3fde01e3a
|
refactor(app.js): Remove unused modules
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
706df11e23
|
refactor(app.js): Extract history api
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
c99ae8e1f8
|
refactor(app.js): Remove unused import modules
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
69a9f7ca38
|
refactor(app.js, auth.js): Extract all auth method to individual modules
|
2017-05-08 19:24:38 +08:00 |
BoHong Li
|
766022378a
|
refactor(app.js): Extract status pages
|
2017-05-08 19:24:37 +08:00 |
BoHong Li
|
66c68254b4
|
refactor(app.js): Extract index, 403, 404, 500 pages
|
2017-05-08 19:24:37 +08:00 |
BoHong Li
|
9f1f16c8e3
|
refactor(app.js): Extract urlencodedParser to utils module
|
2017-05-08 19:24:37 +08:00 |
BoHong Li
|
dee77c459a
|
refactor(app.js): Extract middleware to module
extract check URi is valid, redirect without trailing slashes
|
2017-05-08 19:24:37 +08:00 |
BoHong Li
|
7ba0d600f1
|
fix(app.js): Stream log
use logger instead of logger.stream
|
2017-05-08 19:24:37 +08:00 |
LluisArevalo
|
6e277100ca
|
Add reference to utils library
|
2017-05-08 10:52:30 +02:00 |
LluisArevalo
|
03ef1bf4f0
|
Add Content-Type to the images uploaded to AWS S3
|
2017-05-08 10:22:52 +02:00 |
Wu Cheng-Han
|
dde6e622a4
|
Fix front-end constants generation not getting config properly
|
2017-03-23 20:00:48 +08:00 |
Wu Cheng-Han
|
011d043b2a
|
Update to indicate version in status API header
|
2017-03-22 23:44:09 +08:00 |
Wu Cheng-Han
|
e751684aa3
|
Update to print info on exit term signals handled
|
2017-03-22 15:31:39 +08:00 |
Wu Cheng-Han
|
0bcd83576f
|
Update to handle SIGQUIT
|
2017-03-22 15:26:35 +08:00 |
Wu Cheng-Han
|
7989b89591
|
Add support of Catalan locale
|
2017-03-20 14:52:25 +08:00 |
Wu Cheng-Han
|
19a64f6b06
|
Fix typo and possible wrong value on provider is false on generating front-end constants
|
2017-03-20 01:54:44 +08:00 |
Wu Cheng-Han
|
448b006194
|
Update to generate front-end constants on server startup
To avoid extra webpacking on changing configs and follow the 12 factor app
|
2017-03-20 01:39:09 +08:00 |
Wu Cheng-Han
|
506a381eca
|
Add config option for gitlab api scope and auto adapt gitlab snippet feature on it
|
2017-03-14 18:04:23 +08:00 |
BoHong Li
|
4889e9732d
|
Use JavaScript Standard Style
Introduce JavaScript Standard Style as project style rule,
and fixed all fail on backend code.
|
2017-03-08 18:45:51 +08:00 |
NV
|
90c83ebd5b
|
Fix image path problem when using filesystem backend
|
2017-02-09 14:07:36 +09:00 |
Wu Cheng-Han
|
92ad67b813
|
Update to remove history cache to lower application coupling
|
2017-02-03 21:39:08 +08:00 |