| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
|
|
| |
Co-authored-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Simeon Keske <git@n0emis.eu>
Signed-off-by: Leo Maroni <git@em0lar.de>
|
|
|
|
| |
Signed-off-by: Simeon Keske <git@n0emis.eu>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Linting markdown files according to default remark-lint configuration.
Files inside the `public` directory were not linted.
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| | |
Override markdown linting preset to disable a rule that seems useless and to change the default setting of 2 other rules.
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| |
| |
| |
| | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| | |
Add remark-lint dependencies as dev dependencies, and an npm script alias to launch markdown linting with `npm run markdownlint`.
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| |
| |
| |
| |
| |
| | |
Add a markdown linting configuration file. The configuration file is using [remark-preset-lint-markdown-style-guide](https://github.com/remarkjs/remark-lint/tree/master/packages/remark-preset-lint-markdown-style-guide). This preset configure `remark-lint` with settings that the [Markdown Style Guide](http://www.cirosantilli.com/markdown-style-guide/) recommends.
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|\ \
| | |
| | | |
Create yunohost.md
|
| |/
| |
| |
| |
| |
| | |
Signed-off-by: ericgaspar <junk.eg@free.fr>
Add setup doc about deploying CodiMD with YunoHost.
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
| |/
| |
| |
| |
| |
| | |
CodiMD currently only uses the 'lang' attribute in YAML-metadata of a note for setting certain js-elements of the markdown-renderer. This commit adds the chosen lang into the published version of a note.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|\ \
| | |
| | | |
[Snyk] Security upgrade lodash from 4.17.15 to 4.17.16
|
|/ /
| |
| |
| |
| | |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
|
|\ \
| |/
|/| |
Fix yaml-metadata docs example for lang
|
|/
|
|
|
|
| |
In the yaml-metadata docs, the example for the 'lang' attribute had an invalid key 'langs'.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.
This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.
Reference:
https://github.com/trentm/node-bunyan/commit/ea21d75f548373f29bb772b15faeb83e87089746
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
|
|\
| |
| | |
Fix browser logo links
|
|/
|
|
| |
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
|
|\
| |
| | |
Backport of #278 for 1.6.1
|
|/
|
|
|
|
|
| |
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.
Signed-off-by: Victor Berger <victor.berger@m4x.org>
|
|\
| |
| | |
Update Cloudron docs
|
| |
| |
| |
| |
| |
| | |
Added a link to the demo and source code repo
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
|
|\ \
| | |
| | | |
fix: outdated internal links in documentation
|
|/ /
| |
| |
| | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|\ \
| | |
| | | |
Fix docs/configuration formatting
|
|/ /
| |
| |
| | |
Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
|
|\ \
| | |
| | | |
improve documentation about configuration
|
| | |
| | |
| | |
| | | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| | |
| | |
| | |
| | |
| | |
| | | |
fix #349
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|/ /
| |
| |
| |
| |
| | |
configuration.md
Signed-off-by: oupala <oupala@users.noreply.github.com>
|
|\ \
| |/
|/| |
Fix allow anonymous edit documentation
|
|/
|
|
|
|
| |
The default is false and the option only matters if allowAnonymous is true
Signed-off-by: David Sawatzke <d-git@sawatzke.dev>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our frontend requests the `/me` pathname in order to determine whether
it's logged in or not. Due to the fact that the sameSite attribute of
the session cookie was set to `strict` in a previous commit, the session
token was no longer sent along with HTTP calls initiated by JS. This is
due to the RFCs definition of "safe" HTTP calls in RFC7231.
The bug triggers the UI to show up like an unauthenticated user, even
after a successful login. In order to debug it a look into the send
cookies to the `/me` turned out to be very enlightening.
The fix this patch implements is rather simple, it replaces the sameSite
attribute to `lax` which enables the cookies for those requests again.
Some older and mobile clients were unaffected by this due to the lack of
implementations of sameSite policies.
References:
https://tools.ietf.org/html/rfc7231#section-4.2.1
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.3.7.1
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
https://github.com/codimd/server/commit/e77e7b165ac4920290015ec4b95e651730009edc
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We enabled the `secure` flag for various cookies in previous commits.
This caused setups behind reverse proxies to drop cookies as the nodejs
instance wasn't aware of the fact that it was able to hand out secure
commits using an insecure connection (between the codimd instance and
the reverse proxy).
This patch makes express, the webserver framework we use, aware of
proxies and this way re-enabled the handing out of cookies. Not only the
cookie monster will enjoy, but also functionality like authentication
and real-time editing will return as intended.
References:
https://www.npmjs.com/package/express-session#cookiesecure
https://github.com/codimd/server/commit/383d791a50919bb9890a3f3f797ecc95125ab8bf
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As @davidmehren figured out, the problem that NodeJS version 14 gets
stuck while CodiMD is starting, was due to the outdated postgres
dependency. The old pg version doesn't work with node version 14 due to
an undocumented API change in the `readyState` in the socket API.
This patch updates the required dependency and this way resolves the
issue.
Reference:
https://github.com/sequelize/sequelize/issues/12158
https://github.com/brianc/node-postgres/commit/149f48232445da0fb3022044e4f1c53509040ad3
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The socket.io cookie doesn't really have any purpose as it's no longer
user in modern socket.io versions. This patch disables it.
References:
https://github.com/socketio/socket.io/issues/2276
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While HSTS should take care of most of this, setting cookies to be
secure, and only applied on same site helps to improve situations where
for whatever reason, downgrade attacks are still a thing.
This patch adds the `sameSite` and `secure` to the session cookie and
this way prevent all accidents where a browser may doesn't support HSTS
or HSTS is intentionally dropped.
Reference:
https://www.npmjs.com/package/express-session#cookiesecure
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| | |
According to https://github.com/socketio/socket.io/issues/2276 this cookie is not used for anything. To avoid browser warnings about the sameSite attribute, we disable it here.
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|/
|
|
|
|
| |
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|\
| |
| | |
Fix checksums of mermaid
|
|/
|
|
| |
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
|
|\
| |
| | |
Update to mermaid 8.5.1
|
| |
| |
| |
| |
| |
| | |
because I can't figure out how to just update mermaid
Signed-off-by: Nick Hahn <nick.hahn@posteo.de>
|