| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a referrer policy to all requests.
The usage of `same-origin` allows HackMD to still interpret all requests
and this way not break anything. But it prevents 3rd party scripts,
pictures and more to get informations that may lead to not secured note.
It has to be mentioned that this maybe breaks some features of the
Google Analytics embedding. This has to be tested.
Fixes #724
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
* Fix field type to prevent data truncation of authorship
|
|
|
|
|
|
|
|
|
| |
Matrix.org is an interesting platform for collaboration and community building.
Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more.
Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias.
Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix typo of DB migration script
|
|/
|
|
| |
Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
|
|\
| |
| | |
don't require referer to find note id in socket.io connections (fixes #623)
|
|/
|
|
| |
Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
|
|\
| |
| | |
Fix uncaught exception for non-existent user
|
| |
| |
| |
| |
| |
| |
| | |
Since we added user management it's possible to get non-existent users
which can cause a crash of the Backend server.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The button needs a parameter to work, that provides the git repository
that is used for the deployment. This commit corrects the link and this
way fixes the provisioning as it's not working with the wrong/default
buildpacks.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| |/
|/| |
Update socket.io to version 2.0.4
|
|/
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
|
|
|
|
|
|
| |
The argument is may interpreted as number which causes the "pass"
parameter of the user creation to fail. Probably the same applies to the
mail address. But mail addresses are by definition not allowed to start
by a number (iirc) which makes it less a problem. This is mainly a quick
fix. Should be refactored a bit in future.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Add simple user-management tool for emailsignin
|
| |
| |
| |
| |
| |
| |
| |
| | |
There are only a few scripts in bin/, but not all might be shell. At
least for the moment, it seems reasonable to explicitely enumerate all
shell-scripts in bin/ for shellcheck …
Signed-off-by: Dario Ernst <dario@kanojo.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, administrators of closed instances need to manually fiddle in
their databases for user-management.
This commit adds a small commandline utility that allows to create and
delete users.
Signed-off-by: Dario Ernst <dario@kanojo.de>
|
|/
|
|
|
|
|
| |
The docker badges have to be updated since we now provide official image
like tags. So `latest-alpine` became `alpine`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
|
|
| |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Fix ldap provider name in template
|
| |
| |
| |
| |
| |
| |
| |
| | |
Before this fix it's impossible to set the provider name in the
sign-model since `ldap` is a boolean there and this way not able
to have an attribute like `ldap.providerName`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Remove camel case from `imageuploadtype` in config
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This removes the only camel cased option of the config options
**we** added to the config.json.
In auth provider's config parts are a lot of camel cased options
provided. We shouldn't touch them to keep them as similar as
possible to the examples.
Fixes #315
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Upgrade reveal.js to 3.6.0 and useCDN option for CSS include
|
|/ / |
|
|/
|
|
|
|
|
|
|
|
| |
We noticed on multiple places that machines with less than 2GB of RAM
fail their build and result in missing files and unexpected errors.
Sadly we can't really solve this right now since it's a webpack
related bug.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
|
|\
| |
| | |
Adding some docs for new Minio Feature
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \
| | |
| | | |
Reorganize social media links and footer
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
Fix task todo might not toggle
|
|/ / /
| | |
| | | |
which caused by not matching syntax with double dashes correctly
|
|\ \ \
| | | |
| | | | |
Allow more detailed configuration of upload mime types
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #637
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
Fix broken port config
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\ \ \
| | | |
| | | | |
Add support for minio
|
| | | | |
|
|\ \ \ \
| |_|_|/
|/| | | |
Implement basic CSP support
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Didn't work in Firefox for some reason.
`[Script Loader] ReferenceError: module is not defined`
This reverts commit 5b83deb043296c23ff912a2472703c1f7faddb4b.
|
| | | |
| | | |
| | | |
| | | | |
thanks standard
|
| | | |
| | | |
| | | |
| | | | |
Not sure why I was quoting these in the first place
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Managing these for all the integrations seems like a lot of effort
|
| | | |
| | | |
| | | |
| | | | |
Browsers ignore unsafe-inline if a nonce is sent
|