summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update README.mdZearin2018-02-171-117/+117
| | | | Signed-off-by: Anthony "Zearin" Rogers <zearin@users.sourceforge.net>
* Add referrer policySheogorath2018-02-121-0/+7
| | | | | | | | | | | | | | | This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Fix field type to prevent data truncation of authorship (#721)Max Wu2018-02-093-2/+15
| | | | * Fix field type to prevent data truncation of authorship
* Add matrix.org badge to README.mdChristoph (Sheogorath) Kern2018-02-081-0/+3
| | | | | | | | | Matrix.org is an interesting platform for collaboration and community building. Thanks to various clients it supports it's maybe better than gitter to keep people on track and have a community feeling, discuss changes and more. Not not split up into two parties not knowing of each other, the Gitter channel and the Matrix channel are bridged. This helps to keep everyone informed while add more medias. Signed-off-by: Christoph Kern <sheogorath@shivering-isles.com>
* Merge pull request #718 from takmatsu/masterChristoph (Sheogorath) Kern2018-02-081-2/+2
|\ | | | | Fix typo of DB migration script
| * Fix typo of DB migration scriptTakeaki Matsumoto2018-02-081-2/+2
|/ | | | Signed-off-by: Takeaki Matsumoto <takeaki.matsumoto@ntt.com>
* Merge pull request #716 from stbuehler/fix-refererChristoph (Sheogorath) Kern2018-02-052-6/+17
|\ | | | | don't require referer to find note id in socket.io connections (fixes #623)
| * don't require referer to find note id in socket.io connections (fixes #623)Stefan Bühler2018-02-052-6/+17
|/ | | | Signed-off-by: Stefan Bühler <buehler@cert.uni-stuttgart.de>
* Merge pull request #714 from SISheogorath/fix/uncaughtExceptionChristoph (Sheogorath) Kern2018-01-311-0/+5
|\ | | | | Fix uncaught exception for non-existent user
| * Fix uncaught exception for non-existent userSheogorath2018-01-301-0/+5
| | | | | | | | | | | | | | Since we added user management it's possible to get non-existent users which can cause a crash of the Backend server. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update Heroku buttonSheogorath2018-01-311-2/+4
| | | | | | | | | | | | | | | | | | The button needs a parameter to work, that provides the git repository that is used for the deployment. This commit corrects the link and this way fixes the provisioning as it's not working with the wrong/default buildpacks. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Update yarn.lockSheogorath2018-01-311-52/+96
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #713 from SISheogorath/update/socketioChristoph (Sheogorath) Kern2018-01-302-3/+3
|\ \ | |/ |/| Update socket.io to version 2.0.4
| * Update socket.io to version 2.0.4Sheogorath2018-01-302-3/+3
|/ | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Prevent "wrong type"-issueSheogorath2018-01-291-1/+1
| | | | | | | | | | The argument is may interpreted as number which causes the "pass" parameter of the user creation to fail. Probably the same applies to the mail address. But mail addresses are by definition not allowed to start by a number (iirc) which makes it less a problem. This is mainly a quick fix. Should be refactored a bit in future. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2018-01-291-0/+4
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #707 from Nebukadneza/add_cmdline_usermanagerChristoph (Sheogorath) Kern2018-01-294-3/+94
|\ | | | | Add simple user-management tool for emailsignin
| * Make travis run shellcheck only on shellscriptsDario Ernst2018-01-291-1/+1
| | | | | | | | | | | | | | | | There are only a few scripts in bin/, but not all might be shell. At least for the moment, it seems reasonable to explicitely enumerate all shell-scripts in bin/ for shellcheck … Signed-off-by: Dario Ernst <dario@kanojo.de>
| * Add simple user-management tool for emailsignin …Dario Ernst2018-01-293-2/+93
| | | | | | | | | | | | | | | | | | Currently, administrators of closed instances need to manually fiddle in their databases for user-management. This commit adds a small commandline utility that allows to create and delete users. Signed-off-by: Dario Ernst <dario@kanojo.de>
* | Update badges in README.mdSheogorath2018-01-291-2/+2
|/ | | | | | | The docker badges have to be updated since we now provide official image like tags. So `latest-alpine` became `alpine`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Update yarn.lockSheogorath2018-01-291-3/+3
| | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #704 from SISheogorath/fix/ldapProviderNameChristoph (Sheogorath) Kern2018-01-292-1/+3
|\ | | | | Fix ldap provider name in template
| * Fix ldap provider name in templateSheogorath2018-01-262-1/+3
| | | | | | | | | | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #705 from SISheogorath/fix/camelcaseConfigChristoph (Sheogorath) Kern2018-01-297-13/+21
|\ \ | | | | | | Remove camel case from `imageuploadtype` in config
| * | Remove camel case from `imageuploadtype` in configSheogorath2018-01-277-13/+21
| |/ | | | | | | | | | | | | | | | | | | | | | | | | This removes the only camel cased option of the config options **we** added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #710 from hackmdio/feature/upgradeRevealJSChristoph (Sheogorath) Kern2018-01-292-6/+5
|\ \ | | | | | | Upgrade reveal.js to 3.6.0 and useCDN option for CSS include
| * | Upgrade reveal.js to 3.6.0 and useCDN option for CSS includeWu Cheng-Han2018-01-292-6/+5
|/ /
* / Add recommendation for 2GB RAMSheogorath2018-01-261-0/+1
|/ | | | | | | | | | We noticed on multiple places that machines with less than 2GB of RAM fail their build and result in missing files and unexpected errors. Sadly we can't really solve this right now since it's a webpack related bug. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Extend README changes for minioSheogorath2018-01-261-3/+3
|
* Merge pull request #698 from SISheogorath/docs/minioChristoph (Sheogorath) Kern2018-01-268-1/+97
|\ | | | | Adding some docs for new Minio Feature
| * Add README and `config.json.example` contentSheogorath2018-01-232-1/+14
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
| * Add minio guideSheogorath2018-01-236-0/+83
| | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #694 from SISheogorath/refactor/socialmediaChristoph (Sheogorath) Kern2018-01-254-9/+12
|\ \ | | | | | | Reorganize social media links and footer
| * | Reorganize social media links and footerSheogorath2018-01-244-9/+12
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Update yarn.lockSheogorath2018-01-241-7/+50
| | | | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #700 from hackmdio/fix-toggle-todoChristoph (Sheogorath) Kern2018-01-241-2/+2
|\ \ \ | | | | | | | | Fix task todo might not toggle
| * | | Fix task todo might not toggleMax Wu2018-01-241-2/+2
|/ / / | | | | | | which caused by not matching syntax with double dashes correctly
* | | Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-234-11/+29
|\ \ \ | | | | | | | | Allow more detailed configuration of upload mime types
| * | | Allow more detailed configuration of upload mime typesSheogorath2018-01-204-11/+29
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | | Merge pull request #697 from SISheogorath/fix/minioChristoph (Sheogorath) Kern2018-01-231-1/+1
|\ \ \ \ | |_|_|/ |/| | | Fix broken port config
| * | | Fix broken port configSheogorath2018-01-231-1/+1
|/ / / | | | | | | | | | Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | | Merge pull request #506 from erasys/minioChristoph (Sheogorath) Kern2018-01-234-0/+49
|\ \ \ | | | | | | | | Add support for minio
| * | | Add support for minioMarc Deop2017-08-304-0/+49
| | | |
* | | | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-2212-15/+132
|\ \ \ \ | |_|_|/ |/| | | Implement basic CSP support
| * | | Revert "Load js-url lib using legacy-loader"Literallie2017-11-024-16/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Didn't work in Firefox for some reason. `[Script Loader] ReferenceError: module is not defined` This reverts commit 5b83deb043296c23ff912a2472703c1f7faddb4b.
| * | | Fix MathJax config not being picked upLiterallie2017-10-221-1/+1
| | | | | | | | | | | | | | | | thanks standard
| * | | Move CSP logic to new file, Fix boolean config examplesLiterallie2017-10-225-81/+91
| | | | | | | | | | | | | | | | Not sure why I was quoting these in the first place
| * | | Add dirty workaround for speakers view inline scriptLiterallie2017-10-221-0/+4
| | | |
| * | | Allow any connect-src in CSPLiterallie2017-10-221-1/+1
| | | | | | | | | | | | | | | | Managing these for all the integrations seems like a lot of effort
| * | | Don't add nonce to CSP if unsafe-inline is onLiterallie2017-10-221-1/+3
| | | | | | | | | | | | | | | | Browsers ignore unsafe-inline if a nonce is sent