hedgedoc - Hedgedoc with support for CindyScript

summary refs log tree commit diff

path: root/app.js (follow)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Change config to camel case with backwards compatibility	Sheogorath	2018-03-25	1	-17/+17
\| \| \| \| \| \| \| \|	This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Add referrer policy	Sheogorath	2018-02-12	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #691 from SISheogorath/feature/upload	Christoph (Sheogorath) Kern	2018-01-23	1	-1/+2
\|\ \| \| \| \|	Allow more detailed configuration of upload mime types
\| *	Allow more detailed configuration of upload mime types	Sheogorath	2018-01-20	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Merge pull request #598 from xxyy/feature/csp	Christoph (Sheogorath) Kern	2018-01-22	1	-0/+14
\|\ \ \| \|/ \|/\|	Implement basic CSP support
\| *	Move CSP logic to new file, Fix boolean config examples	Literallie	2017-10-22	1	-73/+4
\| \| \| \| \| \| \| \|	Not sure why I was quoting these in the first place
\| *	Add dirty workaround for speakers view inline script	Literallie	2017-10-22	1	-0/+4
\| \|
\| *	Allow any connect-src in CSP	Literallie	2017-10-22	1	-1/+1
\| \| \| \| \| \| \| \|	Managing these for all the integrations seems like a lot of effort
\| *	Don't add nonce to CSP if unsafe-inline is on	Literallie	2017-10-22	1	-1/+3
\| \| \| \| \| \| \| \|	Browsers ignore unsafe-inline if a nonce is sent
\| *	Change CSP config format to be more intuitive	Literallie	2017-10-22	1	-5/+35
\| \|
\| *	CSP: Workaround for ws:// protocol	Literallie	2017-10-22	1	-2/+12
\| \| \| \| \| \| \| \|	The spec allows wss:// for 'self', but not ws:// :(
\| *	Fix MathJax CSP issues	Literallie	2017-10-22	1	-7/+7
\| \|
\| *	CSP: Add nonce to slide view inline JS	Literallie	2017-10-22	1	-0/+7
\| \|
\| *	CSP: Upgrade insecure requests if possible	Literallie	2017-10-22	1	-0/+5
\| \| \| \| \| \| \| \|	Config option; default is to only upgrade if usessl
\| *	Add basic CSP support	Literallie	2017-10-22	1	-0/+25
\| \|
* \|	Fix not passing app key correctly in dropbox config	Wu Cheng-Han	2018-01-19	1	-1/+1
\| \|
* \|	support Simplified Chinese and rename original zh to Traditional Chinese	Rwing	2017-10-23	1	-1/+1
\|/
*	Make HSTS behaviour configurable; Fixes #584	Literallie	2017-10-13	1	-5/+10
\|
*	Add support of Danish locale	Wu Cheng-Han	2017-06-11	1	-1/+1
\|
*	Fix import module name typo in app.js	Wu Cheng-Han	2017-05-08	1	-1/+1
\|
*	fix(imageRouter): import missing dependency: getImageMimeType	Raccoon Li	2017-05-08	1	-3/+0
\|
*	refactor: Rename checkURiVaild to checkURIValid to fit coding standard	BoHong Li	2017-05-08	1	-2/+1
\|
*	fix(app.js): Change config.maintenance to realtime.maintenance	BoHong Li	2017-05-08	1	-1/+1
\|
*	refactor(config.js): Extract config file	BoHong Li	2017-05-08	1	-8/+5
\| \| \| \| \|	* Separate different config source to each files * Freeze config object
*	fix: Add 'use strict' on app.js	BoHong Li	2017-05-08	1	-0/+1
\|
*	refactor: Remove `require` extension filename	BoHong Li	2017-05-08	1	-3/+3
\|
*	refactor(app.js): Move passport serialize and deserialize to auth module	BoHong Li	2017-05-08	1	-19/+0
\|
*	refactor(app.js): Extract tooBusy	BoHong Li	2017-05-08	1	-8/+2
\|
*	refactor(app.js): Extract upload image	BoHong Li	2017-05-08	1	-84/+2
\|
*	fix(app.js): Fixed typo	BoHong Li	2017-05-08	1	-1/+1
\|
*	refactor(app.js): Extract note action	BoHong Li	2017-05-08	1	-17/+4
\|
*	refactor(app.js): Extract /me page	BoHong Li	2017-05-08	1	-28/+1
\|
*	refactor(app.js): Remove unused modules	BoHong Li	2017-05-08	1	-1/+0
\|
*	refactor(app.js): Extract history api	BoHong Li	2017-05-08	1	-11/+1
\|
*	refactor(app.js): Remove unused import modules	BoHong Li	2017-05-08	1	-2/+0
\|
*	refactor(app.js, auth.js): Extract all auth method to individual modules	BoHong Li	2017-05-08	1	-157/+1
\|
*	refactor(app.js): Extract status pages	BoHong Li	2017-05-08	1	-78/+1
\|
*	refactor(app.js): Extract index, 403, 404, 500 pages	BoHong Li	2017-05-08	1	-14/+1
\|
*	refactor(app.js): Extract urlencodedParser to utils module	BoHong Li	2017-05-08	1	-6/+1
\|
*	refactor(app.js): Extract middleware to module	BoHong Li	2017-05-08	1	-20/+2
\| \| \| \|	extract check URi is valid, redirect without trailing slashes
*	fix(app.js): Stream log	BoHong Li	2017-05-08	1	-1/+1
\| \| \| \|	use logger instead of logger.stream
*	Add reference to utils library	LluisArevalo	2017-05-08	1	-0/+3
\|
*	Add Content-Type to the images uploaded to AWS S3	LluisArevalo	2017-05-08	1	-0/+3
\|
*	Fix front-end constants generation not getting config properly	Wu Cheng-Han	2017-03-23	1	-3/+7
\|
*	Update to indicate version in status API header	Wu Cheng-Han	2017-03-22	1	-1/+2
\|
*	Update to print info on exit term signals handled	Wu Cheng-Han	2017-03-22	1	-0/+1
\|
*	Update to handle SIGQUIT	Wu Cheng-Han	2017-03-22	1	-0/+1
\|
*	Add support of Catalan locale	Wu Cheng-Han	2017-03-20	1	-1/+1
\|
*	Fix typo and possible wrong value on provider is false on generating ↵	Wu Cheng-Han	2017-03-20	1	-3/+3
\| \| \| \|	front-end constants
*	Update to generate front-end constants on server startup	Wu Cheng-Han	2017-03-20	1	-0/+16
\| \| \| \|	To avoid extra webpacking on changing configs and follow the 12 factor app