Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix i18n writing locale files in production | Sheogorath | 2018-06-05 | 1 | -1/+2 |
| | | | | | | | | This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Removing google drive integration | Sheogorath | 2018-05-16 | 1 | -2/+0 |
| | | | | | | | | | | | | | | | It's sad but it's not working. For multiple releases this should be already broken which shows how often it's used. As there is also a security issue related to that, it's better to remove the feature completely. Whoever wants to rewrite it, feel free to go. This commit removes the Google Drive integration from HackMD's Frontend editor and this way removes the need to provide any API key and Client ID in the frontend. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Revert "Workaround Google API problems" | Christoph (Sheogorath) Kern | 2018-05-16 | 1 | -1/+1 |
| | |||||
* | Use API key instead of clientSecret | Sheogorath | 2018-04-13 | 1 | -1/+1 |
| | | | | | | | | | As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Change config to camel case with backwards compatibility | Sheogorath | 2018-03-25 | 1 | -17/+17 |
| | | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Add referrer policy | Sheogorath | 2018-02-12 | 1 | -0/+7 |
| | | | | | | | | | | | | | | | This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Merge pull request #691 from SISheogorath/feature/upload | Christoph (Sheogorath) Kern | 2018-01-23 | 1 | -1/+2 |
|\ | | | | | Allow more detailed configuration of upload mime types | ||||
| * | Allow more detailed configuration of upload mime types | Sheogorath | 2018-01-20 | 1 | -1/+2 |
| | | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | | Merge pull request #598 from xxyy/feature/csp | Christoph (Sheogorath) Kern | 2018-01-22 | 1 | -0/+14 |
|\ \ | |/ |/| | Implement basic CSP support | ||||
| * | Move CSP logic to new file, Fix boolean config examples | Literallie | 2017-10-22 | 1 | -73/+4 |
| | | | | | | | | Not sure why I was quoting these in the first place | ||||
| * | Add dirty workaround for speakers view inline script | Literallie | 2017-10-22 | 1 | -0/+4 |
| | | |||||
| * | Allow any connect-src in CSP | Literallie | 2017-10-22 | 1 | -1/+1 |
| | | | | | | | | Managing these for all the integrations seems like a lot of effort | ||||
| * | Don't add nonce to CSP if unsafe-inline is on | Literallie | 2017-10-22 | 1 | -1/+3 |
| | | | | | | | | Browsers ignore unsafe-inline if a nonce is sent | ||||
| * | Change CSP config format to be more intuitive | Literallie | 2017-10-22 | 1 | -5/+35 |
| | | |||||
| * | CSP: Workaround for ws:// protocol | Literallie | 2017-10-22 | 1 | -2/+12 |
| | | | | | | | | The spec allows wss:// for 'self', but not ws:// :( | ||||
| * | Fix MathJax CSP issues | Literallie | 2017-10-22 | 1 | -7/+7 |
| | | |||||
| * | CSP: Add nonce to slide view inline JS | Literallie | 2017-10-22 | 1 | -0/+7 |
| | | |||||
| * | CSP: Upgrade insecure requests if possible | Literallie | 2017-10-22 | 1 | -0/+5 |
| | | | | | | | | Config option; default is to only upgrade if usessl | ||||
| * | Add basic CSP support | Literallie | 2017-10-22 | 1 | -0/+25 |
| | | |||||
* | | Fix not passing app key correctly in dropbox config | Wu Cheng-Han | 2018-01-19 | 1 | -1/+1 |
| | | |||||
* | | support Simplified Chinese and rename original zh to Traditional Chinese | Rwing | 2017-10-23 | 1 | -1/+1 |
|/ | |||||
* | Make HSTS behaviour configurable; Fixes #584 | Literallie | 2017-10-13 | 1 | -5/+10 |
| | |||||
* | Add support of Danish locale | Wu Cheng-Han | 2017-06-11 | 1 | -1/+1 |
| | |||||
* | Fix import module name typo in app.js | Wu Cheng-Han | 2017-05-08 | 1 | -1/+1 |
| | |||||
* | fix(imageRouter): import missing dependency: getImageMimeType | Raccoon Li | 2017-05-08 | 1 | -3/+0 |
| | |||||
* | refactor: Rename checkURiVaild to checkURIValid to fit coding standard | BoHong Li | 2017-05-08 | 1 | -2/+1 |
| | |||||
* | fix(app.js): Change config.maintenance to realtime.maintenance | BoHong Li | 2017-05-08 | 1 | -1/+1 |
| | |||||
* | refactor(config.js): Extract config file | BoHong Li | 2017-05-08 | 1 | -8/+5 |
| | | | | | * Separate different config source to each files * Freeze config object | ||||
* | fix: Add 'use strict' on app.js | BoHong Li | 2017-05-08 | 1 | -0/+1 |
| | |||||
* | refactor: Remove `require` extension filename | BoHong Li | 2017-05-08 | 1 | -3/+3 |
| | |||||
* | refactor(app.js): Move passport serialize and deserialize to auth module | BoHong Li | 2017-05-08 | 1 | -19/+0 |
| | |||||
* | refactor(app.js): Extract tooBusy | BoHong Li | 2017-05-08 | 1 | -8/+2 |
| | |||||
* | refactor(app.js): Extract upload image | BoHong Li | 2017-05-08 | 1 | -84/+2 |
| | |||||
* | fix(app.js): Fixed typo | BoHong Li | 2017-05-08 | 1 | -1/+1 |
| | |||||
* | refactor(app.js): Extract note action | BoHong Li | 2017-05-08 | 1 | -17/+4 |
| | |||||
* | refactor(app.js): Extract /me page | BoHong Li | 2017-05-08 | 1 | -28/+1 |
| | |||||
* | refactor(app.js): Remove unused modules | BoHong Li | 2017-05-08 | 1 | -1/+0 |
| | |||||
* | refactor(app.js): Extract history api | BoHong Li | 2017-05-08 | 1 | -11/+1 |
| | |||||
* | refactor(app.js): Remove unused import modules | BoHong Li | 2017-05-08 | 1 | -2/+0 |
| | |||||
* | refactor(app.js, auth.js): Extract all auth method to individual modules | BoHong Li | 2017-05-08 | 1 | -157/+1 |
| | |||||
* | refactor(app.js): Extract status pages | BoHong Li | 2017-05-08 | 1 | -78/+1 |
| | |||||
* | refactor(app.js): Extract index, 403, 404, 500 pages | BoHong Li | 2017-05-08 | 1 | -14/+1 |
| | |||||
* | refactor(app.js): Extract urlencodedParser to utils module | BoHong Li | 2017-05-08 | 1 | -6/+1 |
| | |||||
* | refactor(app.js): Extract middleware to module | BoHong Li | 2017-05-08 | 1 | -20/+2 |
| | | | | extract check URi is valid, redirect without trailing slashes | ||||
* | fix(app.js): Stream log | BoHong Li | 2017-05-08 | 1 | -1/+1 |
| | | | | use logger instead of logger.stream | ||||
* | Add reference to utils library | LluisArevalo | 2017-05-08 | 1 | -0/+3 |
| | |||||
* | Add Content-Type to the images uploaded to AWS S3 | LluisArevalo | 2017-05-08 | 1 | -0/+3 |
| | |||||
* | Fix front-end constants generation not getting config properly | Wu Cheng-Han | 2017-03-23 | 1 | -3/+7 |
| | |||||
* | Update to indicate version in status API header | Wu Cheng-Han | 2017-03-22 | 1 | -1/+2 |
| | |||||
* | Update to print info on exit term signals handled | Wu Cheng-Han | 2017-03-22 | 1 | -0/+1 |
| |