hedgedoc - Hedgedoc with support for CindyScript

summary refs log tree commit diff

path: root/app.js (follow)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove unused zh.json from repo	Sheogorath	2018-06-23	1	-1/+1
\| \| \| \| \| \| \| \|	Since the original idea of using a symlink didn't work anyway, we should remove the zh.json symlink from the repo. It doesn't provide any benefit but alters the repo on start of HackMD. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #837 from SISheogorath/translate/korean	Christoph (Sheogorath) Kern	2018-06-07	1	-1/+1
\|\ \| \| \| \|	Add korean translation
\| *	Add korean translation	Sheogorath	2018-06-07	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This translation was contributed via POEditor by the user Basix. Thanks a lot for your work! Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Fix i18n writing locale files in production	Sheogorath	2018-06-05	1	-1/+2
\|/ \| \| \| \| \| \| \|	This commit should prevent the i18n module from adding missing translations to the local files in setups that are not for development. This way we keep the directory clean and idempotent. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Removing google drive integration	Sheogorath	2018-05-16	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	It's sad but it's not working. For multiple releases this should be already broken which shows how often it's used. As there is also a security issue related to that, it's better to remove the feature completely. Whoever wants to rewrite it, feel free to go. This commit removes the Google Drive integration from HackMD's Frontend editor and this way removes the need to provide any API key and Client ID in the frontend. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Revert "Workaround Google API problems"	Christoph (Sheogorath) Kern	2018-05-16	1	-1/+1
\|
*	Use API key instead of clientSecret	Sheogorath	2018-04-13	1	-1/+1
\| \| \| \| \| \| \| \| \|	As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Change config to camel case with backwards compatibility	Sheogorath	2018-03-25	1	-17/+17
\| \| \| \| \| \| \| \|	This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Add referrer policy	Sheogorath	2018-02-12	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #691 from SISheogorath/feature/upload	Christoph (Sheogorath) Kern	2018-01-23	1	-1/+2
\|\ \| \| \| \|	Allow more detailed configuration of upload mime types
\| *	Allow more detailed configuration of upload mime types	Sheogorath	2018-01-20	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Merge pull request #598 from xxyy/feature/csp	Christoph (Sheogorath) Kern	2018-01-22	1	-0/+14
\|\ \ \| \|/ \|/\|	Implement basic CSP support
\| *	Move CSP logic to new file, Fix boolean config examples	Literallie	2017-10-22	1	-73/+4
\| \| \| \| \| \| \| \|	Not sure why I was quoting these in the first place
\| *	Add dirty workaround for speakers view inline script	Literallie	2017-10-22	1	-0/+4
\| \|
\| *	Allow any connect-src in CSP	Literallie	2017-10-22	1	-1/+1
\| \| \| \| \| \| \| \|	Managing these for all the integrations seems like a lot of effort
\| *	Don't add nonce to CSP if unsafe-inline is on	Literallie	2017-10-22	1	-1/+3
\| \| \| \| \| \| \| \|	Browsers ignore unsafe-inline if a nonce is sent
\| *	Change CSP config format to be more intuitive	Literallie	2017-10-22	1	-5/+35
\| \|
\| *	CSP: Workaround for ws:// protocol	Literallie	2017-10-22	1	-2/+12
\| \| \| \| \| \| \| \|	The spec allows wss:// for 'self', but not ws:// :(
\| *	Fix MathJax CSP issues	Literallie	2017-10-22	1	-7/+7
\| \|
\| *	CSP: Add nonce to slide view inline JS	Literallie	2017-10-22	1	-0/+7
\| \|
\| *	CSP: Upgrade insecure requests if possible	Literallie	2017-10-22	1	-0/+5
\| \| \| \| \| \| \| \|	Config option; default is to only upgrade if usessl
\| *	Add basic CSP support	Literallie	2017-10-22	1	-0/+25
\| \|
* \|	Fix not passing app key correctly in dropbox config	Wu Cheng-Han	2018-01-19	1	-1/+1
\| \|
* \|	support Simplified Chinese and rename original zh to Traditional Chinese	Rwing	2017-10-23	1	-1/+1
\|/
*	Make HSTS behaviour configurable; Fixes #584	Literallie	2017-10-13	1	-5/+10
\|
*	Add support of Danish locale	Wu Cheng-Han	2017-06-11	1	-1/+1
\|
*	Fix import module name typo in app.js	Wu Cheng-Han	2017-05-08	1	-1/+1
\|
*	fix(imageRouter): import missing dependency: getImageMimeType	Raccoon Li	2017-05-08	1	-3/+0
\|
*	refactor: Rename checkURiVaild to checkURIValid to fit coding standard	BoHong Li	2017-05-08	1	-2/+1
\|
*	fix(app.js): Change config.maintenance to realtime.maintenance	BoHong Li	2017-05-08	1	-1/+1
\|
*	refactor(config.js): Extract config file	BoHong Li	2017-05-08	1	-8/+5
\| \| \| \| \|	* Separate different config source to each files * Freeze config object
*	fix: Add 'use strict' on app.js	BoHong Li	2017-05-08	1	-0/+1
\|
*	refactor: Remove `require` extension filename	BoHong Li	2017-05-08	1	-3/+3
\|
*	refactor(app.js): Move passport serialize and deserialize to auth module	BoHong Li	2017-05-08	1	-19/+0
\|
*	refactor(app.js): Extract tooBusy	BoHong Li	2017-05-08	1	-8/+2
\|
*	refactor(app.js): Extract upload image	BoHong Li	2017-05-08	1	-84/+2
\|
*	fix(app.js): Fixed typo	BoHong Li	2017-05-08	1	-1/+1
\|
*	refactor(app.js): Extract note action	BoHong Li	2017-05-08	1	-17/+4
\|
*	refactor(app.js): Extract /me page	BoHong Li	2017-05-08	1	-28/+1
\|
*	refactor(app.js): Remove unused modules	BoHong Li	2017-05-08	1	-1/+0
\|
*	refactor(app.js): Extract history api	BoHong Li	2017-05-08	1	-11/+1
\|
*	refactor(app.js): Remove unused import modules	BoHong Li	2017-05-08	1	-2/+0
\|
*	refactor(app.js, auth.js): Extract all auth method to individual modules	BoHong Li	2017-05-08	1	-157/+1
\|
*	refactor(app.js): Extract status pages	BoHong Li	2017-05-08	1	-78/+1
\|
*	refactor(app.js): Extract index, 403, 404, 500 pages	BoHong Li	2017-05-08	1	-14/+1
\|
*	refactor(app.js): Extract urlencodedParser to utils module	BoHong Li	2017-05-08	1	-6/+1
\|
*	refactor(app.js): Extract middleware to module	BoHong Li	2017-05-08	1	-20/+2
\| \| \| \|	extract check URi is valid, redirect without trailing slashes
*	fix(app.js): Stream log	BoHong Li	2017-05-08	1	-1/+1
\| \| \| \|	use logger instead of logger.stream
*	Add reference to utils library	LluisArevalo	2017-05-08	1	-0/+3
\|
*	Add Content-Type to the images uploaded to AWS S3	LluisArevalo	2017-05-08	1	-0/+3
\|