summaryrefslogtreecommitdiff
path: root/app.js (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add referrer policySheogorath2018-02-121-0/+7
| | | | | | | | | | | | | | | This commit adds a referrer policy to all requests. The usage of `same-origin` allows HackMD to still interpret all requests and this way not break anything. But it prevents 3rd party scripts, pictures and more to get informations that may lead to not secured note. It has to be mentioned that this maybe breaks some features of the Google Analytics embedding. This has to be tested. Fixes #724 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* Merge pull request #691 from SISheogorath/feature/uploadChristoph (Sheogorath) Kern2018-01-231-1/+2
|\ | | | | Allow more detailed configuration of upload mime types
| * Allow more detailed configuration of upload mime typesSheogorath2018-01-201-1/+2
| | | | | | | | | | | | Fixes #637 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* | Merge pull request #598 from xxyy/feature/cspChristoph (Sheogorath) Kern2018-01-221-0/+14
|\ \ | |/ |/| Implement basic CSP support
| * Move CSP logic to new file, Fix boolean config examplesLiterallie2017-10-221-73/+4
| | | | | | | | Not sure why I was quoting these in the first place
| * Add dirty workaround for speakers view inline scriptLiterallie2017-10-221-0/+4
| |
| * Allow any connect-src in CSPLiterallie2017-10-221-1/+1
| | | | | | | | Managing these for all the integrations seems like a lot of effort
| * Don't add nonce to CSP if unsafe-inline is onLiterallie2017-10-221-1/+3
| | | | | | | | Browsers ignore unsafe-inline if a nonce is sent
| * Change CSP config format to be more intuitiveLiterallie2017-10-221-5/+35
| |
| * CSP: Workaround for ws:// protocolLiterallie2017-10-221-2/+12
| | | | | | | | The spec allows wss:// for 'self', but not ws:// :(
| * Fix MathJax CSP issuesLiterallie2017-10-221-7/+7
| |
| * CSP: Add nonce to slide view inline JSLiterallie2017-10-221-0/+7
| |
| * CSP: Upgrade insecure requests if possibleLiterallie2017-10-221-0/+5
| | | | | | | | Config option; default is to only upgrade if usessl
| * Add basic CSP supportLiterallie2017-10-221-0/+25
| |
* | Fix not passing app key correctly in dropbox configWu Cheng-Han2018-01-191-1/+1
| |
* | support Simplified Chinese and rename original zh to Traditional ChineseRwing2017-10-231-1/+1
|/
* Make HSTS behaviour configurable; Fixes #584Literallie2017-10-131-5/+10
|
* Add support of Danish localeWu Cheng-Han2017-06-111-1/+1
|
* Fix import module name typo in app.jsWu Cheng-Han2017-05-081-1/+1
|
* fix(imageRouter): import missing dependency: getImageMimeTypeRaccoon Li2017-05-081-3/+0
|
* refactor: Rename checkURiVaild to checkURIValid to fit coding standardBoHong Li2017-05-081-2/+1
|
* fix(app.js): Change config.maintenance to realtime.maintenanceBoHong Li2017-05-081-1/+1
|
* refactor(config.js): Extract config fileBoHong Li2017-05-081-8/+5
| | | | | * Separate different config source to each files * Freeze config object
* fix: Add 'use strict' on app.jsBoHong Li2017-05-081-0/+1
|
* refactor: Remove `require` extension filenameBoHong Li2017-05-081-3/+3
|
* refactor(app.js): Move passport serialize and deserialize to auth moduleBoHong Li2017-05-081-19/+0
|
* refactor(app.js): Extract tooBusyBoHong Li2017-05-081-8/+2
|
* refactor(app.js): Extract upload imageBoHong Li2017-05-081-84/+2
|
* fix(app.js): Fixed typoBoHong Li2017-05-081-1/+1
|
* refactor(app.js): Extract note actionBoHong Li2017-05-081-17/+4
|
* refactor(app.js): Extract /me pageBoHong Li2017-05-081-28/+1
|
* refactor(app.js): Remove unused modulesBoHong Li2017-05-081-1/+0
|
* refactor(app.js): Extract history apiBoHong Li2017-05-081-11/+1
|
* refactor(app.js): Remove unused import modulesBoHong Li2017-05-081-2/+0
|
* refactor(app.js, auth.js): Extract all auth method to individual modulesBoHong Li2017-05-081-157/+1
|
* refactor(app.js): Extract status pagesBoHong Li2017-05-081-78/+1
|
* refactor(app.js): Extract index, 403, 404, 500 pagesBoHong Li2017-05-081-14/+1
|
* refactor(app.js): Extract urlencodedParser to utils moduleBoHong Li2017-05-081-6/+1
|
* refactor(app.js): Extract middleware to moduleBoHong Li2017-05-081-20/+2
| | | | extract check URi is valid, redirect without trailing slashes
* fix(app.js): Stream logBoHong Li2017-05-081-1/+1
| | | | use logger instead of logger.stream
* Add reference to utils libraryLluisArevalo2017-05-081-0/+3
|
* Add Content-Type to the images uploaded to AWS S3LluisArevalo2017-05-081-0/+3
|
* Fix front-end constants generation not getting config properlyWu Cheng-Han2017-03-231-3/+7
|
* Update to indicate version in status API headerWu Cheng-Han2017-03-221-1/+2
|
* Update to print info on exit term signals handledWu Cheng-Han2017-03-221-0/+1
|
* Update to handle SIGQUITWu Cheng-Han2017-03-221-0/+1
|
* Add support of Catalan localeWu Cheng-Han2017-03-201-1/+1
|
* Fix typo and possible wrong value on provider is false on generating ↵Wu Cheng-Han2017-03-201-3/+3
| | | | front-end constants
* Update to generate front-end constants on server startupWu Cheng-Han2017-03-201-0/+16
| | | | To avoid extra webpacking on changing configs and follow the 12 factor app
* Add config option for gitlab api scope and auto adapt gitlab snippet feature ↵Wu Cheng-Han2017-03-141-2/+4
| | | | on it