hedgedoc - Hedgedoc with support for CindyScript

summary refs log tree commit diff

path: root/lib/config/default.js (follow)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Support 'host' & 'path' config options	Miranda Kastemaa	2018-07-27	1	-0/+1
\| \| \| \|	Signed-off-by: Miranda Kastemaa <miranda@foldplop.com>
*	Rename HackMD view to CodiMD	Sheogorath	2018-06-24	1	-1/+1
\| \| \| \| \| \| \| \|	Even when it looks a bit weird in first place to rename all internals step by step, it makes sense to do so, because we run into confusion afterwards. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #854 from hackmdio/feature/disableGravatar	Christoph (Sheogorath) Kern	2018-06-24	1	-0/+1
\|\ \| \| \| \|	Allow to disable gravatar
\| *	Allow to disable gravatar	Sheogorath	2018-06-23	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Since Gravatar is an external image source and not perfect from a privacy perspective, forbidding it allows to improve privacy. This commit also simplifies and optimizes the avatar code. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Move config out of statics path	Sheogorath	2018-06-24	1	-0/+1
\|/ \| \| \| \| \| \| \|	Since static path is providing with a high expiration data, we provide configs via API. This shouldn't add any noticeable load while making it uncached and this way working again. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Fix possible error if HackMD is started with wrong workdir	Sheogorath	2018-06-23	1	-0/+1
\| \| \| \| \| \| \| \| \| \|	In https://github.com/hackmdio/hackmd/issues/834 is described how starting HackMD crashes when using the wrong working dir. This is caused by a relative path in our upload routine. This change should fix it and prevent future crashes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #784 from pferreir/add-oauth2-support	Christoph (Sheogorath) Kern	2018-06-04	1	-0/+6
\|\ \| \| \| \|	Add "generic" OAuth2 support
\| *	Add support for generic OAuth2 providers	Pedro Ferreira	2018-03-26	1	-0/+6
\| \| \| \| \| \| \| \|	Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>
* \|	Add Azure Blob Storage support	Ádám Hóka	2018-06-01	1	-1/+5
\| \| \| \| \| \| \| \|	Signed-off-by: Adam Hoka <hoka.adam@nexogen.hu>
* \|	Revert "Workaround Google API problems"	Christoph (Sheogorath) Kern	2018-05-16	1	-1/+0
\| \|
* \|	Use API key instead of clientSecret	Sheogorath	2018-04-13	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	As recently discovered we send the clientSecret to the webclient which is potentionally dangerous. This patch should fix the problem and replace the clientSecret with the originally intended and correct way to implement it using the API key. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Fix CSP for disqus and Google Analytics	Sheogorath	2018-03-30	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Automatically generate a session secret if default is used	Sheogorath	2018-03-26	1	-0/+1
\|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The session secret is used to sign and authenticate the session cookie and this way very important for the authentication process. By default the session secret is set to `secret` and never changes. This commit will add a generator for a dynamic session secret if it stays unchanged. It prevents session hijacking this way and will warn the user about the missing secret. This also implies that on a restart without configured session secret will log out all users. While it may seems annoying, it's for the users best. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Change config to camel case with backwards compatibility	Sheogorath	2018-03-25	1	-35/+33
\| \| \| \| \| \| \| \|	This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Add config option for report URI in CSP	Sheogorath	2018-03-14	1	-1/+2
\| \| \| \| \| \| \| \|	This option is needed as it's currently not possible to add an report URI by the directives array. This option also allows to get CSP reports not only on docker based setup but also on our heroku instances. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Remove unused LDAP option `tokenSecret`	Felix Schäfer	2018-03-05	1	-1/+0
\| \| \| \| \| \|	hackmdio/hackmd#754 Signed-off-by: Felix Schäfer <felix@thegcat.net>
*	Introduce ldap.useridField	Dustin Frisch	2018-03-01	1	-0/+1
\| \| \| \|	Signed-off-by: Dustin Frisch <fooker@lab.sh>
*	Remove camel case from `imageuploadtype` in config	Sheogorath	2018-01-27	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \|	This removes the only camel cased option of the config options we added to the config.json. In auth provider's config parts are a lot of camel cased options provided. We shouldn't touch them to keep them as similar as possible to the examples. Fixes #315 Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #506 from erasys/minio	Christoph (Sheogorath) Kern	2018-01-23	1	-0/+7
\|\ \| \| \| \|	Add support for minio
\| *	Add support for minio	Marc Deop	2017-08-30	1	-0/+7
\| \|
* \|	Merge pull request #598 from xxyy/feature/csp	Christoph (Sheogorath) Kern	2018-01-22	1	-0/+7
\|\ \ \| \| \| \| \| \|	Implement basic CSP support
\| * \|	Change CSP config format to be more intuitive	Literallie	2017-10-22	1	-9/+1
\| \| \|
\| * \|	CSP: Allow more content types	Literallie	2017-10-22	1	-3/+7
\| \| \|
\| * \|	CSP: Upgrade insecure requests if possible	Literallie	2017-10-22	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \| \|	Config option; default is to only upgrade if usessl
\| * \|	Add basic CSP support	Literallie	2017-10-22	1	-0/+10
\| \| \|
* \| \|	Add option to enable `freely` permission in closed instance	Dario Ernst	2018-01-20	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* \| \|	Fix not passing app key correctly in dropbox config	Wu Cheng-Han	2018-01-19	1	-1/+2
\| \| \|
* \| \|	Add setting `ldap.usernameField`	Lukas Kalbertodt	2017-12-09	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This determines which ldap field is used as the username on HackMD. By default, the "id" is used as username, too. The id is taken from the fields `uidNumber`, `uid` or `sAMAccountName`. To give the user more flexibility, they can now choose the field used for the username instead.
* \| \|	added guide for SAML settings	Norihito Nakae	2017-12-04	1	-1/+0
\| \| \|
* \| \|	fixed the SAML callback URL to unconfigurable.	Norihito Nakae	2017-11-29	1	-1/+0
\| \| \|
* \| \|	Initial support for SAML authentication	Norihito Nakae	2017-11-28	1	-0/+16
\| \| \|
* \| \|	Add mattermost authentication	Christoph Witzany	2017-10-31	1	-0/+5
\| \| \|
* \| \|	Adds PDF export via config	geekyd	2017-10-25	1	-1/+2
\|/ /
* /	Make HSTS behaviour configurable; Fixes #584	Literallie	2017-10-13	1	-0/+6
\|/
*	refactor(config.js): Extract config file	BoHong Li	2017-05-08	1	-0/+92
	* Separate different config source to each files * Freeze config object