hedgedoc - Hedgedoc with support for CindyScript

summary refs log tree commit diff

path: root/lib/response.js (follow)

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge pull request #785 from pferreir/redirect-to-login	Christoph (Sheogorath) Kern	2018-05-31	1	-1/+7
\|\ \| \| \| \|	403: Redirect user to login page if not logged in
\| *	403: redirect user to login page if not logged in	Pedro Ferreira	2018-03-27	1	-1/+7
\| \| \| \| \| \| \| \|	Signed-Off-By: Pedro Ferreira <pedro.ferreira@cern.ch>
* \|	Fix typos for `allowAnonymousEdits`	Sheogorath	2018-04-10	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Looks like we lost some variables during the refactoring of the configs to camel case. This should fix it. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
* \|	Fix CSP for disqus and Google Analytics	Sheogorath	2018-03-30	1	-1/+2
\|/ \| \| \| \| \| \| \| \| \| \| \| \|	This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Change config to camel case with backwards compatibility	Sheogorath	2018-03-25	1	-44/+44
\| \| \| \| \| \| \| \|	This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Remove and replace all note id compression in LZString with base64url	Max Wu	2018-02-26	1	-6/+5
\| \| \| \|	Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Fix to show 500 message when got error in parseNoteId	Max Wu	2018-02-17	1	-1/+2
\| \| \| \|	Signed-off-by: Max Wu <jackymaxj@gmail.com>
*	Fix ldap provider name in template	Sheogorath	2018-01-26	1	-0/+2
\| \| \| \| \| \| \| \|	Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
*	Merge pull request #598 from xxyy/feature/csp	Christoph (Sheogorath) Kern	2018-01-22	1	-1/+2
\|\ \| \| \| \|	Implement basic CSP support
\| *	CSP: Add nonce to slide view inline JS	Literallie	2017-10-22	1	-1/+2
\| \|
* \|	Merge pull request #673 from fooker/master	Christoph (Sheogorath) Kern	2018-01-20	1	-1/+2
\|\ \ \| \| \| \| \| \|	Allow posting new note with content
\| * \|	Allow posting new note with content	Dustin Frisch	2018-01-18	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Dustin Frisch <fooker@lab.sh>
* \| \|	Add option to enable `freely` permission in closed instance	Dario Ernst	2018-01-20	1	-0/+2
\|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de>
* \|	Fix file permission, remove useless executable	Peter Dave Hello	2017-12-14	1	-0/+0
\| \|
* \|	Initial support for SAML authentication	Norihito Nakae	2017-11-28	1	-0/+2
\| \|
* \|	Fix mattermost breaking notes	Sheogorath	2017-10-31	1	-0/+1
\| \|
* \|	Add mattermost authentication	Christoph Witzany	2017-10-31	1	-0/+1
\| \|
* \|	Adds 403 response if PDF export is disabled	geekyd	2017-10-25	1	-1/+6
\| \|
* \|	Adds PDF export via config	geekyd	2017-10-25	1	-1/+3
\|/
*	Fix slide might not provide slideOptions meta	Wu Cheng-Han	2017-06-05	1	-1/+1
\|
*	check if reveal theme exists	butlerx	2017-06-01	1	-1/+2
\|
*	add the ability to set slide theme in slide options	butlerx	2017-05-31	1	-0/+1
\|
*	refactor(config.js): Extract config file	BoHong Li	2017-05-08	1	-16/+16
\| \| \| \| \|	* Separate different config source to each files * Freeze config object
*	refactor: Remove `require` extension filename	BoHong Li	2017-05-08	1	-2/+2
\|
*	Use strict mode in all backend files	BoHong Li	2017-03-14	1	-0/+1
\| \| \| \|	add ‘use strict’ in all backend file
*	Use JavaScript Standard Style	BoHong Li	2017-03-08	1	-547/+539
\| \| \| \| \|	Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code.
*	Refactor checkViewPermission to fix limited & protected permission check bug ↵	Wu Cheng-Han	2017-01-16	1	-3/+3
\| \| \| \|	and fix code style
*	Fix missing config in hackmd response	Wu Cheng-Han	2017-01-16	1	-1/+2
\|
*	Add `allowemailregister` option	Sheogorath	2017-01-12	1	-0/+1
\|
*	Merge pull request #313 from elct9620/feature/disable_anonymous_view	Max Wu	2017-01-10	1	-2/+7
\|\ \| \| \| \|	WIP: Add options to limit anonymous view note
\| *	Add limited and protected permission	蒼時弦也	2017-01-10	1	-2/+7
\| \|
\| *	Recovery tariling spaces	蒼時弦也	2017-01-10	1	-2/+2
\| \|
\| *	Remove temporary change	蒼時弦也	2017-01-10	1	-3/+0
\| \|
\| *	Fix anonymouse view permission check	蒼時弦也	2017-01-05	1	-1/+4
\| \|
\| *	Add limit for constrain anonymous view note	蒼時弦也	2017-01-05	1	-3/+3
\| \|
* \|	Merge pull request #279 from alecdwm/ldap-auth	Max Wu	2017-01-09	1	-0/+2
\|\ \ \| \|/ \|/\|	Support for LDAP server authentication
\| *	Initial support for LDAP server authentication	alecdwm	2016-12-13	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale
* \|	Fix and refactor extracting content using metaMarked directly might lead in ↵	Wu Cheng-Han	2017-01-04	1	-45/+14
\| \| \| \| \| \| \| \|	invalid object
* \|	Fix yaml metadata description not able to show	Wu Cheng-Han	2017-01-02	1	-3/+3
\| \|
* \|	Remove LZString compression for data storage	Wu Cheng-Han	2017-01-02	1	-7/+7
\| \|
* \|	Fixed typo: anonmyous	Florian Rhiem	2016-12-21	1	-3/+3
\| \|
* \|	Add support of allow free url config option with correspond modifications	Wu Cheng-Han	2016-12-16	1	-2/+9
\| \|
* \|	Add support of allow anonymous config option with correspond modifications	Wu Cheng-Han	2016-12-15	1	-0/+4
\|/
*	Update to support optional email register and signin	Wu Cheng-Han	2016-12-02	1	-6/+10
\|
*	Update to auto generate meta description based on content in publish note ↵	Wu Cheng-Han	2016-11-26	1	-7/+14
\| \| \| \|	and slide
*	Fix possible XSS in yaml-metadata and turn using ejs escape syntax than ↵	Wu Cheng-Han	2016-11-26	1	-5/+2
\| \| \| \|	external lib [Security Issue]
*	Fix slide might trigger script when processing markdown which cause XSS ↵	Wu Cheng-Han	2016-11-26	1	-11/+1
\| \| \| \|	[Security Issue]
*	Update to improve history api error and bad request handling	Wu Cheng-Han	2016-10-10	1	-0/+3
\|
*	Update to allow CORS as API on revision actions	Wu Cheng-Han	2016-10-10	1	-0/+14
\|
*	Update to support showing owner on the infobar	Wu Cheng-Han	2016-10-10	1	-0/+6
\|