| Commit message (Collapse) | Author | Files | Lines |
|
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|
|
|
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|
instead of doing it in the authentication source
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|
Saving referer into session in SAML auth so passport can redirect correctly after SAML login.
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
|
|
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
|
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
|
Signed-off-by: Girish Ramakrishnan <girish@cloudron.io>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Move postNote to NoteController and rename to createFromPost
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
Because of circular import problems, this commit also moves the error messages from response.js to errors.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
|
|
This makes the references consistent/compatible with GitHub,
GitLab, Pandoc and many other tools.
This behavior can be enabled in config.json with:
```
"linkifyHeaderStyle": "gfm"
```
Signed-off-by: hoijui <hoijui.quaero@gmail.com>
|
|
This regression bug was caused by the error page using the `codimd/head`
template. This resulted in error messages like this:
```
ReferenceError: /codimd/public/views/error.ejs:5
3|
4| <head>
>> 5| <%- include codimd/head %>
6| <link rel="stylesheet" href="<%- serverURL %>/css/center.css">
7| </head>
8|
/codimd/public/views/codimd/head.ejs:7
5| <meta name="apple-mobile-web-app-status-bar-style" content="black">
6| <meta name="mobile-web-app-capable" content="yes">
>> 7| <% for (var og in opengraph) { %>
8| <% if (opengraph.hasOwnProperty(og) && opengraph[og].trim() !== '') { %>
9| <meta property="og:<%- og %>" content="<%- opengraph[og] %>">
10| <% }} if (!opengraph.hasOwnProperty('image')) { %>
opengraph is not defined
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:18:23)
at eval (eval at compile (/codimd/node_modules/ejs/lib/ejs.js:618:12), <anonymous>:99:10)
at returnedFn (/codimd/node_modules/ejs/lib/ejs.js:653:17)
at tryHandleCache (/codimd/node_modules/ejs/lib/ejs.js:251:36)
at View.exports.renderFile [as engine] (/codimd/node_modules/ejs/lib/ejs.js:482:10)
at View.render (/codimd/node_modules/express/lib/view.js:135:8)
at tryRender (/codimd/node_modules/express/lib/application.js:640:10)
at Function.render (/codimd/node_modules/express/lib/application.js:592:3)
at ServerResponse.render (/codimd/node_modules/express/lib/response.js:1012:7)
at responseError (/codimd/lib/response.js:57:20)
at Object.errorNotFound (/codimd/lib/response.js:30:5)
at newNote (/codimd/lib/response.js:134:76)
at /codimd/lib/response.js:172:16
at tryCatcher (/codimd/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/codimd/node_modules/bluebird/js/release/promise.js:517:31)
at Promise._settlePromise (/codimd/node_modules/bluebird/js/release/promise.js:574:18)
at Promise._settlePromise0 (/codimd/node_modules/bluebird/js/release/promise.js:619:10)
at Promise._settlePromises (/codimd/node_modules/bluebird/js/release/promise.js:699:18)
at _drainQueueStep (/codimd/node_modules/bluebird/js/release/async.js:138:12)
at _drainQueue (/codimd/node_modules/bluebird/js/release/async.js:131:9)
at Async._drainQueues (/codimd/node_modules/bluebird/js/release/async.js:147:5)
at Immediate.Async.drainQueues (/codimd/node_modules/bluebird/js/release/async.js:17:14)
```
The fix for that is rather trivial. We simply provide an empty array of
metadata when generating the error template.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|
Signed-off-by: Amolith <amolith@nixnet.xyz>
|
|
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Known bugs/features:
- pushing towards an existing note results in an error 500
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|
Prevents "TypeError: Cannot freeze array buffer views with elements".
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
|
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.
I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: chandi <git@chandi.it>
|
|
As the connection string may include a password it should be supported by Docker Secrets.
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|
Add simple SVG image detecetion base on the file extension .svg.
This fixes the SVG being delivered as binary/octet-stream and makes it possible to embedd the SVG.
Signed-off-by: Lennart Weller <lennart.weller@hansemerkur.de>
|
|
Signed-off-by: BoHong Li <a60814billy@gmail.com>
|
|
Do Not Track (DNT) is an old web standard in order to notify pages that
the user doesn't want to be tracked. Even while a lot of pages either
ignore this header or even worse, use it for tracking purposes, the
orignal intention of this header is good and should be adopted.
This patch implements a respect of the DNT header by no longer including
the optional Google Analytics and disqus integrations when sending a DNT
header. This should reduce outside resource usage and help to stay more
private.
This should later-on extended towards other document content (i.e.
iframe based content).
The reason to not change the CDN handling is that CDNs will be
deprecated with next release and removed in long term.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
We have various places with overly simple if statements that could be
handled by our logging library. Also a lot of those logs are not marked
as debug logs but as info logs, which can cause confusion during
debugging.
This patch removed unneeded if clauses around debug logging statements,
reworks debug log messages towards ECMA templates and add some new
logging statements which might be helpful in order to debug things like
image uploads.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.
There should no functional change be introduced.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Currently a problem appears when using OpenID for authentication as
there is no method to add a profile picture right now.
This patch makes sure that all undefined login methods get a profile
picture.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
With very low CPU frequency or bad IO situation, as well as not-loaded
JS CodiMD happens to present unneeded "I'm busy"-messages to users.
This patch allows to configure the lag. The default is taken from the
libray but set in our own default configs.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
Signed-off-by: Claudius <opensource@amenthes.de>
|
|
Signed-off-by: Dylan Dervaux <dylanderv05@gmail.com>
|
|
disableRequestedAuthnContext: true|false
By default only Password authmethod is accepted, this option allows any other method.
Issue and option described here:
https://github.com/bergie/passport-saml/issues/226
Signed-off-by: Emmanuel Ormancey <emmanuel.ormancey@cern.ch>
|
|
Signed-off-by: Thor77 <thor77@thor77.org>
|