From 4bd8d7eb91524cc936bc607f8291804689de35ea Mon Sep 17 00:00:00 2001 From: Daan Sprenkels Date: Tue, 13 Nov 2018 00:14:25 +0100 Subject: Disallow creation of robots.txt in freeurl Add a configuration setting to "hard"-disable creation of notes as set by the configuration value. This defaults to `['robots.txt', 'favicon.ico']`, because these files are often accidentally created by bots and browsers. This commit fixes #1052. Signed-off-by: Daan Sprenkels --- lib/config/default.js | 1 + lib/config/environment.js | 1 + 2 files changed, 2 insertions(+) (limited to 'lib/config') diff --git a/lib/config/default.js b/lib/config/default.js index 15f11aaa..c04bda3c 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -31,6 +31,7 @@ module.exports = { allowAnonymous: true, allowAnonymousEdits: false, allowFreeURL: false, + forbiddenNoteIDs: ['robots.txt', 'favicon.ico', 'api'], defaultPermission: 'editable', dbURL: '', db: {}, diff --git a/lib/config/environment.js b/lib/config/environment.js index 0c7c9a4f..8526e3ee 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -27,6 +27,7 @@ module.exports = { allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS), allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS), allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL), + forbiddenNoteIDs: toArrayConfig(process.env.CMD_FORBIDDEN_NOTE_IDS), defaultPermission: process.env.CMD_DEFAULT_PERMISSION, dbURL: process.env.CMD_DB_URL, sessionSecret: process.env.CMD_SESSION_SECRET, -- cgit v1.2.3