dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,933 Commits 73 Branches 132 Tags 560 MiB
Commit Graph

103 Commits

Author SHA1 Message Date
David Benque 06f4b8e590 Add licensing information to new files 2023-12-19 11:38:26 +00:00
yflory f9e6c8d142 tMerge branch 'main' into 5.6-rc 2023-12-18 14:07:13 +01:00
Mathilde Grünig 6c9a99a5e4 remove debugging.md, almost empty file 2023-12-08 09:57:08 +01:00
nisbet-hubbard 3ea05fddb7
Edit for consistency 2023-12-06 15:53:18 +08:00
nisbet-hubbard 0f7cc0f8a7
Create example.httpd.conf 2023-12-06 15:24:32 +08:00
Mathilde Grünig 078095c3e2 reimplement proper service logging after mistake in e80b6c2 2023-11-24 11:52:57 +01:00
David Benque 8f0a6319a5 Apply headers 2023-10-20 15:35:26 +01:00
yflory 6c6220edfc Fix comments in nginx file 2023-10-03 12:04:55 +02:00
yflory 1c2764dbb8 Revert revert "have 2 distinctives Nginx examples, default & advanced" 
This reverts commit 9fa981cfd8.
 2023-10-03 11:51:12 +02:00
yflory d6a60075cd Fix DrawIO hash 2023-10-03 11:40:55 +02:00
Mathilde Grünig 57dda59c4d change NodeJS path to match new recommended installation method 2023-09-18 11:52:26 +02:00
Mathilde Grünig 87dc6e66d4 replace tabs by spaces, not rendered properly by GitHub 2023-09-05 13:22:15 +02:00
Mathilde Grünig 53f53d1a7e fix two little header issues in Nginx advanced example 2023-09-05 13:21:16 +02:00
Mathilde Grünig c756909a89 add new default Nginx example config file 2023-09-05 13:19:25 +02:00
Mathilde Grünig bccfb28ac9 move old default Nginx example config to advanced file 2023-09-05 13:17:12 +02:00
Wolfgang Ginolas a3772cf92c Fix typo in example.nginx.conf 2023-08-10 16:00:46 +02:00
yflory dc6bbec19f Recovery page trailing slash redirect in nginx conf #1143 2023-07-18 17:35:18 +02:00
yflory 8b1aaaa9a7 Add missing trailing slash redirect for the diagram app 2023-07-13 11:12:31 +02:00
yflory c10fc37645 Merge branch 'totp-ui' into 5.4-rc 2023-07-11 10:30:36 +02:00
yflory b2788744de Merge branch 'drawio-bower' into 5.4-rc 2023-06-30 12:45:54 +02:00
Wolfgang Ginolas 00af2c3efb Update example nginx config for diagram 2023-06-29 11:22:41 +02:00
Mathilde Grünig f5fb24031e replace xwiki-labs by cryptpad 2023-05-16 14:54:39 +02:00
ansuz bf548c1022 updated nginx config for new API server features 2023-05-11 17:06:46 +05:30
ansuz 493bf1346c Merge tag '5.3.0' into 5.3-auth 2023-05-06 15:26:21 +05:30
ansuz c27ff40db1 proxy requests for blocks to the API server 2023-05-06 14:41:22 +05:30
David Benque d585d17359
Merge pull request #1004 from xwiki-labs/embedding-difficulty 
invert NGINX settings to forbid remote embedding by default
 2023-04-25 11:43:59 +01:00
Mathilde Grünig 166c20e081 add two lines explanation on hardening 2023-03-30 13:29:43 +02:00
Mathilde Grünig 2cd56842ec add various systemd hardening directives 2023-03-30 10:17:19 +02:00
Mathilde Grünig e80b6c2127 remove deprecated syslog parameters, now handled by journald 2023-03-30 10:16:18 +02:00
Mathilde Grünig 5df480b9f3 update latest stable Node version 2023-03-30 10:15:50 +02:00
ansuz ee5d270d6a Merge branch 'basic-auth' into authentication 2023-03-20 13:44:10 +05:30
ansuz 50c84949c8 invert NGINX settings to forbid remote embedding by default 2023-02-13 12:47:18 +05:30
Mathilde Grünig 0d7f1509b6 Add FreeBSD rc.d init script 2023-02-03 08:25:17 +01:00
Ente c9fd6359aa
Send HTTP credentials when fetching blobs 
With this change media-tag now sends HTTP credentials when fetching
blobs. Also changed the example nginx config to send
Access-Control-Allow-Credentials CORS headers. For this to work, we can
no longer use '*' for Access-Control-Allow-Origin [1][2]: Therefore the
example config was changed to set Access-Control-Allow-Origin to the
sandbox domain only.

Fixes:
- #705: Blob fetch fails with 401 Unauthorized when HTTP basic auth is enabled [3]

Referenes:
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
[3]: https://github.com/xwiki-labs/cryptpad/issues/705
 2022-12-14 11:27:51 +01:00
Mathilde Grünig 37ccaddbbe 2nd thought on HTTP/80, not needed in the end 2022-12-07 14:04:00 +01:00
Mathilde Grünig 1b731e2643 Add future-proof Nginx configuration 
- support IPv6
- 80 to 443 redirect
- TLS generation
- better SSL sessions
- longer HSTS (2 years)
- OCSP stapling
 2022-12-07 13:56:12 +01:00
ansuz 01cdfa1bbc document yet another way that Safari/webkit is terrible 2022-10-05 15:17:07 +05:30
ansuz 8d7973850a slightly smarter caching rules in example NGINX config 2022-09-13 18:34:30 +05:30
ansuz c889823fca fix custom file serving logic for static pages in NGINX 2022-09-06 14:36:23 +05:30
ansuz 4d022a2247 handle more cases for the cache-control header in NGINX 2022-09-06 14:35:13 +05:30
ansuz aaa6efbbb0 better worst-case performance for static files served by NGINX 2022-07-22 16:46:02 +05:30
Maxime Cesson c1adae6d59 Complete last commit (add og data to "Drive" and "File", handle missing config, modify nginx example config) 2022-07-21 18:44:21 +02:00
ansuz 8adeeb21ec display instance info on the home page 
* implements /api/instance
* updates recommended NGINX config
* adds a test on /checkup/
 2022-05-03 18:20:34 +05:30
ansuz 01b6dd539b add trailing slash if /convert/ is loaded without its trailing slash 2022-04-04 20:38:52 +05:30
ansuz 404b89eb28 update recommended settings for embedding to permit element desktop 2022-04-04 12:31:40 +05:30
ansuz 16b843c2c8 set x-content-type-options headers for blob and block in nginx example 2022-03-23 15:24:51 +05:30
ansuz e1abf4ef77 nginx updates 2022-03-14 18:23:38 +05:30
ansuz 7b14c135b3 update example NGINX CSP configuration 2022-02-15 15:54:33 +05:30
ansuz 0f46869217 WIP update recommended production CSP values 2022-02-10 17:11:17 +05:30
ansuz ae84d99af0 update the recommended settings for img-src and media-src 2022-01-21 17:48:53 +05:30