Commit Graph

49 Commits

Author SHA1 Message Date
Danny Coates 8ad4597114
replaced fxa-geodb with load balancer header 2020-07-28 09:31:09 -07:00
Danny Coates d9cbe058ab
added hmac auth to report route 2020-07-25 15:36:29 -07:00
Danny Coates 17057e725d
add fxa_required option 2020-07-24 10:40:47 -07:00
Danny Coates 9891d1f0ba
Begin implementing a reporting mechanism 2020-07-24 08:32:43 -07:00
Danny Coates ccbcb69666
Merge pull request #1434 from MichaelPeter-Shockoe/master
modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL
2020-07-09 19:37:02 -07:00
jackyzy823 e2876b119d add configs to handle content-security-policy correctly for custom fxa urls 2020-06-11 21:57:48 +08:00
Michael Peter 5ff6266a5e modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL 2020-01-17 17:47:09 -05:00
Danny Coates d5c488196d
no-cache harder 2019-09-05 13:33:12 -07:00
Danny Coates 58191975b9
stubbed /login page for redirect base login flow 2019-07-23 09:27:34 -07:00
Danny Coates b9c87fd779
updated tailwindcss to 1.0 2019-06-14 11:37:30 -07:00
Danny Coates efea0e5ab0
added gravatar to CSP image-src 2019-03-31 13:04:15 -07:00
Danny Coates 8cf3b89f91
increase file id to 8 bytes 2019-03-26 09:32:44 -07:00
Danny Coates fb0f0f0b5d
added gcp dev to csp 2019-03-06 12:59:54 -08:00
Danny Coates 445811931f
added accounts.firefox.com to csp connect-src for /metrics-flow 2019-03-05 13:05:51 -08:00
Danny Coates f968083f74
added '-' to /api/filelist validation 2019-02-26 19:58:03 -08:00
Danny Coates 4cb6646cce
updated filelist storage so userid is not used directly 2019-02-26 13:53:11 -08:00
Danny Coates 1c44d1d0f9
added /config endpoint, use fewer globals (#1172)
* added /config endpoint, use fewer globals

* fixed integration tests
2019-02-26 10:39:50 -08:00
Danny Coates cccc1a5383
enabled accounts on Edge 2019-02-25 11:44:44 -08:00
Danny Coates c146c584f6
static require cryptofill for Edge 2019-02-21 11:21:06 -08:00
Danny Coates 8eaacfea18
use text/plain on /api/metrics 2019-02-15 11:59:39 -08:00
Danny Coates 9b37e92a81
implemented amplitude metrics (#1141) 2019-02-12 11:50:06 -08:00
Danny Coates d4528848d9
moved jsconfig code into initScript 2018-11-20 12:23:05 -08:00
Danny Coates 416b9902cb added a webmanifest (#1023) 2018-11-20 15:00:32 -05:00
Danny Coates 932a2a4576
removed unused code 2018-11-01 10:44:47 -07:00
Danny Coates 0e5202c470
updated modal 2018-11-01 10:44:45 -07:00
Danny Coates cc85486414
wip 2018-11-01 10:43:14 -07:00
Danny Coates a997a44a23
renamed auth route 2018-09-26 12:22:51 -07:00
Danny Coates c8bf3101aa
fixed multiple issues with the /signin page. #935 #936 #937 2018-09-24 12:01:39 -07:00
Danny Coates 7ccf462bf8 implemented PKCE auth (#921)
* implemented PKCE auth

* removed node-jose

* added PKCE tests
2018-09-14 11:00:33 -04:00
Danny Coates fb7176d989
added fxa auth to /params 2018-08-31 11:43:56 -07:00
Danny Coates 718d74fa50
Implemented FxA 2018-08-30 22:10:08 -07:00
Emily c9ae76b209 hook multifile to ui 2018-08-03 16:10:00 -07:00
Danny Coates d14aeb29e9
began adding capability flags 2018-07-31 11:29:26 -07:00
Danny Coates ddeaf8076d
added wss to csp connect-src 2018-07-12 14:27:49 -07:00
Danny Coates af7a262ef0
refactored upload away from multipart forms to binary data 2018-05-31 14:10:02 -07:00
Danny Coates 74728782f3
removed unsafe-inline styles via svgo-loader. fixes #740 2018-02-26 11:48:28 -08:00
Danny Coates 22e836c98a
removed unused deps 2018-02-24 18:00:43 -08:00
Danny Coates 3fd2537311
refactored server 2018-02-09 15:03:05 -08:00
Danny Coates 1c5e47b4c4
validate id param without middleware 2018-02-05 17:21:32 -08:00
Danny Coates aae61f9451
extracted server id validation 2018-02-05 16:37:06 -08:00
Danny Coates 97ad674be2
added /api/info/:id route 2018-01-30 17:29:51 -08:00
Danny Coates 7b4060f9e1
Added multiple download option 2017-12-04 15:52:31 -08:00
Danny Coates b54f4575ee
allow inline styles. fixes #644 2017-11-15 10:54:13 -08:00
Danny Coates bfcdf9340d
use fluent-langneg for subtag support 2017-11-10 12:40:18 -08:00
Danny Coates 2e233da16d
unsupport MS Edge (for now, sorry) and some http header nits 2017-11-06 13:36:56 -08:00
Danny Coates bc24a069da
Add optional password to the download url 2017-10-10 10:45:10 -07:00
Danny Coates 74718d6361
disable CSP when env = development 2017-08-29 11:19:21 -07:00
Danny Coates 0a31e2d521
fixed __heartbeat__ route 2017-08-25 10:03:49 -07:00
Danny Coates 53e822964e
a few changes to make A/B testing easier 2017-08-25 09:44:52 -07:00