AaronDewes
38746b86fd
Update eslint & plugins
...
Also replace eslint-plugin-node with the maintained eslint-plugin-n
2022-08-09 15:26:25 +00:00
Marian Hähnlein
560747106b
Add ability to change the branding
2022-05-02 13:38:16 +02:00
Cullen Walsh
02e8cb264f
Add detect_base_url config
...
This diff adds the detect_base_url config, controlled by the
DETECT_BASE_URL env variable. When set to true, the BASE_URL setting is
ignored, and the base_url is derived from the request protocol and host
header.
Test Plan: Started up a local instance in my homelab, running docker
node:15 image with a nginx reverse proxy. Configured nginx to use the
same backend with multiple hostnames on https. Opened in browser and
confirmed og:url meta tag uses correct url.
2021-05-05 22:19:11 -07:00
Aaron
f5bb74e921
index.js: Add "data:" as an allowed image source in CSP
...
Signed-off-by: Aaron <admin@datahoarder.dev>
2021-04-21 21:40:15 +02:00
Romain Hv
a0bc20aeb6
Remove metrics #4
2021-03-15 19:56:51 +01:00
timvisee
3165086869
Remove legal page, add no affiliation text in footer
2021-01-09 19:14:42 +01:00
io mintz
44c03e355f
CSP: remove a bunch of unused mozilla-only domains and FXA domains
2020-11-13 22:24:38 +00:00
Danny Coates
b5ef1785ab
replaced fxa-geodb with load balancer header
...
Co-authored-by: timvisee <tim@visee.me>
2020-10-16 15:51:28 +02:00
Danny Coates
ccbcb69666
Merge pull request #1434 from MichaelPeter-Shockoe/master
...
modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL
2020-07-09 19:37:02 -07:00
jackyzy823
e2876b119d
add configs to handle content-security-policy correctly for custom fxa urls
2020-06-11 21:57:48 +08:00
Michael Peter
5ff6266a5e
modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL
2020-01-17 17:47:09 -05:00
Danny Coates
d5c488196d
no-cache harder
2019-09-05 13:33:12 -07:00
Danny Coates
58191975b9
stubbed /login page for redirect base login flow
2019-07-23 09:27:34 -07:00
Danny Coates
b9c87fd779
updated tailwindcss to 1.0
2019-06-14 11:37:30 -07:00
Danny Coates
efea0e5ab0
added gravatar to CSP image-src
2019-03-31 13:04:15 -07:00
Danny Coates
8cf3b89f91
increase file id to 8 bytes
2019-03-26 09:32:44 -07:00
Danny Coates
fb0f0f0b5d
added gcp dev to csp
2019-03-06 12:59:54 -08:00
Danny Coates
445811931f
added accounts.firefox.com to csp connect-src for /metrics-flow
2019-03-05 13:05:51 -08:00
Danny Coates
f968083f74
added '-' to /api/filelist validation
2019-02-26 19:58:03 -08:00
Danny Coates
4cb6646cce
updated filelist storage so userid is not used directly
2019-02-26 13:53:11 -08:00
Danny Coates
1c44d1d0f9
added /config endpoint, use fewer globals ( #1172 )
...
* added /config endpoint, use fewer globals
* fixed integration tests
2019-02-26 10:39:50 -08:00
Danny Coates
cccc1a5383
enabled accounts on Edge
2019-02-25 11:44:44 -08:00
Danny Coates
c146c584f6
static require cryptofill for Edge
2019-02-21 11:21:06 -08:00
Danny Coates
8eaacfea18
use text/plain on /api/metrics
2019-02-15 11:59:39 -08:00
Danny Coates
9b37e92a81
implemented amplitude metrics ( #1141 )
2019-02-12 11:50:06 -08:00
Danny Coates
d4528848d9
moved jsconfig code into initScript
2018-11-20 12:23:05 -08:00
Danny Coates
416b9902cb
added a webmanifest ( #1023 )
2018-11-20 15:00:32 -05:00
Danny Coates
932a2a4576
removed unused code
2018-11-01 10:44:47 -07:00
Danny Coates
0e5202c470
updated modal
2018-11-01 10:44:45 -07:00
Danny Coates
cc85486414
wip
2018-11-01 10:43:14 -07:00
Danny Coates
a997a44a23
renamed auth route
2018-09-26 12:22:51 -07:00
Danny Coates
c8bf3101aa
fixed multiple issues with the /signin page. #935 #936 #937
2018-09-24 12:01:39 -07:00
Danny Coates
7ccf462bf8
implemented PKCE auth ( #921 )
...
* implemented PKCE auth
* removed node-jose
* added PKCE tests
2018-09-14 11:00:33 -04:00
Danny Coates
fb7176d989
added fxa auth to /params
2018-08-31 11:43:56 -07:00
Danny Coates
718d74fa50
Implemented FxA
2018-08-30 22:10:08 -07:00
Emily
c9ae76b209
hook multifile to ui
2018-08-03 16:10:00 -07:00
Danny Coates
d14aeb29e9
began adding capability flags
2018-07-31 11:29:26 -07:00
Danny Coates
ddeaf8076d
added wss to csp connect-src
2018-07-12 14:27:49 -07:00
Danny Coates
af7a262ef0
refactored upload away from multipart forms to binary data
2018-05-31 14:10:02 -07:00
Danny Coates
74728782f3
removed unsafe-inline styles via svgo-loader. fixes #740
2018-02-26 11:48:28 -08:00
Danny Coates
22e836c98a
removed unused deps
2018-02-24 18:00:43 -08:00
Danny Coates
3fd2537311
refactored server
2018-02-09 15:03:05 -08:00
Danny Coates
1c5e47b4c4
validate id param without middleware
2018-02-05 17:21:32 -08:00
Danny Coates
aae61f9451
extracted server id validation
2018-02-05 16:37:06 -08:00
Danny Coates
97ad674be2
added /api/info/:id route
2018-01-30 17:29:51 -08:00
Danny Coates
7b4060f9e1
Added multiple download option
2017-12-04 15:52:31 -08:00
Danny Coates
b54f4575ee
allow inline styles. fixes #644
2017-11-15 10:54:13 -08:00
Danny Coates
bfcdf9340d
use fluent-langneg for subtag support
2017-11-10 12:40:18 -08:00
Danny Coates
2e233da16d
unsupport MS Edge (for now, sorry) and some http header nits
2017-11-06 13:36:56 -08:00
Danny Coates
bc24a069da
Add optional password to the download url
2017-10-10 10:45:10 -07:00