Commit graph

3151 commits

Author SHA1 Message Date
David Mehren
c32b1cf42b
Don't store mermaid diagrams in innerHTML
Using jQuery's `.html()` method stores the given string as `innerHTML`, which enables injection of arbitrary DOM elements.
Using `.text()` instead mitigates this issue.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-27 10:14:27 +01:00
David Mehren
b23035c9a8
Merge pull request #640 from aptalca/patch-1
update linuxserver docker info
2020-12-27 10:12:11 +01:00
aptalca
b9c043bf6b update linuxserver docker info
Update badges and info to point to the newly published HedgeDoc image

Signed-off-by: aptalca <aptalca@linuxserver.io>
2020-12-24 17:00:31 -05:00
Yannick Bungers
89ecff4b1c
Merge pull request #637 from hedgedoc/improveConfigurationDocs
Update configuration.md
2020-12-22 20:57:48 +01:00
Philip Molares
a41d9e4c11 Update configuration.md
Added a more in depth example of how to set CMD_DB_URL or dbUrl

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2020-12-22 20:32:27 +01:00
David Mehren
23ade34cac
Merge pull request #636 from hedgedoc/Set-badge-to-SVG 2020-12-22 12:41:39 +01:00
ericgaspar
8dc215fd98
Set Install-with-yunohost bagde to SVG
Signed-off-by: ericgaspar <junk.eg@free.fr>
2020-12-21 23:28:56 +01:00
David Mehren
287e88bc74
Merge pull request #634 from hedgedoc/release/1.7.0 2020-12-21 22:53:48 +01:00
David Mehren
faf3010c39
Bump version to 1.7.0
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:36:40 +01:00
David Mehren
687fdf20cd
Add note about X-Forwarded-Proto to 1.7.0 release notes
This header needs to be set correctly if the reverse proxy terminates TLS, otherwise we don't send cookies.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:35:49 +01:00
David Mehren
e7409b265c
Merge release notes of 1.7.0-rc1 and rc2 into 1.7.0
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:28:53 +01:00
David Mehren
7273469022
Update yarn.lock
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 21:20:00 +01:00
David Mehren
6dde20942a
Merge pull request #632 from hedgedoc/webpack-css-contenthash
Generate CSS filenames with contenthash
2020-12-21 21:16:48 +01:00
David Mehren
96142bb21d
Merge pull request #633 from hedgedoc/fix-features-pdf-embed
Fix broken PDF embed in features page & explain embedding problems
2020-12-21 20:34:36 +01:00
David Mehren
a11d45ce27
Fix broken PDF embed in features page & explain embedding problems
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 17:20:33 +01:00
David Mehren
9f624d150c
Generate CSS filenames with contenthash
Previously, .css files always had the same name, which can lead to caching problems.
In our case, the new CSS for the HedgeDoc logo was not loaded when Chrome had the 1.6.0 CSS in the cache, leading the HedgeDoc logo filling the whole screen.
This commit adds the contenthash to the .css files generated by webpack, which ensures that changed files are always loaded.

References:
https://github.com/webpack-contrib/mini-css-extract-plugin#filename
https://webpack.js.org/configuration/output/#outputfilename
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-21 12:31:34 +01:00
David Mehren
96fbee3f86
Merge pull request #629 from hedgedoc/renovate/less-3.x
Update dependency less to v3.13.1
2020-12-21 11:43:15 +01:00
David Mehren
37b0c4b901
Merge pull request #627 from hedgedoc/renovate/copy-webpack-plugin-6.x
Update dependency copy-webpack-plugin to v6.4.1
2020-12-21 11:38:07 +01:00
Renovate Bot
4c1419a54e
Update dependency less to v3.13.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-18 15:54:19 +00:00
Renovate Bot
344f65ed2c
Update dependency copy-webpack-plugin to v6.4.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-16 13:54:40 +00:00
Yannick Bungers
276ae10c7f
Merge pull request #625 from hedgedoc/apache-docs 2020-12-13 20:18:53 +01:00
David Mehren
22d2bf00fc
Fix typo in reverse proxy docs
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-13 19:09:41 +01:00
David Mehren
2f5ca84605
Document reverse proxy config for Apache
As we found out in #616, Apache does not set the `X-Forwarded-Proto` header, which is now required because we switched to secure cookies in 383d791a50.

Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-13 19:09:34 +01:00
David Mehren
70ff301e15
Merge pull request #622 from hedgedoc/renovate/less-3.x
Update dependency less to v3.13.0
2020-12-13 18:57:19 +01:00
Renovate Bot
b4c6f3b22f
Update dependency less to v3.13.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-12 02:11:41 +00:00
David Mehren
e9973a28d4
Merge pull request #619 from hedgedoc/renovate/copy-webpack-plugin-6.x
Update dependency copy-webpack-plugin to v6.4.0
2020-12-11 17:45:51 +01:00
Renovate Bot
e4ce3cfc19
Update dependency copy-webpack-plugin to v6.4.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2020-12-07 15:43:22 +00:00
David Mehren
2338a98731
Merge pull request #613 from nidico/patch-1
Fix some typos in history.md
2020-12-03 22:18:50 +01:00
David Mehren
81e463250d
Release 1.7.0-rc2
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-02 23:15:56 +01:00
David Mehren
35f5dfa866
Update yarn.lock
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-02 21:04:29 +01:00
David Mehren
0989ae426e
Merge pull request #609 from hedgedoc/fix/oauth2-auth
Fix crash when OAuth2 config parameters are missing
2020-12-02 20:48:12 +01:00
David Mehren
ee227d3c00
Merge pull request #610 from hedgedoc/fix/migration-error-message 2020-12-02 20:42:07 +01:00
Tilman Vatteroth
0318ce3e83
Add missing catch
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-12-02 19:39:06 +01:00
Tilman Vatteroth
120225947f
Catch more errors
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-12-02 17:22:27 +01:00
David Mehren
df0482ea68
Merge pull request #614 from hedgedoc/update-pr-template-labels
Update issue templates to use the new labels
2020-12-02 15:52:23 +01:00
David Mehren
eb727810b5
Update issue templates to use the new labels
Signed-off-by: David Mehren <git@herrmehren.de>
2020-12-01 21:14:11 +01:00
David Mehren
0e8e213256
Merge pull request #605 from hedgedoc/YunoHost-link-update
Update yunohost.md
2020-12-01 10:15:43 +01:00
Nicolas Dietrich
0195d074a8
Fix some typos in history.md 2020-12-01 00:32:48 +01:00
David Mehren
3f86ffb882
Merge pull request #611 from hedgedoc/fix/renovate-label
Change label used by renovate to "type: maintenance"
2020-11-30 18:37:35 +01:00
Tilman Vatteroth
8600c2dae6
Change label used by renovate to "type: maintenance"
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-30 18:24:43 +01:00
Tilman Vatteroth
4ae80a3ed0
[Migrations] Replace similar code
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-30 17:39:50 +01:00
Tilman Vatteroth
a157599884
[Migrations] Add variant of error message to catch block
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2020-11-30 17:31:55 +01:00
David Mehren
cc7fa947bf
Fix crash when OAuth2 config parameters are missing
If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash.

This commit adds handling of these cases and improves error logging in `checkAuthorization`.

Fixes #608

Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-30 15:04:30 +01:00
ericgaspar
d1a0ca05af
Update yunohost.md
Signed-off-by: ericgaspar <junk.eg@free.fr>

Upgrade YunoHost doc link

Signed-off-by: ericgaspar <junk.eg@free.fr>
2020-11-30 14:16:10 +01:00
David Mehren
116fddd584
Merge pull request #401 from hedgedoc/wip_release/1.6.1 2020-11-29 17:33:41 +01:00
David Mehren
461e48e25b
Changelog for 1.7.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 17:23:30 +01:00
David Mehren
9caaaf48e3
Bump Version to 1.7.0-rc1
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 15:59:23 +01:00
David Mehren
96d2d23426
Update yarn.lock
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-29 15:59:01 +01:00
David Mehren
a5d835cb74
Merge pull request #597 from hedgedoc/fix/install-docs 2020-11-29 15:51:43 +01:00
David Mehren
c83c6cb226
Document that Git can also be used to checkout releases.
Signed-off-by: David Mehren <git@herrmehren.de>
2020-11-27 22:41:54 +01:00