This commit changes the
- default-src to none, so everything is disallowed by default
- base-uri, connect-uri and font-src to self,
so these are restricted to the current origin
- frame-src to allow SlideShare, Vimeo and YouTube
- script-src to the specific paths that are used by HedgeDoc to serve scripts.
This explicitly does not include the /uploads route
- style-src to the specific paths that are used by HedgeDoc to serve styles
-
Signed-off-by: David Mehren <git@herrmehren.de>
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.
This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds retry logic to the initial DB connection on startup.
HedgeDoc now tries connecting to the database up to 30 times, waiting
one second after each try.
This gives a database that was simultaneously started (e.g. via
docker-compose) enough time to get ready to accept connections.
Signed-off-by: David Mehren <git@herrmehren.de>
This patch fixes the swollowing of the actual error message that appears
when a file fails to move, after being uploaded to Hedgedoc on an
instance that is using the upload-method `filesystem` active.
This became apparent when the error messages provided by some users,
where less than helpful.
As a solution the error message of the copy command was added to the
error that is output to the console.
https://community.hedgedoc.org/t/image-upload-fail-docker/439
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
`MathJax/extensions/a11y/mathmaps` contains .js files that are
not actually valid JavaScript, tripping up ESBuild.
This excludes them from the minification step
Signed-off-by: David Mehren <git@herrmehren.de>
HedgeDoc crashed with
`uncaughtException: ENOENT: no such file or directory`
on startup, when `.git/ref/heads` did not contain
a file for the current branch. This seems to happen
regularly with current Git versions.
This fixes the crash by first trying to use the `git` executable for
getting the current commit SHA (before running our own parsing code)
and introducing a separate check to prevent accessing a nonexistent
file in `.git/ref/heads`.
Signed-off-by: David Mehren <git@herrmehren.de>
`socket.io` already depends on `ws` and uses it by default.
The separate dependency to and initialization of `ws` sees to be
a relic of the past usage of `uws`, but is redundant now.
As documented in https://socket.io/docs/v2/server-initialization/#Notable-options,
`perMessageDeflate` is now `false` by default.
Signed-off-by: David Mehren <git@herrmehren.de>
This patch implements 6 additional environment variables that are used
for configuration of the database in order to allow easier configuration
in containerised environments, such as Kubernetes.
An example is the upcoming deployment of the demo instance that will use
an operator-backed postgresql database. This operator exposes username
and password as separate variables and while it's obviously possible to
generate a dbURL from that, this won't be possible without additional
code. Aiming for a solution in Hedgedoc itself, will help us to enable
other people in using Hedgedoc on Kubernetes without resulting in overly
customised setups for simple tasks like this.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
According to the AWS documentation there is no situation that there is a dash in `s3-<region>.amazonaws.com`, the correct way is with a dot `s3.<region>.amazonaws.com`
Source: https://docs.aws.amazon.com/general/latest/gr/s3.html
Signed-off-by: Matej Cotman <matej.cotman@eficode.com>
