Commit graph

20 commits

Author SHA1 Message Date
Jordi Mallach
9bda8f2180 Allow setting documentMaxLength via CMD_DOCUMENT_MAX_LENGTH
Signed-off-by: Jordi Mallach <jordi@igalia.com>
2023-03-09 10:20:42 +01:00
Stéphane Maniaci
488e5f8a0a Revert "config: Add a flag to control the /metrics and /status endpoints"
This reverts commit d10ead4c6c.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
2023-02-05 20:39:13 +01:00
Stéphane Maniaci
d10ead4c6c config: Add a flag to control the /metrics and /status endpoints
It can be a security concern in some environments to expose system
capabilities even though they don't expose any PII. Add some
flags (defaulted `true` to maintain existing behaviour) to control
whether the /metrics and /status (and anything in the StatusRouter)
are exposed.

Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
2023-01-31 10:26:41 +01:00
Lautaro Alvarez
3585dc9ee6 Upload file to s3: make public a file on upload and allow to configure destination folder
New configurations:
- s3folder: (string) folder to save the files inside bucket
- s3publicFiles: (boolean) indicate if should send ACL parameters

Signed-off-by: Lautaro Alvarez <lautarolalvarez@gmail.com>
2022-07-10 17:44:17 +02:00
Philip Molares
a58f854295 docs: add info about unsupported CAs and node
Thanks to https://github.com/Clemens-Dautermann

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2022-06-05 22:13:06 +02:00
David Mehren
d88dd31cc2 docs: add example for generating sessionSecret
Signed-off-by: David Mehren <git@herrmehren.de>
2022-04-03 20:41:08 +02:00
Moritz Schlarb
e6fc9f01a3 Allow SAML authentication provider to be named
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.

Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
2022-03-20 19:59:53 +01:00
ProttoyChakraborty
96518a96a3 Updated configuration.md
Signed-off-by: ProttoyChakraborty <pchakraborty2002@gmail.com>
2021-10-01 19:17:04 +05:30
David Mehren
957d7d553e
Merge pull request #1394 from hedgedoc/remove-cdn 2021-08-15 20:11:26 +02:00
David Mehren
31bfd6d779
Clarify csp.allowFraming docs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
2ac89d3334
Use consistent wording in CSP docs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
6c722f0ad6
Add config option to disallow embedding PDFs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:31 +02:00
David Mehren
bd44cbc16c
Add config option to disallow framing via CSP
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-15 00:22:30 +02:00
Tilman Vatteroth
9498ee6bfe
Remove cdn support
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-08-15 00:09:53 +02:00
Sheogorath
1428a8e006
feat(config): Improve configurability of database by env
This patch implements 6 additional environment variables that are used
for configuration of the database in order to allow easier configuration
in containerised environments, such as Kubernetes.

An example is the upcoming deployment of the demo instance that will use
an operator-backed postgresql database. This operator exposes username
and password as separate variables and while it's obviously possible to
generate a dbURL from that, this won't be possible without additional
code. Aiming for a solution in Hedgedoc itself, will help us to enable
other people in using Hedgedoc on Kubernetes without resulting in overly
customised setups for simple tasks like this.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2021-08-13 01:58:53 +02:00
David Mehren
5e771c2f65
Update Content Security Policy docs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
Tilman Vatteroth
ed9e74e68b
Fix link to sequelize database dialect docs
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2021-02-09 13:18:54 +01:00
Nicolas Dietrich
5e269e4af9 Keep JS and env varibale name in sync (requireFreeURLAuthentication)
Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2021-01-23 14:14:47 +01:00
Nicolas Dietrich
497569fee4 Add config option which requires authentication in FreeURL mode
This mitigates unintended note creation by bots or humans through a
simple GET call.

See discussion in #754.

Signed-off-by: Nicolas Dietrich <nidi@mailbox.org>
2021-01-22 16:52:49 +01:00
Tilman Vatteroth
eaeb88401d
Move docs into subdirectory to make mkdocs work in a subdirectory
Signed-off-by: Tilman Vatteroth <tilman.vatteroth@tu-dortmund.de>
2021-01-05 13:15:32 +01:00
Renamed from docs/configuration.md (Browse further)