Commit graph

3471 commits

Author SHA1 Message Date
David Mehren
f86fae3bd7
Don't use eval-based source maps
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 23:04:45 +02:00
David Mehren
3cd169a650
Remove unsafe-eval from default CSP
As script-loader was removed in the previous commits,
we can finally tighten up security.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 23:04:45 +02:00
David Mehren
2cecb9184b
Merge pull request #1368 from hedgedoc/feature/remove_script_loader 2021-06-07 22:58:35 +02:00
David Mehren
5e771c2f65
Update Content Security Policy docs
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
David Mehren
7283ccd5e8
Allow configuring Disqus & GA CSP with env vars
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
David Mehren
0c6482abc5
Add release notes for CSP changes
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
David Mehren
52231f688d
Disable GA and Disqus in default CSP
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 22:57:12 +02:00
David Mehren
bf3b45bc11
Uninstall script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
fa1ed66088
Load abcjs from npm package
This also loads abcjs without script-loader.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
fddd97391b
Load gist-embed without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
1150c72fa7
Load handlebars without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
a98d184f2c
Load mermaid without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
bd62e79f7d
Load ot without script-loader
The ot library is tricky to load with Webpack, as it writes
it's functions into a global `ot` object and does not export anything.
I got it working using `exports-loader` to put the `ot` object
into a CommonJS export and then forcing Webpack to only
load using CommonJS.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
4f4a4cb747
Load jquery-textcomplete without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:37 +02:00
David Mehren
2515ad962b
Load inline-attachment without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:35 +02:00
David Mehren
cf867daf99
Load Idle.js without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:23 +02:00
David Mehren
0e7a9df97d
Load jquery-ui resizable from npm package
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:23 +02:00
David Mehren
e17cc6440f
Load codemirror and codemirror-spell-checker without script-loader
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 20:59:20 +02:00
David Mehren
5aeb7f4d0f
Merge pull request #1372 from hedgedoc/renovate/master-major-test-packages
chore(deps): update dependency mocha to v9 (master)
2021-06-07 19:23:46 +02:00
David Mehren
0df100d740
Merge pull request #1373 from hedgedoc/renovate/master-webpack-cli-4.x
chore(deps): update dependency webpack-cli to v4.7.2 (master)
2021-06-07 19:22:32 +02:00
Renovate Bot
8136358f2f
chore(deps): update dependency webpack-cli to v4.7.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 17:05:37 +00:00
Renovate Bot
fe8122be8f
chore(deps): update dependency mocha to v9
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 16:00:50 +00:00
David Mehren
8348a6bf10
Merge pull request #1364 from hedgedoc/renovate/master-webpack-merge-5.x
chore(deps): update dependency webpack-merge to v5.8.0 (master)
2021-06-07 17:57:05 +02:00
David Mehren
b9a5d7b214
Merge pull request #1352 from hedgedoc/renovate/master-linters
chore(deps): update dependency eslint to v7.28.0 (master)
2021-06-07 17:56:14 +02:00
Renovate Bot
1cebed4838
chore(deps): update dependency webpack-merge to v5.8.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:49:00 +00:00
Renovate Bot
1665664c38
chore(deps): update dependency eslint to v7.28.0
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:48:39 +00:00
David Mehren
b8ab985cc7
Merge pull request #1356 from hedgedoc/renovate/master-mermaid-8.x
chore(deps): update dependency mermaid to v8.10.2 (master)
2021-06-07 17:47:25 +02:00
David Mehren
33e509b05e
Merge pull request #1351 from hedgedoc/renovate/master-highlight.js-10.x
chore(deps): update dependency highlight.js to v10.7.3 (master)
2021-06-07 17:47:20 +02:00
Renovate Bot
2a922cd339
chore(deps): update dependency mermaid to v8.10.2
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:43:09 +00:00
Renovate Bot
7c6201a051
chore(deps): update dependency highlight.js to v10.7.3
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 15:42:53 +00:00
David Mehren
6a4060c5d2
Merge pull request #1365 from hedgedoc/renovate/master-webpack-cli-4.x
chore(deps): update dependency webpack-cli to v4.7.1 (master)
2021-06-07 17:42:36 +02:00
David Mehren
1422ccf0e1
Merge pull request #1357 from hedgedoc/renovate/master-mkdocs-material-7.x
chore(deps): update dependency mkdocs-material to v7.1.7 (master)
2021-06-07 17:41:28 +02:00
David Mehren
38f73d2872
Enable source-maps in Webpack production config
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 17:22:40 +02:00
David Mehren
578cb4d919
Enable SplitChunksPlugin in Webpack production config
Signed-off-by: David Mehren <git@herrmehren.de>
2021-06-07 17:22:40 +02:00
Renovate Bot
c04e44562d
chore(deps): update dependency webpack-cli to v4.7.1
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 14:06:30 +00:00
Renovate Bot
a3581c514b
chore(deps): update dependency mkdocs-material to v7.1.7
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-06-07 00:17:03 +00:00
David Mehren
cb1428d9b0
Merge pull request #1360 from hedgedoc/fix-docs-openapi
Fix link in openapi doc
2021-06-06 21:35:45 +02:00
Erik Michelson
df7a5e3f6c
Fix link in openapi doc
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2021-06-06 20:33:25 +02:00
David Mehren
87e5575f03
Merge pull request #1350 from hedgedoc/fix-cloudflare-warning
Remove explicit title from cloudflare warning
2021-06-04 22:46:26 +02:00
Tilman Vatteroth
9a6d5d675a
Remove explicit title from cloudflare warning
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-06-03 23:24:09 +02:00
Yannick Bungers
23fa44cd36
Merge pull request #1346 from hedgedoc/add-cloudflare-warning-to-docs
Add Cloudflare warning to the docs
2021-06-03 20:43:46 +02:00
Tilman Vatteroth
ff12e3b23e
Add Cloudflare warning to the docs
The cloudflare minify feature for HTML, CSS and JS breaks HedgeDoc.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
2021-06-03 17:30:07 +02:00
David Mehren
eeaf054806
Merge pull request #1343 from hedgedoc/renovate/master-lock-file-maintenance
chore(deps): lock file maintenance (master)
2021-06-01 20:05:03 +02:00
David Mehren
37139c7210
Merge pull request #1341 from hedgedoc/renovate/master-mkdocs-material-7.x
chore(deps): update dependency mkdocs-material to v7.1.6 (master)
2021-06-01 20:02:58 +02:00
Renovate Bot
6f1a9eac18
chore(deps): lock file maintenance
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-31 19:18:58 +00:00
Renovate Bot
4f592d32e2
chore(deps): update dependency mkdocs-material to v7.1.6
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-31 19:17:51 +00:00
David Mehren
9ce49c2292
Merge pull request #1331 from hedgedoc/renovate/master-linters
chore(deps): update linters (master)
2021-05-31 21:16:50 +02:00
Renovate Bot
485413473b
chore(deps): update linters
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-29 21:42:25 +00:00
David Mehren
68d14b198f
Merge pull request #1328 from hedgedoc/renovate/master-lock-file-maintenance
chore(deps): lock file maintenance (master)
2021-05-24 18:43:24 +02:00
Renovate Bot
e6d2ed0dc3
chore(deps): lock file maintenance
Signed-off-by: Renovate Bot <bot@renovateapp.com>
2021-05-24 16:34:43 +00:00