The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.
This is a cherry-pick of 852868419d.
Signed-off-by: haslersn <sebastian.hasler@gmx.net>
This patch adds the Malayalam translation to CodiMD. Do by our awesome
translation supporters civic john, Sooraj Kenoth, Nithin Prabhakaran and
Jothish.
Thank you very much!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The lack of a 'preventDefault' on the click event handler resulted in the dropbox link being unclickable.
Furthermore because of a missing CSP rule, the dropbox script couldn't be loaded. The dropbox origin is now added to the CSP script sources if dropbox integration is configured.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
The current version of CodiMD/HedgeDoc does only support translations to be filled on server-side rendering. To allow the translation of the changed/created texts, I duplicated the container that holds the text, and pre-filed these containers with the translation server-side. The client just needs to hide the unneeded container and show the right one to show the translated status text.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Until now client-side translations were only possible in the context of the intro/history page, because the locale-detection logic relied on the language selector as a source of available languages. The editor of course has no such selector. With this commit, I copied the list of available languages from the i18n-initialization (server-side) to support language detection in the editor too.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Add default values to configuration documentation when a default value is hard-coded. Specify **no default** otherwise.
Signed-off-by: oupala <oupala@users.noreply.github.com>
To make it more obvious for people, a note in the README as recommended
by danyork[1] seems like a good idea.
[1]: https://github.com/danyork
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
The projects are going into completely different directions these days.
Therefore I think it's no longer appropriated to have this note
around.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Linting markdown files according to default remark-lint configuration.
Files inside the `public` directory were not linted.
Signed-off-by: oupala <oupala@users.noreply.github.com>