hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-18 21:30:15 -04:00

History

David Mehren 9499add64c Tighten up default Content-Security-Policy This commit changes the - default-src to none, so everything is disallowed by default - base-uri, connect-uri and font-src to self, so these are restricted to the current origin - frame-src to allow SlideShare, Vimeo and YouTube - script-src to the specific paths that are used by HedgeDoc to serve scripts. This explicitly does not include the /uploads route - style-src to the specific paths that are used by HedgeDoc to serve styles - Signed-off-by: David Mehren <git@herrmehren.de>		2021-08-15 00:22:30 +02:00
..
config	Fix unescaped line break in `git` output	2021-08-15 00:16:46 +02:00
migrations	Add missing catch	2020-12-02 19:39:06 +01:00
models	Add help link and short explanation for failing migrations	2021-07-21 00:06:07 +02:00
ot	Fix logging in ot module	2018-11-13 23:30:13 +01:00
web	fix(image-upload): Fix swallowing of errors for filesystem	2021-08-14 20:04:08 +02:00
workers	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
csp.js	Tighten up default Content-Security-Policy	2021-08-15 00:22:30 +02:00
errors.js	Check for existing notes on POST and dont override them	2021-03-29 23:00:34 +02:00
history.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
letter-avatars.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
logger.js	Fix eslint warnings	2019-05-31 00:30:29 +02:00
prometheus.js	Add custom prometheus metrics	2021-04-25 20:06:56 +02:00
realtime.js	Linter: Fix all lint errors	2021-02-15 12:15:14 +01:00
response.js	Replace request library with node-fetch	2021-03-12 22:27:49 +01:00
utils.js	Exclude /metrics and /status routes from session initialization	2021-07-20 23:56:54 +02:00