1
0
Fork 0
mirror of https://github.com/gohugoio/hugo.git synced 2025-01-21 17:23:31 +00:00
Commit graph

12 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
241b21b0fd Create a struct with all of Hugo's config options
Primary motivation is documentation, but it will also hopefully simplify the code.

Also,

* Lower case the default output format names; this is in line with the custom ones (map keys) and how
it's treated all the places. This avoids doing `stringds.EqualFold` everywhere.

Closes 
Closes 
2023-05-16 18:01:29 +02:00
Bjørn Erik Pedersen
d070bdf10f
Rework the Destination filesystem to make --renderStaticToDisk work
See 
2022-04-08 13:26:17 +02:00
Bjørn Erik Pedersen
b80853de90
all: gofmt -w -r 'interface{} -> any' .
Updates 
2022-03-17 22:03:27 +01:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
f4ffeea71d Fix it so disableKinds etc. does not get merged in from theme
Unless the merge strategy is set up to do so.

For `disableKinds` the current workaround is to make sure the project config has an entry, even if is empty:

```
disableKinds = []
```

Note that this issue only touches root, non-map config-values that either is not set in project config or in Hugo's defaults.

Fixes 
2021-08-22 13:25:20 +02:00
Bjørn Erik Pedersen
c7252224c4 Deprecate Blackfriday and fix a potential deadlock in config
Note that the deadlock has not been seen earlier, in tests on in real Hugo sites.

Fixes 
Fixes 
2021-07-26 16:28:16 +02:00
Bjørn Erik Pedersen
5cb52c2315 Add config.cascade
This commit adds support for using the `cascade` keyword in your configuration file(s), e.g. `config.toml`.

Note that

* Every feature of `cascade` is available, e.g. `_target` to target specific page sets.
* Pages, e.g. the home page, can overwrite the cascade defined in config.

Fixes 
2021-07-10 11:13:41 +02:00
Bjørn Erik Pedersen
49fedbc51c
config: Fix handling of invalid OS env config overrides
Fixes 
2021-06-29 09:38:05 +02:00
Bjørn Erik Pedersen
19aa95fc7f Fix config handling with empty config entries after merge
Fixes 
2021-06-27 15:01:56 +02:00
Bjørn Erik Pedersen
093dacab29 Fix language menu config regression
Fixes 
2021-06-24 13:03:09 +02:00
Bjørn Erik Pedersen
4a9d408fe0 config: Fix merge of config with map[string]string values.
Fixes 
2021-06-22 21:38:28 +02:00
Bjørn Erik Pedersen
d392893cd7
Misc config loading fixes
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes 
Fixes 
Fixes 
Updates 
Closes 
Closes 
2021-06-14 17:00:32 +02:00