Commit graph

84 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
4852a37653
Merge commit '3902f9a4767fe6e62ac5146728d8311b8cd227e0' 2022-04-28 11:52:15 +02:00
Bjørn Erik Pedersen
5b5dcb8d5a
Merge commit 'ec920363cdeb687c8bcac9c242767d366fb058cb' 2022-04-08 13:32:01 +02:00
Bjørn Erik Pedersen
d7497b28c1
Merge commit 'd276e901b36d2576ef8350ed96b17f66254eac1b' 2022-03-26 11:04:57 +02:00
Bjørn Erik Pedersen
c707b71cdf
Merge commit '230a495941b191af0bdaa7e2fc8c61607cb38207' 2022-02-14 12:58:42 +01:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
6c841a691e
Merge commit '8d9511a08f14260cbfb73119e4afae50e5a9966d' 2021-12-08 08:54:25 +01:00
Paul van Brouwershaven
66753416b5
Make resources.Get use a file cache for remote resources
Closes #9228
2021-12-02 12:56:25 +01:00
Bjørn Erik Pedersen
4b36498a85
Merge commit 'aa5ac36a3eb68b86c803caec703869efefc8447e' 2021-10-31 13:53:55 +01:00
Helder Pereira
d966f5d08d highlight: Remove some pygments references 2021-08-21 15:50:49 +02:00
Bjørn Erik Pedersen
494f284be3
docs: Adjust config docs 2021-08-03 12:22:02 +02:00
Bjørn Erik Pedersen
0934983529
Merge commit 'bd77f6e1c99e04a476f0b1bb4e44569134e02399' into release-0.87.0 2021-08-03 11:52:57 +02:00
Bjørn Erik Pedersen
1c5b025dd0
docs: Adjust time zone docs 2021-08-03 11:51:28 +02:00
Bjørn Erik Pedersen
efa5760db5 Add timezone support for front matter dates without one
Fixes #8810
2021-07-27 19:02:48 +02:00
Bjørn Erik Pedersen
4479f09c9c
Merge commit '7eb0e10a80708c638554b8221a3120dc1168566c' 2021-07-04 16:34:53 +02:00
Bjørn Erik Pedersen
a074f758b0
Merge commit '92405e5b0adc5d8c3dfde88d6a8b67eb09169190' 2021-06-18 12:57:19 +02:00
Bjørn Erik Pedersen
d392893cd7
Misc config loading fixes
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes #8633
Fixes #8618
Fixes #8630
Updates #8591
Closes #6680
Closes #5192
2021-06-14 17:00:32 +02:00
Bjørn Erik Pedersen
162f41d0ef
Merge commit '32ba623541d74ee0b7ae4efb1b8326dc49af28b8' 2021-06-08 18:47:53 +02:00
Bjørn Erik Pedersen
d7b22aee46
Merge commit 'c239c643fee10bfa217cb108755b798f8f5f3b10' 2021-05-01 11:45:45 +02:00
Bjørn Erik Pedersen
8f7891e70c
Merge commit '07b8d9466dfb59c429c1b470a0443337bc0aeefe' 2021-04-20 20:22:53 +02:00
Bjørn Erik Pedersen
c94aa5cf46
Merge commit '81689af79901f0cdaff765cda6322dd4a9a7ccb3' 2021-03-21 13:31:17 +01:00
Bjørn Erik Pedersen
b725253f9e Attributes for code fences should be placed after the lang indicator only
Fixes #8313
2021-03-20 19:15:11 +01:00
Bjørn Erik Pedersen
cd0c5d7ef3 Allow markdown attribute lists to be used in title render hooks
Fixes #8270
2021-02-23 18:08:39 +01:00
Bjørn Erik Pedersen
2681633db8 markup/goldmark: Add attributes support for blocks (tables etc.)
E.g.:

```
> foo
> bar
{.myclass}
```

There are some current limitations: For tables you can currently only apply it to the full table, and for lists the ul/ol-nodes only, e.g.:

```
* Fruit
  * Apple
  * Orange
  * Banana
  {.fruits}
* Dairy
  * Milk
  * Cheese
  {.dairies}
{.list}
```

Fixes #7548
2021-02-08 19:52:55 +01:00
Bjørn Erik Pedersen
a1a9f088b1
Merge commit 'e48ffb763572814a3788780bb9653dfa2daeae22' 2021-01-20 12:48:39 +01:00
Bjørn Erik Pedersen
4f1e4bb3fe
Merge commit '9f1265fde4b9ef186148337c99f08601633b6056' 2020-11-27 09:30:05 +01:00
Bjørn Erik Pedersen
7e223b3baa Allow setting the delimiter used for setting config via OS env, e.g. HUGO_
Fixes #7829
2020-11-25 20:34:34 +01:00
Bjørn Erik Pedersen
85e4dd7370 Make js.Build fully support modules
Fixes #7816
Fixes #7777
Fixes #7916
2020-11-03 13:04:37 +01:00
Bjørn Erik Pedersen
5e39eb20a6
Merge commit 'e5568488051a571df48401e03f1304b95dbc9028' 2020-10-06 16:24:00 +02:00
Bjørn Erik Pedersen
5e2a547cb5 Add force flag to server redirects config
Fixes #7778
2020-10-05 22:20:00 +02:00
Bjørn Erik Pedersen
b9e4f5898b
Merge commit '7d7771b673e5949f554515a2c236b23192c765c8' 2020-09-07 21:37:51 +02:00
Bjørn Erik Pedersen
f1916f114b
Merge commit '6aa5c9117fd34644459ea9bcfb1b3f5010658d5d' 2020-07-07 07:00:01 +02:00
Bjørn Erik Pedersen
fc045e12a9 Rename taxonomy kinds from taxonomy to term, taxonomyTerm to taxonomy
And we have taken great measures to limit potential site breakage:

* For `disableKinds` and `outputs` we try to map from old to new values if possible, if not we print an ERROR that can be toggled off if not relevant.
* The layout lookup is mostly compatible with more options for the new `term` kind.

That leaves:

* Where queries in site.Pages using taxonomy/taxonomyTerm Kind values as filter.
* Other places where these kind value are used in the templates (classes etc.)

Fixes #6911
Fixes #7395
2020-06-18 09:09:56 +02:00
Bjørn Erik Pedersen
0a9172672a
Merge commit 'efa74c5c6e6ff1daddeb5834ea7c69bed2acf171' 2020-06-16 14:19:31 +02:00
Bjørn Erik Pedersen
f8c67f93e1 Allow hook template per section/type
Fixes #7349
2020-06-02 19:02:10 +02:00
Bjørn Erik Pedersen
626b16e024
Merge commit '9e1dcefc5f559944b70d2fa520f6acd5c56a69f2' 2020-05-31 12:43:33 +02:00
Bjørn Erik Pedersen
6a3e89743c Add redirect support to the server
Fixes #7323
2020-05-28 16:25:34 +02:00
Yash Murty
9613e3e8a8 Fix typo in install instructions 2020-05-27 13:54:11 +02:00
Bjørn Erik Pedersen
e0e81b280f
Merge commit 'c9403cbceaaeff53ff4833561f4eefe1dc1a405e' 2020-05-18 15:25:26 +02:00
Bjørn Erik Pedersen
e4621446ce
Merge commit '89044b8f8795f17c36396c67823183a20fc88139' 2020-05-06 12:12:57 +02:00
Bjørn Erik Pedersen
30748decf1
Merge commit 'da3c3e5fbd0de65f956618cd2e35401460a3cd02' 2020-04-10 09:06:04 +02:00
Bjørn Erik Pedersen
3d84ef9720
Merge commit 'c494c37a4523fbf2db6274dc87e0877fd5bec24b' 2020-03-31 22:11:54 +02:00
Stéphane Wirtel
b6e097cfe6 fix typo in getting started 2020-03-24 17:31:37 +01:00
Bjørn Erik Pedersen
7204b354a9 Some minify configuration adjustments 2020-03-20 20:35:57 +01:00
Bjørn Erik Pedersen
c947351d7c
Merge commit 'aa54803a84208816e9c678359bd3f86760484ce0' 2020-03-20 09:19:29 +01:00
Bjørn Erik Pedersen
63393230c9
docs: Doument the server config 2020-03-09 20:36:00 +01:00
Bjørn Erik Pedersen
6b61f2a5bb
Merge commit '14e369b961943a0b977776899e24e8bea63834df' 2020-03-09 20:21:17 +01:00
Bjørn Erik Pedersen
3d3fa5c3fe Add build.UseResourceCacheWhen
Fixes #6993
2020-03-03 13:29:58 +01:00
Bjørn Erik Pedersen
1e5eb8679e
Merge commit '3c0036805d64fdd8290f1c4a31371780ff3ea365' 2020-02-06 13:03:30 +01:00
Bjørn Erik Pedersen
d62ede8e9e
docs: Document the new autoHeadingIDType setting
See #6707
See #6616
2020-01-05 12:10:12 +01:00
Bjørn Erik Pedersen
469351d5b6
Merge commit '26f1458a2df6b55eee3a5de46f5fec23a43a7c7d' 2020-01-05 11:14:51 +01:00