Commit graph

85 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
2c3d4dfb74 Add cache busting config to support Tailwind 3
Fixes #10974
2023-05-22 14:14:35 +02:00
Bjørn Erik Pedersen
2637b4ef4d Allow whitelisting mediaTypes used in resources.GetRemote
Fixes #10286
2023-05-20 20:16:45 +02:00
Bjørn Erik Pedersen
7c7baa6183 Add hugo.WorkingDir
Fixes #10969
2023-05-20 17:45:56 +02:00
Bjørn Erik Pedersen
4f085e80da Make language merging of markup etc. config without values in the root
Updates #10953
2023-05-20 12:40:32 +02:00
Bjørn Erik Pedersen
03cb38e6c6
Allow legacy taxonomyTerm in disableKinds
Updates #10953
2023-05-19 09:17:55 +02:00
Andreas Deininger
ad4bc969da Fix warn message about custom params on the language top level 2023-05-19 08:43:02 +02:00
Oleksandr Redko
610cedaa61 all: Fix comments for exported functions and packages 2023-05-18 21:25:27 +02:00
Bjørn Erik Pedersen
7c647bcaeb Allow empty params.mainSections
Updates #10953
2023-05-18 17:55:29 +02:00
Bjørn Erik Pedersen
3f00f47535 commands: Load config before creating the filesystem
To allow publishDir to be set in config file.
2023-05-18 15:38:25 +02:00
Bjørn Erik Pedersen
8a69ccbb00 commands: Improve the common build flag handling
Updates #10947
2023-05-17 22:13:29 +02:00
Bjørn Erik Pedersen
7ce033a89d Support, but warn, about top level language custom params
Updates #10947
2023-05-17 22:13:29 +02:00
Bjørn Erik Pedersen
05542130ba Handle transient errors in config loading etc.
As in: Get the Kubernetes site to build with the new Hugo version.

Updates #10947
2023-05-17 22:13:29 +02:00
Bjørn Erik Pedersen
241b21b0fd Create a struct with all of Hugo's config options
Primary motivation is documentation, but it will also hopefully simplify the code.

Also,

* Lower case the default output format names; this is in line with the custom ones (map keys) and how
it's treated all the places. This avoids doing `stringds.EqualFold` everywhere.

Closes #10896
Closes #10620
2023-05-16 18:01:29 +02:00
Oleksandr Redko
36ce3a4a9d Correct typos in Go comments 2023-03-02 16:32:32 +01:00
Bjørn Erik Pedersen
c6b3887696
config/security: Add O\w+ (e.g. GOROOT) to the default allowed list
Fixes #10429
2023-01-17 10:52:51 +01:00
Bjørn Erik Pedersen
f38a2fbd2e Make hugo.toml the new config.toml
Both will of course work, but hugo.toml will win if both are set.

We should have done this a long time ago, of course, but the reason I'm picking this up now is that my VS Code setup by default picks up some
JSON config schema from some random other software which also names its config files config.toml.

Fixes #8979
2023-01-16 15:34:16 +01:00
Bjørn Erik Pedersen
e402d91ee1 Misc doc, code refactoring to improve documentation 2023-01-04 18:01:26 +01:00
septs
dc44bca963
config/security: Add CI env var to whitelist 2022-12-02 12:13:34 +01:00
Ricardo N Feliciano
e3f31352d4
config/security: Fix filename 2022-10-02 12:52:04 +02:00
Mathieu Parent
86653fa38e
config/security: Allow proxy variables in subcommands
In particular for go get
2022-09-19 12:37:35 +02:00
Bjørn Erik Pedersen
a5cda5ca4d server: Add 404 support 2022-09-14 14:25:33 +02:00
Bjørn Erik Pedersen
fd75f129b2 deps: Update github.com/pelletier/go-toml/v2 v2.0.2 => v2.0.4
Closes #10210
2022-08-26 18:30:46 +02:00
Bjørn Erik Pedersen
87a22eb6d6 server: Fix SIGINT handling after loading bad configuration
Also fix the config error messages.

Fixes #9664
2022-05-15 22:58:05 +02:00
Bjørn Erik Pedersen
4b189d8fd9 postcss: Fix import error handling
Note that we will now fail if `inlineImports` is enabled and we cannot resolve an import.

You can work around this by either:

* Use url imports or imports with media queries.
* Set `skipInlineImportsNotFound=true` in the options

Also get the argument order in the different NewFileError* funcs in line.

Fixes #9895
2022-05-15 20:25:25 +02:00
Bjørn Erik Pedersen
5c96bda70a
errors: Misc improvements
* Redo the server error template
* Always add the content file context if relevant
* Remove some now superflous error string matching
* Move the server error template to _server/error.html
* Add file context (with position) to codeblock render blocks
* Improve JS build errors

Fixes #9892
Fixes #9891
Fixes #9893
2022-05-14 13:40:56 +02:00
Bjørn Erik Pedersen
f2946da9e8 Improve error messages, esp. when the server is running
* Add file context to minifier errors when publishing
* Misc fixes (see issues)
* Allow custom server error template in layouts/server/error.html

To get to this, this commit also cleans up and simplifies the code surrounding errors and files. This also removes the usage of `github.com/pkg/errors`, mostly because of https://github.com/pkg/errors/issues/223 -- but also because most of this is now built-in to Go.

Fixes #9852
Fixes #9857
Fixes #9863
2022-05-06 19:43:22 +02:00
Bjørn Erik Pedersen
d070bdf10f
Rework the Destination filesystem to make --renderStaticToDisk work
See #9626
2022-04-08 13:26:17 +02:00
Bjørn Erik Pedersen
0e305d6958 all: Use strings.Cut
Updates #9687
2022-03-21 09:32:35 +01:00
Bjørn Erik Pedersen
b80853de90
all: gofmt -w -r 'interface{} -> any' .
Updates #9687
2022-03-17 22:03:27 +01:00
Bjørn Erik Pedersen
ec8b767fa6 Remove Viper as a dependency 2022-02-23 22:40:23 +01:00
Bjørn Erik Pedersen
623dda7174 Revert "config/security: Add HOME to default exec env var whitelist"
There have been one report in the wild suggesting that this needs to be tested better before doing:

https://discourse.gohugo.io/t/hugo-mod-failing-in-v0-91-1-but-works-in-v0-91-0/36180/5

This reverts commit fca266ebbb.
2021-12-23 16:23:15 +01:00
Bjørn Erik Pedersen
fca266ebbb config/security: Add HOME to default exec env var whitelist
See #9309
2021-12-22 11:33:59 +01:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
f4ffeea71d Fix it so disableKinds etc. does not get merged in from theme
Unless the merge strategy is set up to do so.

For `disableKinds` the current workaround is to make sure the project config has an entry, even if is empty:

```
disableKinds = []
```

Note that this issue only touches root, non-map config-values that either is not set in project config or in Hugo's defaults.

Fixes #8866
2021-08-22 13:25:20 +02:00
Bjørn Erik Pedersen
d70c485707
Make sure module config loading errors have file positioning info
Fixes #8845
2021-08-03 09:57:14 +02:00
Bjørn Erik Pedersen
c7252224c4 Deprecate Blackfriday and fix a potential deadlock in config
Note that the deadlock has not been seen earlier, in tests on in real Hugo sites.

Fixes #8792
Fixes #8791
2021-07-26 16:28:16 +02:00
Bjørn Erik Pedersen
5cb52c2315 Add config.cascade
This commit adds support for using the `cascade` keyword in your configuration file(s), e.g. `config.toml`.

Note that

* Every feature of `cascade` is available, e.g. `_target` to target specific page sets.
* Pages, e.g. the home page, can overwrite the cascade defined in config.

Fixes #8741
2021-07-10 11:13:41 +02:00
Bjørn Erik Pedersen
49fedbc51c
config: Fix handling of invalid OS env config overrides
Fixes #8709
2021-06-29 09:38:05 +02:00
Bjørn Erik Pedersen
19aa95fc7f Fix config handling with empty config entries after merge
Fixes #8701
2021-06-27 15:01:56 +02:00
Bjørn Erik Pedersen
093dacab29 Fix language menu config regression
Fixes #8672
2021-06-24 13:03:09 +02:00
Bjørn Erik Pedersen
4a9d408fe0 config: Fix merge of config with map[string]string values.
Fixes #8679
2021-06-22 21:38:28 +02:00
Bjørn Erik Pedersen
bb2aa08709 Implement configuration in a directory for modules
Fixes #8654
2021-06-18 12:54:30 +02:00
Bjørn Erik Pedersen
d392893cd7
Misc config loading fixes
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes #8633
Fixes #8618
Fixes #8630
Updates #8591
Closes #6680
Closes #5192
2021-06-14 17:00:32 +02:00
Bjørn Erik Pedersen
9b5debe4b8 Upgrade Instagram shortcode
Fixes #7879
2021-06-08 10:30:45 +02:00
卜木
ee733085b7
config: Fix env split to allow = character in values
Fixes #8589
2021-05-30 20:25:37 +02:00
Phil Davis
04b89857e1
all: Fix minor typos 2020-12-16 12:11:32 +01:00
Bjørn Erik Pedersen
d90e37e0c6 all: Format code with gofumpt
See https://github.com/mvdan/gofumpt
2020-12-03 13:12:58 +01:00
Bjørn Erik Pedersen
85e4dd7370 Make js.Build fully support modules
Fixes #7816
Fixes #7777
Fixes #7916
2020-11-03 13:04:37 +01:00
Bjørn Erik Pedersen
5e2a547cb5 Add force flag to server redirects config
Fixes #7778
2020-10-05 22:20:00 +02:00
Josh Gerdes
edc5c4741c tpl: Add Do Not Track (dnt) option to Vimeo shortcode
Added a Vimeo EnableDNT privacy option to the Hugo config. This will enable the Vimeo 'Do Not Track' flag when either Vimeo shortcode tempalte options are used. When enabled, it will force the Vimeo player to be blocked from tracking any session data, including all cookies and stats.

Fixes #7700
2020-10-02 23:02:38 +02:00