Commit graph

66 commits

Author SHA1 Message Date
Bjørn Erik Pedersen
a838a27e4c
Merge commit 'd3927310d5b2404c3238f9b899db3329ea516490' 2023-05-27 17:02:23 +02:00
Bjørn Erik Pedersen
b95e156940
Merge commit 'f96384a3b596f9bc0a3a035970b09b2c601f0ccb' 2023-05-22 16:47:07 +02:00
Bjørn Erik Pedersen
7e539cb398
Merge commit 'cf591b7c0c598d34896709db6d28598da37e3ff6' 2023-02-23 07:52:04 +01:00
Bjørn Erik Pedersen
b661132e0a
Merge commit 'ef6f101e75256c3bb88a6f1f3b5c1273bf8d7382' 2023-01-17 12:51:46 +01:00
Bjørn Erik Pedersen
9a215d6950
Merge commit '41bc6f702aa54200530efbf4267e5c823df3028d' 2022-12-20 11:04:41 +01:00
Bjørn Erik Pedersen
f04cc581e1
Merge commit '00c4484c7092181729f6f470805bc7d72e8ad17b' 2022-11-17 16:16:19 +01:00
Bjørn Erik Pedersen
a5cda5ca4d server: Add 404 support 2022-09-14 14:25:33 +02:00
Bjørn Erik Pedersen
af23cdca9c
Merge commit '90ad8045056167004d27857a95542936657b8a16' 2022-09-13 20:34:24 +02:00
Bjørn Erik Pedersen
604cfffc5b
Merge commit '475f87f685439de0f907a9ffc29bfd1361eb1c59' 2022-06-16 07:22:11 +02:00
Bjørn Erik Pedersen
4852a37653
Merge commit '3902f9a4767fe6e62ac5146728d8311b8cd227e0' 2022-04-28 11:52:15 +02:00
Bjørn Erik Pedersen
5b5dcb8d5a
Merge commit 'ec920363cdeb687c8bcac9c242767d366fb058cb' 2022-04-08 13:32:01 +02:00
Bjørn Erik Pedersen
d7497b28c1
Merge commit 'd276e901b36d2576ef8350ed96b17f66254eac1b' 2022-03-26 11:04:57 +02:00
Bjørn Erik Pedersen
f4389e48ce
Add some basic security policies with sensible defaults
This ommmit contains some security hardening measures for the Hugo build runtime.

There are some rarely used features in Hugo that would be good to have disabled by default. One example would be the "external helpers".

For `asciidoctor` and some others we use Go's `os/exec` package to start a new process.

These are a predefined set of binary names, all loaded from `PATH` and with a predefined set of arguments. Still, if you don't use `asciidoctor` in your project, you might as well have it turned off.

You can configure your own in the new `security` configuration section, but the defaults are configured to create a minimal amount of site breakage. And if that do happen, you will get clear instructions in the loa about what to do.

The default configuration is listed below. Note that almost all of these options are regular expression _whitelists_ (a string or a slice); the value `none` will block all.

```toml
[security]
  enableInlineShortcodes = false
  [security.exec]
    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']
    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']

  [security.funcs]
    getenv = ['^HUGO_']

  [security.http]
    methods = ['(?i)GET|POST']
    urls = ['.*']
```
2021-12-16 09:40:22 +01:00
Bjørn Erik Pedersen
6c841a691e
Merge commit '8d9511a08f14260cbfb73119e4afae50e5a9966d' 2021-12-08 08:54:25 +01:00
Paul van Brouwershaven
66753416b5
Make resources.Get use a file cache for remote resources
Closes #9228
2021-12-02 12:56:25 +01:00
Bjørn Erik Pedersen
4b36498a85
Merge commit 'aa5ac36a3eb68b86c803caec703869efefc8447e' 2021-10-31 13:53:55 +01:00
Bjørn Erik Pedersen
494f284be3
docs: Adjust config docs 2021-08-03 12:22:02 +02:00
Bjørn Erik Pedersen
0934983529
Merge commit 'bd77f6e1c99e04a476f0b1bb4e44569134e02399' into release-0.87.0 2021-08-03 11:52:57 +02:00
Bjørn Erik Pedersen
1c5b025dd0
docs: Adjust time zone docs 2021-08-03 11:51:28 +02:00
Bjørn Erik Pedersen
efa5760db5 Add timezone support for front matter dates without one
Fixes #8810
2021-07-27 19:02:48 +02:00
Bjørn Erik Pedersen
4479f09c9c
Merge commit '7eb0e10a80708c638554b8221a3120dc1168566c' 2021-07-04 16:34:53 +02:00
Bjørn Erik Pedersen
a074f758b0
Merge commit '92405e5b0adc5d8c3dfde88d6a8b67eb09169190' 2021-06-18 12:57:19 +02:00
Bjørn Erik Pedersen
d392893cd7
Misc config loading fixes
The main motivation behind this is simplicity and correctnes, but the new small config library is also faster:

```
BenchmarkDefaultConfigProvider/Viper-16         	  252418	      4546 ns/op	    2720 B/op	      30 allocs/op
BenchmarkDefaultConfigProvider/Custom-16        	  450756	      2651 ns/op	    1008 B/op	       6 allocs/op
```

Fixes #8633
Fixes #8618
Fixes #8630
Updates #8591
Closes #6680
Closes #5192
2021-06-14 17:00:32 +02:00
Bjørn Erik Pedersen
8f7891e70c
Merge commit '07b8d9466dfb59c429c1b470a0443337bc0aeefe' 2021-04-20 20:22:53 +02:00
Bjørn Erik Pedersen
c94aa5cf46
Merge commit '81689af79901f0cdaff765cda6322dd4a9a7ccb3' 2021-03-21 13:31:17 +01:00
Bjørn Erik Pedersen
a1a9f088b1
Merge commit 'e48ffb763572814a3788780bb9653dfa2daeae22' 2021-01-20 12:48:39 +01:00
Bjørn Erik Pedersen
4f1e4bb3fe
Merge commit '9f1265fde4b9ef186148337c99f08601633b6056' 2020-11-27 09:30:05 +01:00
Bjørn Erik Pedersen
7e223b3baa Allow setting the delimiter used for setting config via OS env, e.g. HUGO_
Fixes #7829
2020-11-25 20:34:34 +01:00
Bjørn Erik Pedersen
85e4dd7370 Make js.Build fully support modules
Fixes #7816
Fixes #7777
Fixes #7916
2020-11-03 13:04:37 +01:00
Bjørn Erik Pedersen
5e39eb20a6
Merge commit 'e5568488051a571df48401e03f1304b95dbc9028' 2020-10-06 16:24:00 +02:00
Bjørn Erik Pedersen
5e2a547cb5 Add force flag to server redirects config
Fixes #7778
2020-10-05 22:20:00 +02:00
Bjørn Erik Pedersen
f1916f114b
Merge commit '6aa5c9117fd34644459ea9bcfb1b3f5010658d5d' 2020-07-07 07:00:01 +02:00
Bjørn Erik Pedersen
fc045e12a9 Rename taxonomy kinds from taxonomy to term, taxonomyTerm to taxonomy
And we have taken great measures to limit potential site breakage:

* For `disableKinds` and `outputs` we try to map from old to new values if possible, if not we print an ERROR that can be toggled off if not relevant.
* The layout lookup is mostly compatible with more options for the new `term` kind.

That leaves:

* Where queries in site.Pages using taxonomy/taxonomyTerm Kind values as filter.
* Other places where these kind value are used in the templates (classes etc.)

Fixes #6911
Fixes #7395
2020-06-18 09:09:56 +02:00
Bjørn Erik Pedersen
6a3e89743c Add redirect support to the server
Fixes #7323
2020-05-28 16:25:34 +02:00
Bjørn Erik Pedersen
e4621446ce
Merge commit '89044b8f8795f17c36396c67823183a20fc88139' 2020-05-06 12:12:57 +02:00
Bjørn Erik Pedersen
30748decf1
Merge commit 'da3c3e5fbd0de65f956618cd2e35401460a3cd02' 2020-04-10 09:06:04 +02:00
Bjørn Erik Pedersen
3d84ef9720
Merge commit 'c494c37a4523fbf2db6274dc87e0877fd5bec24b' 2020-03-31 22:11:54 +02:00
Stéphane Wirtel
b6e097cfe6 fix typo in getting started 2020-03-24 17:31:37 +01:00
Bjørn Erik Pedersen
7204b354a9 Some minify configuration adjustments 2020-03-20 20:35:57 +01:00
Bjørn Erik Pedersen
63393230c9
docs: Doument the server config 2020-03-09 20:36:00 +01:00
Bjørn Erik Pedersen
6b61f2a5bb
Merge commit '14e369b961943a0b977776899e24e8bea63834df' 2020-03-09 20:21:17 +01:00
Bjørn Erik Pedersen
3d3fa5c3fe Add build.UseResourceCacheWhen
Fixes #6993
2020-03-03 13:29:58 +01:00
Bjørn Erik Pedersen
1e5eb8679e
Merge commit '3c0036805d64fdd8290f1c4a31371780ff3ea365' 2020-02-06 13:03:30 +01:00
Bjørn Erik Pedersen
67f3aa72cf
Merge commit '2e711a28c71e8667258e5ab824f9b9a71c261b0a' 2019-12-15 10:37:36 +01:00
Bjørn Erik Pedersen
bfb9613a14
Add Goldmark as the new default markdown handler
This commit adds the fast and CommonMark compliant Goldmark as the new default markdown handler in Hugo.

If you want to continue using BlackFriday as the default for md/markdown extensions, you can use this configuration:

```toml
[markup]
defaultMarkdownHandler="blackfriday"
```

Fixes #5963
Fixes #1778
Fixes #6355
2019-11-23 14:12:24 +01:00
Bjørn Erik Pedersen
27aef3f1fb Merge commit 'b9bd35d72e14932fb6588ff62b90cddef0a060fc' as 'docs' 2019-10-21 10:22:28 +02:00
Bjørn Erik Pedersen
39121de4d9
docs: Replace /docs 2019-10-21 10:21:51 +02:00
Bjørn Erik Pedersen
77bf2991b1 docs: Add Hugo Modules docs 2019-07-25 13:21:30 +02:00
Bjørn Erik Pedersen
05d0eddd2b
Merge commit '35febb2e2a3780c3338a2665fddea7dda28a17f4' 2019-07-15 23:50:56 +02:00
Bjørn Erik Pedersen
4f61a926f6
Merge commit 'be04ece8590f775a52ea167fbe4555753e8c5211' 2019-05-25 10:41:51 +02:00