Commit graph

6 commits

Author SHA1 Message Date
Alf Eaton
a5637651b5 Add Content-Security-Policy header (#3783)
* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header

GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
2021-03-26 03:04:55 +00:00
Jakob Ackermann
b19bd1ef61 Merge pull request #3781 from overleaf/jpa-xss-18
[views] mitigate Angular XSS in the user-activate module

GitOrigin-RevId: 88a4501699b92e33c7ee120d180e60825d82fbd5
2021-03-23 03:05:21 +00:00
Jakob Ackermann
f353728bda Merge pull request #3755 from overleaf/jpa-xss-2
[views] mitigate Angular XSS via email/new_email

GitOrigin-RevId: 3d127c283ba9f97c5b0e6c53a9d77f7f597058bb
2021-03-18 03:04:50 +00:00
Thomas
2d8167fa0a Merge pull request #3675 from overleaf/tm-main-landmarks-a11y
Add main landmark roles to multiple templates

GitOrigin-RevId: 80ae851fae015b21a3210d71d04287c0c9a3024d
2021-03-05 03:05:00 +00:00
Timothée Alby
21de9041fe Merge pull request #3059 from overleaf/jpa-fix-user-activate-rendering
[misc] user-activate: fix the path of the parent pug-template

GitOrigin-RevId: f740bf42b092cdb4cecc211ae569044a090e9ca1
2020-08-10 15:53:53 +00:00
Jakob Ackermann
53927bca95 [misc] move /user/activate into a module (#2962)
* [misc] move /user/activate into a module

Co-Authored-By: Nate Stemen <nate.stemen@overleaf.com>

* [misc] setup copybara for the new user-activate module

* [misc] move the /user/activate route behind a feature flag

...which is by default enabled.

Co-authored-by: Nate Stemen <nate.stemen@overleaf.com>
GitOrigin-RevId: 87fc5ae869a7e282ffdbeea0ff7b7c55b8b9b31b
2020-07-16 02:06:51 +00:00