Commit graph

295 commits

Author SHA1 Message Date
Jakob Ackermann
224edddad4 [web] set a default, strict CSP on ALL endpoints (#6271)
* Remove use of CSP_PERCENTAGE

* Move header calculation earlier

* Set a default policy and add comments

* Apply the CSP header to all responses

* Enable CSP in dev environment

* [web] set a default, strict CSP on ALL endpoints

* [misc] enable CSP in dev-env

* Only build the default policy once

* Update docker-compose.yml

* [web] webpack: set default CSP header on webpack assets

This aligns the webpack dev-server with production in nocdn=true mode.

Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
GitOrigin-RevId: 088a6082ad21c5b3f229887ba0ab3eca8d0528cd
2022-03-18 09:03:01 +00:00
Timothée Alby
1b4d675b0a Merge pull request #6690 from overleaf/ta-max-dictionary-size
Add Dictionary Size Limit

GitOrigin-RevId: f3b8be11de5a1480c8bc1a7fe26e9d67bd047757
2022-02-16 11:34:58 +00:00
Miguel Serrano
176ead8983 Primary Email Check (#6471)
* added primary-email-check page, route and controllers
* add `#add-email` internal link in settings to display new email form
* added primary-email-check redirection with split test
* update `lastPrimaryEmailCheck` when the default email address is set
* added `lastPrimaryCheck` to admin panel
* translations for primary-email-check
* acceptance tests for primary-email-check
* [web] multi-submit for primary email check
* Using `confirmedAt` to prevent from displaying primary-email-check page

Co-authored-by: Jakob Ackermann <jakob.ackermann@overleaf.com>
Co-Authored-By: Miguel Serrano <mserranom@gmail.com>
GitOrigin-RevId: d8e3a280439da08038a4487d8bfd7b3b0596e3b5
2022-02-04 09:03:34 +00:00
Jakob Ackermann
d812b88e76 Merge pull request #6457 from overleaf/jpa-harden-login
[web] harden login process

GitOrigin-RevId: 5c0b7cc725efd5e3e879067ad8a42fe46a47b60d
2022-01-27 09:03:38 +00:00
Jakob Ackermann
8e77ada424 Merge pull request #6417 from overleaf/jpa-device-history
[web] add cookie/JWE based device history for skipping captcha challenge

GitOrigin-RevId: b091564bfd93f7e587d396c860fd864f220f4b63
2022-01-27 09:03:34 +00:00
Tim Alby
3e70546e18 rename price attributes to price_in_cents or price_in_unit
GitOrigin-RevId: 8045472c96862078583fcb522099ad78926281dc
2022-01-21 09:03:23 +00:00
Alf Eaton
d1e210319b Merge pull request #6389 from overleaf/ae-github-capitalisation
Fix "GitHub" capitalisation

GitOrigin-RevId: 9b47d58a3d92c8dd695ca1c8f3d28ea7d6178da5
2022-01-20 09:03:38 +00:00
Jakob Ackermann
1fc0b3e4aa Merge pull request #6349 from overleaf/jpa-password-strength-checking
[web] data collection for password strength using HaveIBeenPwned api

GitOrigin-RevId: 7e4d57a979c29027fb7ca5294f3935500a0b4cf3
2022-01-20 09:03:07 +00:00
Alf Eaton
41c034b5fc [web] Add advanced references search to CodeMirror 6 (#5939)
GitOrigin-RevId: 5731ec63565fc1b9c048e89bca21eb3303624133
2021-12-13 09:03:59 +00:00
Alf Eaton
3feca1ffc6 Move symbol palette to module and add overlay (#5396)
GitOrigin-RevId: 649dd56aaecd60662bd2bf534bda323ee541874f
2021-11-11 09:03:05 +00:00
Brian Gough
e681c6322f Merge pull request #5479 from overleaf/bg-refresh-features-on-editor-load
refresh user features on editor load when out of date

GitOrigin-RevId: ef39b5626cfdc6ed611137a6f6eca3417d3ce73f
2021-10-27 08:03:22 +00:00
Jakob Ackermann
a4fb83e38e Merge pull request #5359 from overleaf/jpa-web-passwordStrengthOptions
[web] add defaults for passwordStrengthOptions into the server-ce config

GitOrigin-RevId: 69f4aec55219cd349fed861c766c135481b2bfea
2021-10-07 08:04:36 +00:00
Jakob Ackermann
66ea2e613c Merge pull request #5281 from overleaf/jpa-rework-language-picker
[web] rework the language picker UI in the footer

GitOrigin-RevId: fb9fe9a560a0f059f58c76d6a85f31ffabc14f4f
2021-10-07 08:04:10 +00:00
June Kelly
03e1daa038 Merge pull request #5201 from overleaf/msm-pdf-viewer-error-boundaries
Error boundaries for React PDF viewer

GitOrigin-RevId: 90052fc183f7ece8125ecfb0410a529cf905c13b
2021-10-07 08:03:43 +00:00
Jakob Ackermann
59d83c4b88 Merge pull request #5117 from overleaf/jpa-plans-de-ng
[web] de-ng plans page

GitOrigin-RevId: b902b10b45ab3fd46e71545c94f65e8f079c4564
2021-09-23 08:03:23 +00:00
Jakob Ackermann
a1c74f27d9 Merge pull request #4926 from overleaf/jpa-webpack-dynamic-entrypoint-chunks
[web] get the list of js/css entrypoint chunks from webpack manifest

GitOrigin-RevId: 42a8d3606e461e8d9eebcc754e3207d5be1746ab
2021-09-09 08:02:57 +00:00
Jakob Ackermann
9d00c351a8 Merge pull request #4327 from overleaf/jpa-pw-reset-captcha
[misc] add captcha on password reset requests

GitOrigin-RevId: 9a23b9c9dee2c56345e9c1846861c05c25126802
2021-07-28 02:06:02 +00:00
Jakob Ackermann
411a12cb2d Merge pull request #4322 from overleaf/jpa-custom-base-config-for-tests
[misc] set up custom base config for acceptance tests

GitOrigin-RevId: bd49c705360488fd75c6ad311afd13f22f81de61
2021-07-20 11:33:41 +00:00
Jakob Ackermann
8742a29d80 Merge pull request #4315 from overleaf/jpa-import-ce-scripts
[scripts] import scripts from server-ce and add tests

GitOrigin-RevId: 07e7e15aa86030ccd3eca40ed40e5492622dc2d1
2021-07-14 12:41:10 +00:00
Jakob Ackermann
947eda54e7 Merge pull request #4312 from overleaf/jpa-module-import-sequence-from-config
[Modules] source list of modules and their import sequence from config

GitOrigin-RevId: 73a552e03f8e9ec6ae8fce3a664625095dc095fc
2021-07-14 12:41:02 +00:00
Jakob Ackermann
b4777a8cce Merge pull request #4306 from overleaf/jpa-http-sockets-limit
[misc] migrate setting of limit for http/https sockets into entrypoint

GitOrigin-RevId: 2ff568bf89d3175b48246db3645a91428624b31f
2021-07-14 12:40:39 +00:00
Jakob Ackermann
f2be7f4909 Merge pull request #4298 from overleaf/jpa-separate-defaults-per-env
[config] separate default files for Server CE/Server Pro/SAAS

GitOrigin-RevId: 532aac7855303490d37c4dff2974106cc5e45705
2021-07-14 12:40:35 +00:00
Jakob Ackermann
fa39ef7fe5 Merge pull request #4296 from overleaf/jpa-cleanup-config
[config] minor cleanup

GitOrigin-RevId: 72f39e88cb91c7ed7305ade6dc46f63d7bf43ce9
2021-07-08 02:08:34 +00:00
Paulo Jorge Reis
966013f58a Revert "Revert "Extend the new compile UI rollout, respecting existing allocations""
This reverts commit d0ffcb9a13e9597cebf95961c0c50ef8f950dd7a.

GitOrigin-RevId: 46c52ee8df8de4028b3262cb0f3202118014814c
2021-07-07 02:05:44 +00:00
Paulo Jorge Reis
1e43dd3495 Revert "Extend the new compile UI rollout, respecting existing allocations"
This reverts commit 61bfba3a05780ec0b3a3461bba50cca6474a1274.

GitOrigin-RevId: d0ffcb9a13e9597cebf95961c0c50ef8f950dd7a
2021-06-29 02:05:49 +00:00
Paulo Reis
d6f9f70d06 Extend the new compile UI rollout, respecting existing allocations
GitOrigin-RevId: 61bfba3a05780ec0b3a3461bba50cca6474a1274
2021-06-25 02:06:24 +00:00
Jakob Ackermann
cc83d640f0 Merge pull request #4237 from overleaf/jpa-pdf-caching-full
[misc] roll out pdf caching in full -- send metrics for 5% of users

GitOrigin-RevId: 12ae5a61ef39d206980681b54fe9c871ca1b86b4
2021-06-23 02:05:57 +00:00
Jakob Ackermann
a6cce9d2f6 Merge pull request #4210 from overleaf/jpa-pdf-caching-5-percent
[misc] pdf caching out of beta with 5%/5% control/treatment split test

GitOrigin-RevId: 06a741f56510b866be3380a99304d8ee67f849dd
2021-06-17 02:09:15 +00:00
Jakob Ackermann
3414646290 Merge pull request #4207 from overleaf/bg-reset-service-worker
add setting to reset service worker

GitOrigin-RevId: da889e43f99c908eee1b2351f69571b4bccde28d
2021-06-17 02:09:11 +00:00
Shane Kilkelly
fccf879d69 Merge pull request #4154 from overleaf/ns-YAML-files
ensure YAML files are editable

GitOrigin-RevId: 71bf282b59bca5fc79c8d14cc6e12c8b4978ecd1
2021-06-12 02:08:18 +00:00
Jakob Ackermann
c774ddd111 Merge pull request #4169 from overleaf/jpa-pdf-caching-full-beta
[misc] change pdf caching split test for beta users to 50/50 roll out

GitOrigin-RevId: 3153448db82a9f0fa821da9d6cf5255e1feaaf28
2021-06-11 02:06:24 +00:00
Thomas
d56d4c3b4a Add HTTP Basic Auth to Recurly webhook endpoint (#4054)
* Add HTTP authentication to Recurly webhook endpoint

Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: 81c32459d643895c096bc195ae6aef53248418da
2021-06-09 02:05:31 +00:00
Alf Eaton
9130c37337 Merge pull request #4115 from overleaf/ae-remove-chat-url
Remove Settings.apis.chat.url

GitOrigin-RevId: 64c6c2c48b9115054c1af446f3ce33d9390eaaf8
2021-06-08 02:05:31 +00:00
Jakob Ackermann
58c7b6188f Merge pull request #4123 from overleaf/jpa-pdf-caching-one-split-test
[misc] rework roll-out of pdf caching

GitOrigin-RevId: 98ff50918050fe8e9fb5bfecb862657d48cd2726
2021-06-02 02:05:50 +00:00
Jakob Ackermann
051c9960f0 Merge pull request #4119 from overleaf/jpa-captcha-login
[misc] optionally require captcha on login

GitOrigin-RevId: ba0a30f361546dab31c79794cb406c629f46f2be
2021-06-01 02:05:49 +00:00
Jakob Ackermann
da782bdcfa Merge pull request #4077 from overleaf/jpa-pdf-caching-split-test-config
[misc] add disabled split test config for pdf caching

GitOrigin-RevId: 2a10c56b0ca62fa3f6ab2702ebde91cebe8f953e
2021-05-22 02:05:47 +00:00
Alf Eaton
b777e958d4 Merge pull request #3926 from overleaf/ae-decaffeinate
Decaffeinate settings files

GitOrigin-RevId: e9eed42864d537bb1ff5a46c05d990c819afc8eb
2021-05-20 02:05:15 +00:00
Timothée Alby
03b2d184b5 Merge pull request #4052 from overleaf/ab-subscription-page-split-test-2
Subscription page split test

GitOrigin-RevId: 022a91d97f20d584e47e1f6b5575e689983df129
2021-05-20 02:05:00 +00:00
Jakob Ackermann
7db7cd4a49 [misc] merge pdf caching into main (#4033)
* [frontend] WIP: pdf caching using service worker -- squashed

Ref: 920fbaa00b31530f7c457a2d93bad5e553798057
Co-Authored-By: Brian Gough <brian.gough@overleaf.com>
Co-Authored-By: Eric Mc Sween <eric.mcsween@overleaf.com>

* [misc] add contentId into the URL for protecting PDF stream contents

* [misc] gracefully handle missing ranges in serviceWorker

* [misc] support PDF stream caching for anonymous users

* [misc] polish header names and add URL to error message when fetch fails

* [misc] polish event handler registration

* [misc] limit serviceWorker scope to /project/ -- trailing slash

This will block the service worker from intercepting requests on the
 project dashboard.

* [misc] add per-request feature flag for enabling PDF stream caching

* [misc] expose compile stats and timings to the frontend

* [misc] serviceWorker: support clsiServerId and compileGroup url params

* [misc] serviceWorker: polish header maps

* [misc] serviceWorker: drop TODO for p-limit -- the browser has a queue

* [misc] serviceWorker: drop verbose log message on every fetch

* [misc] cut down size of diff in backend code

* [misc] add test case for forwarding of pdf caching and metrics details

* [misc] serviceWorker: drop all the log lines

* [misc] serviceWorker: add boundary guards to the compile request regex

Co-authored-by: Brian Gough <brian.gough@overleaf.com>
Co-authored-by: Eric Mc Sween <eric.mcsween@overleaf.com>
GitOrigin-RevId: 4b291b4a4f2866cf07bccf8ec9068f33bbfdc916
2021-05-18 02:07:57 +00:00
Alexandre Bourdin
87b3654bff Merge pull request #4001 from overleaf/ab-hash-split-test
Add hashing to compute the user's percentile in a split test

GitOrigin-RevId: 94302cd1c0ab9e9075a506096b4f36ba50b9b7fa
2021-05-07 02:13:17 +00:00
Jakob Ackermann
8faae673b4 Merge pull request #4000 from overleaf/jpa-skip-pug-compile
[Server] optionally skip pre-compiling pug templates in production

GitOrigin-RevId: c50e6007dae3b0ab83a7edbce07a695a17e71404
2021-05-07 02:13:13 +00:00
Chrystal Maria Griffiths
3dfcb95802 Merge pull request #3960 from overleaf/cmg-binary-file
[BinaryFile] Reopening of Binary file React migration

GitOrigin-RevId: 050e66e3321bd6579d44932b669fc0a31df06d18
2021-04-29 02:09:38 +00:00
Alexandre Bourdin
1436731053 Merge pull request #3929 from overleaf/as-block-ie-config
Add IE11 to unsupported browser config

GitOrigin-RevId: 0a9c5a736a842ec8ccddf9ce7feefec7ac5a2b35
2021-04-28 02:10:12 +00:00
Alexandre Bourdin
affaae14b7 Merge pull request #3917 from overleaf/ab-example-project-ab-test
Example Project Split Test

GitOrigin-RevId: a9d68811c878e32b92e0547311c9e477e4096135
2021-04-28 02:10:08 +00:00
Chrystal Maria Griffiths
4e9d7c36ff Merge pull request #3952 from overleaf/revert-cmg-binary-file
Revert "Merge pull request #3526 from overleaf/cmg-binary-file"

GitOrigin-RevId: 5f539f26992fefd01b07922b1f43a3a3bc753141
2021-04-24 02:10:12 +00:00
Eric Mc Sween
1186c3e9a4 Merge pull request #3526 from overleaf/cmg-binary-file
[BinaryFile] Binary file React migration

GitOrigin-RevId: e229ad8ec3781607b5ca28387927b84d4af95060
2021-04-24 02:10:07 +00:00
Alf Eaton
2621a1d5bb Merge pull request #3933 from overleaf/ae-csp-report-percentage
Add CSP_REPORT_PERCENTAGE

GitOrigin-RevId: 4afde0da6e3660c83df8c5c9cd31a3f246e9e572
2021-04-22 02:09:40 +00:00
Timothée Alby
0ecebefb0c Merge pull request #3804 from overleaf/msm-react-publish-button
[ReactNavigationToolbar] Submit button

GitOrigin-RevId: 9b40e09f001b44bd2f5035469f0d0c852fea7199
2021-04-20 02:10:19 +00:00
Alf Eaton
dcd6bd347f Use the full (relative) view path for CSP exclusion (#3916)
GitOrigin-RevId: f6828a447abcc550f0c7dfd0fc6fc72f4b5b1f7e
2021-04-17 02:09:56 +00:00
Miguel Serrano
f9962fefe8 React git-bridge modal (#3869)
GitOrigin-RevId: 5b2609ed9ad7909a10cb08342053e955447688f5
2021-04-01 02:06:05 +00:00