github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
6611 commits 3 branches 7 tags 221 MiB
Commit graph

64 commits

Author SHA1 Message Date
Tim Alby
a04adbf132 remove extra security headers 2017-09-13 11:53:11 +02:00
Tim Alby
d6834ff417 add security headers using Helmet 
- use all Helmet's default headers except `X-DNS-Prefetch-Control`
- use `Referrer-Policy`
- use cache headers when:
  - a user is logged in, OR
  - a project is displayed
 2017-09-12 11:17:59 +02:00
Brian Gough
0ae93db08b use ApiErrorHandler on public api 2017-07-05 15:06:23 +01:00
Brian Gough
29b40ad824 add public api router 2017-07-05 14:32:55 +01:00
Brian Gough
b2f676af5a avoid duplicate routes for /status 2017-07-04 12:41:51 +01:00
Brian Gough
62d6933886 use settings instead of ENV for web/api split 2017-06-15 16:11:20 +01:00
Brian Gough
4b188ce120 support separate processes for web and api 
via an environment variable WEB_TYPE
 2017-05-22 13:31:02 +01:00
Brian Gough
5ac2ed8fc6 use a separate error handler for api router errors 2017-05-19 16:36:29 +01:00
Shane Kilkelly
043520fc28 Remove the Metrics module, use metrics-sharelatex 2017-04-03 16:18:30 +01:00
Shane Kilkelly
f2b5901776 wip: use new metrics.timeAsyncMethod 2017-03-16 10:59:18 +00:00
Shane Kilkelly
4e9426e6bf Merge branch 'master' into sk-pug 2017-01-30 14:36:10 +00:00
Shane Kilkelly
57cd54bf55 WIP: migrate from jade to pug 2017-01-20 12:03:02 +00:00
Shane Kilkelly
9f787943b6 Remove stray redis imports. 2016-12-19 12:17:23 +00:00
Shane Kilkelly
d38890e9f4 Add the rolling option to session 2016-11-30 09:41:58 +00:00
Shane Kilkelly
2cf2199964 WIP: enable non-csrf routes from modules 2016-11-11 13:48:29 +00:00
Shane Kilkelly
bfa0e7cf89 WIP: start moving web sessions to cluster 2016-11-08 15:32:36 +00:00
Shane Kilkelly
9cb3d8c4b8 Enable hook from module into passport init. 2016-11-01 14:06:54 +00:00
Shane Kilkelly
6df569253a Fix session touch 2016-09-22 13:48:09 +01:00
Shane Kilkelly
eca1dfa482 Remove dead code 2016-09-21 09:27:35 +01:00
Shane Kilkelly
eca4c46f7f WIP: refactor 2016-09-05 16:23:37 +01:00
Shane Kilkelly
e6c7aa25ec barely functional login and logout 2016-09-05 10:28:47 +01:00
Shane Kilkelly
e4f4325150 Basic passport integration 2016-09-02 16:17:37 +01:00
Henry Oswald
b589ab388f fix close editor button 
- only evaulate close on web router, not api/static assets
- allow /admin pages to still be available
 2016-07-19 17:15:20 +01:00
Shane Kilkelly
9e35bdcaea Refactor: add ? suffix to truth tests. 2016-07-07 09:35:44 +01:00
Shane Kilkelly
d8ffa5b4b1 set expiry on the user sessions set. 2016-07-01 11:24:46 +01:00
Henry Oswald
b37595acf9 persist cookie in redis for compiles. 2016-04-19 16:48:51 +01:00
James Allen
e7d67668e9 Improve error reporting and show 404 when project ids are malformed 2016-03-18 15:59:12 +00:00
Henry Oswald
69734c20c0 added heapdump endpoint 2015-11-30 16:16:16 +00:00
James Allen
a153c6682a Put in client side check for document getting too long 2015-11-06 12:51:43 +00:00
Henry Oswald
9028bcf830 set body parser limit to 2mb 2015-07-08 14:35:03 +01:00
Henry Oswald
941d407231 added saveUninitialized option to session which is now required 2015-07-01 15:26:17 +01:00
Henry Oswald
1cc0cbe8fc split site into 2 routers, webRouter and apiRouter 
web router has things like sessions etc added onto it. Api router is minimal, doesn't include things like csrf
 2015-07-01 15:23:18 +01:00
Henry Oswald
665bdcf538 v1 of express4 conversion 2015-07-01 15:17:43 +01:00
Brian Gough
3de841dd71 added event loop monitor 2015-06-23 13:50:42 +01:00
James Allen
33f56b71a2 Remove redundant body parser line 2015-04-14 13:04:49 +01:00
James Allen
8b4ccae60a Read cookie session length from settings file 2015-04-14 13:04:29 +01:00
James Allen
d7afb4e513 Clean up unused real-time code in web 2015-02-05 16:37:37 +00:00
James Allen
2aa229d145 Add in profiling end point 2015-02-03 11:05:23 +00:00
James Allen
941f550d6c Remove all traces of soa-req-id 2014-10-15 14:11:02 +01:00
James Allen
128c672edd Merge branch 'github-sync' 
Conflicts:
	package.json
 2014-10-08 12:13:37 +01:00
Henry Oswald
81307324fc v2, seems to work... 2014-09-26 17:04:33 +01:00
Henry Oswald
c08a568664 removed session logging 2014-09-10 10:09:25 +01:00
Henry Oswald
d961b48857 imporved logging for session debug 2014-09-10 08:20:36 +01:00
Henry Oswald
ca402a3061 added some logging in for sessions 2014-09-08 17:45:37 +01:00
James Allen
db9632f8f2 Allow modules to inject parts of views 2014-09-08 15:40:46 +01:00
Henry Oswald
8762297158 touch the session rather than setting the expires, same result 2014-09-04 18:07:31 +01:00
Henry Oswald
04e50f8ba6 changed cookie name from hard coded to be config option, defaults to sharelatex.sid 2014-08-20 18:01:21 +01:00
Henry Oswald
ca5b1e7422 cleaned up smoke tests 2014-08-19 14:35:20 +01:00
Henry Oswald
523694c4ff changed smoke tests to work with curl 
this was needed as there is a bug with request/tough cookie with
multi subdomain cookies ie .sharelatex.com

https://github.com/goinstant/tough-cookie/issues/16

moving it to request in the future is probably a good idea, if we do move to
request then with the current issues we would we need to set

jar._jar.rejectPublicSuffixes = false
 2014-08-19 11:17:51 +01:00
Henry Oswald
377acfaa56 added default lang of en-US and translations package does the set lang based on subdomain 2014-08-05 11:15:17 +01:00