dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,738 Commits 99 Branches 133 Tags 566 MiB
Commit Graph

73 Commits

Author SHA1 Message Date
yflory 25bd9243fb Merge branch 'main' into staging 2024-06-24 16:51:04 +02:00
mathilde-cryptpad 5ae741926b update Nginx examples with the new http2 option 2024-06-18 09:58:51 +02:00
mathilde-cryptpad c9600c12ab add a location block dedicated to the websocket to improve performances 2024-05-22 14:39:23 +02:00
David Benque 8f0a6319a5 Apply headers 2023-10-20 15:35:26 +01:00
yflory 6c6220edfc Fix comments in nginx file 2023-10-03 12:04:55 +02:00
yflory 1c2764dbb8 Revert revert "have 2 distinctives Nginx examples, default & advanced" 
This reverts commit 9fa981cfd8.
 2023-10-03 11:51:12 +02:00
Mathilde Grünig c756909a89 add new default Nginx example config file 2023-09-05 13:19:25 +02:00
Mathilde Grünig bccfb28ac9 move old default Nginx example config to advanced file 2023-09-05 13:17:12 +02:00
Wolfgang Ginolas a3772cf92c Fix typo in example.nginx.conf 2023-08-10 16:00:46 +02:00
yflory dc6bbec19f Recovery page trailing slash redirect in nginx conf #1143 2023-07-18 17:35:18 +02:00
yflory 8b1aaaa9a7 Add missing trailing slash redirect for the diagram app 2023-07-13 11:12:31 +02:00
yflory c10fc37645 Merge branch 'totp-ui' into 5.4-rc 2023-07-11 10:30:36 +02:00
yflory b2788744de Merge branch 'drawio-bower' into 5.4-rc 2023-06-30 12:45:54 +02:00
Wolfgang Ginolas 00af2c3efb Update example nginx config for diagram 2023-06-29 11:22:41 +02:00
ansuz bf548c1022 updated nginx config for new API server features 2023-05-11 17:06:46 +05:30
ansuz 493bf1346c Merge tag '5.3.0' into 5.3-auth 2023-05-06 15:26:21 +05:30
ansuz c27ff40db1 proxy requests for blocks to the API server 2023-05-06 14:41:22 +05:30
ansuz ee5d270d6a Merge branch 'basic-auth' into authentication 2023-03-20 13:44:10 +05:30
ansuz 50c84949c8 invert NGINX settings to forbid remote embedding by default 2023-02-13 12:47:18 +05:30
Ente c9fd6359aa
Send HTTP credentials when fetching blobs 
With this change media-tag now sends HTTP credentials when fetching
blobs. Also changed the example nginx config to send
Access-Control-Allow-Credentials CORS headers. For this to work, we can
no longer use '*' for Access-Control-Allow-Origin [1][2]: Therefore the
example config was changed to set Access-Control-Allow-Origin to the
sandbox domain only.

Fixes:
- #705: Blob fetch fails with 401 Unauthorized when HTTP basic auth is enabled [3]

Referenes:
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
[3]: https://github.com/xwiki-labs/cryptpad/issues/705
 2022-12-14 11:27:51 +01:00
Mathilde Grünig 37ccaddbbe 2nd thought on HTTP/80, not needed in the end 2022-12-07 14:04:00 +01:00
Mathilde Grünig 1b731e2643 Add future-proof Nginx configuration 
- support IPv6
- 80 to 443 redirect
- TLS generation
- better SSL sessions
- longer HSTS (2 years)
- OCSP stapling
 2022-12-07 13:56:12 +01:00
ansuz 01cdfa1bbc document yet another way that Safari/webkit is terrible 2022-10-05 15:17:07 +05:30
ansuz 8d7973850a slightly smarter caching rules in example NGINX config 2022-09-13 18:34:30 +05:30
ansuz c889823fca fix custom file serving logic for static pages in NGINX 2022-09-06 14:36:23 +05:30
ansuz 4d022a2247 handle more cases for the cache-control header in NGINX 2022-09-06 14:35:13 +05:30
ansuz aaa6efbbb0 better worst-case performance for static files served by NGINX 2022-07-22 16:46:02 +05:30
Maxime Cesson c1adae6d59 Complete last commit (add og data to "Drive" and "File", handle missing config, modify nginx example config) 2022-07-21 18:44:21 +02:00
ansuz 8adeeb21ec display instance info on the home page 
* implements /api/instance
* updates recommended NGINX config
* adds a test on /checkup/
 2022-05-03 18:20:34 +05:30
ansuz 01b6dd539b add trailing slash if /convert/ is loaded without its trailing slash 2022-04-04 20:38:52 +05:30
ansuz 404b89eb28 update recommended settings for embedding to permit element desktop 2022-04-04 12:31:40 +05:30
ansuz 16b843c2c8 set x-content-type-options headers for blob and block in nginx example 2022-03-23 15:24:51 +05:30
ansuz e1abf4ef77 nginx updates 2022-03-14 18:23:38 +05:30
ansuz 7b14c135b3 update example NGINX CSP configuration 2022-02-15 15:54:33 +05:30
ansuz 0f46869217 WIP update recommended production CSP values 2022-02-10 17:11:17 +05:30
ansuz ae84d99af0 update the recommended settings for img-src and media-src 2022-01-21 17:48:53 +05:30
ansuz 31c5bba8db update example NGINX config and changelog for 4.12.0 2021-10-20 18:42:02 +05:30
yflory b050f04090 Fix CSP errors in oodoc and ooslide 2021-10-19 17:09:42 +02:00
ansuz d2db0066a4 update example nginx config to match dev server 2021-10-19 17:56:55 +05:30
ansuz 34acded538 clarify comment in example nginx config 2021-08-27 14:07:23 +05:30
ansuz 3b44c09bc4 check COOP headers for multiple endpoints 
and improve some error reporting in the checkup RPC
 2021-07-01 16:42:09 +05:30
ansuz 0978074c74 add convert app to example nginx and update changelog 2021-06-30 19:31:48 +05:30
ansuz 14483814fd update nginx trailing-slash rewrite for new apps 2021-06-15 03:52:54 +05:30
ansuz 32494fca0c let NGINX handle its own headers 2021-05-12 14:29:29 +05:30
yflory 4d5d809447 Opt out of Google's FLoC Network by default 2021-04-22 12:24:05 +02:00
ansuz 49035f3aad update example nginx config 2021-04-14 10:38:16 +05:30
ansuz 38cfba275a elaborate on some comments in example config files 2020-12-15 13:37:13 +05:30
yflory 2647acbb78 Expose Content-Length header 2020-12-07 15:42:25 +01:00
ansuz a2b79d84b8 align nodejs http headers with example nginx 2020-10-27 08:12:23 +05:30
ansuz a8f53d04fc proposed nginx configuration to enable XLSX export without disabling print from other apps 2020-10-26 17:24:35 +05:30