ansuz
b4323b2c40
fix incorrect frame-ancestors and update test
2022-04-01 13:15:06 +05:30
ansuz
6253c7c61c
don't panic if unsafeiframe is loaded with unsafe-eval
2022-03-25 12:01:50 +05:30
ansuz
e6c51e3dff
remove hardcoded translations and invert remote embedding logic
2022-03-24 12:43:16 +05:30
ansuz
9ae4101ea2
test for the presence of x-content-type-options for blob and block
2022-03-23 13:35:17 +05:30
ansuz
4c53d9b509
enforce only loading inner.html from nested contexts
2022-03-23 13:31:52 +05:30
ansuz
f34a60665f
check that the server is running at least NodeJS v16.14.2
2022-03-22 14:27:07 +05:30
ansuz
b83e8600f4
clean up checkup tests and remove XXX
2022-03-15 13:35:49 +05:30
ansuz
a54a0af604
more tests on checkup page
2022-03-14 17:09:22 +05:30
ansuz
e38e08fb6e
Merge branch 'soon' into block-embeds
2022-03-14 12:52:55 +05:30
ansuz
c715334616
stub a test on the checkup page
2022-03-11 13:49:34 +05:30
ansuz
45d2eb0267
Merge branch 'soon' of github.com:xwiki-labs/cryptpad into support-categories
...
and include some tweaks for the checkup page
* sort errors above warnings
* improve messages for new tests
2022-03-10 11:33:41 +05:30
ansuz
c111364024
add two new tests to diagnose unavailability of uploaded blocks and blobs
2022-03-08 18:20:11 +05:30
ansuz
1e2a059074
lint compliance
2022-02-25 16:09:52 +05:30
ansuz
7c3d563453
WIP support for customized and translated legal info
2022-02-24 15:37:05 +05:30
ansuz
aaa00216d4
add a note about what configurations are supported re: third party embedding
2022-02-18 16:13:47 +05:30
ansuz
0917b45035
implement proper support for forbidding remote media-tag inclusion
...
...and test that the basic headers are correctly set on the checkup page
2022-02-18 16:09:02 +05:30
ansuz
b40c81d088
support modifying CSP headers at runtime
2022-02-18 13:54:33 +05:30
ansuz
1a18eafb7f
checkup page improvements
...
* removed a redundant test
* more descriptive error messages
* more useful return values in failed tests
* xhr reuse where possible for faster test completion
* guard against typeerrors caused by undefined CSP
* display server token value in summary if present
2022-02-18 13:26:42 +05:30
ansuz
d781d3bba2
lint compliance
2022-02-15 14:03:56 +05:30
ansuz
6196e81953
WIP checkup tests
2022-02-14 12:38:54 +05:30
ansuz
6a62e28c60
include option upgradeURL CSP in checkup page tests
2022-02-14 12:20:00 +05:30
ansuz
7b6c8b83ef
stricter websocket CSP and tests to match
2022-02-14 11:45:44 +05:30
ansuz
c0686dad99
fix merge conflict
2022-02-11 21:52:54 +05:30
ansuz
19863b8fb0
Merge branch 'soon' into checkup
2022-02-11 21:49:21 +05:30
ansuz
0f46869217
WIP update recommended production CSP values
2022-02-10 17:11:17 +05:30
ansuz
383684d339
add new, very specific tests for CSP to the checkup page
2022-02-10 16:53:14 +05:30
ansuz
cc1137b96b
more WIP checkup
2022-02-10 16:29:48 +05:30
ansuz
ee92ddb813
more WIP checkup
2022-02-10 14:50:15 +05:30
ansuz
2e14e8e930
more WIP checkup
2022-02-10 14:40:58 +05:30
ansuz
f2ead5b588
more WIP checkup
2022-02-10 14:32:14 +05:30
ansuz
d736e22c3b
more WIP checkup
2022-02-10 14:21:26 +05:30
ansuz
876132fc76
more WIP checkup
2022-02-10 14:11:14 +05:30
ansuz
39f1530969
more WIP checkup
2022-02-10 13:47:22 +05:30
ansuz
521097e3ad
more WIP checkup
2022-02-10 13:24:45 +05:30
ansuz
937b0b450f
better checkup test
2022-02-10 13:12:07 +05:30
ansuz
8eefeace43
WIP checkup improvements
2022-02-10 13:00:16 +05:30
ansuz
5835721322
Updated checkup page tests
...
1. check that /api/config is reachable from the sandbox domain
2. check that interest-cohort rules are present rather than strict comparison of expected headers
2022-02-03 15:01:29 +05:30
ansuz
f9be929eb9
check for unnecessarily permissive CSP
2022-01-21 15:50:40 +05:30
yflory
8f0543c3f3
Prepare possible OO migration
2021-11-02 12:42:44 +01:00
ansuz
a2e6f0a1c4
disable outdated tests
2021-10-20 12:19:01 +05:30
ansuz
b8d6af7891
adjust CSP headers for printing from OnlyOffice
...
* allow outer to load resources from the sandbox (for fonts)
* test whether the expected CSP values are present on the checkup page
* simplify the nodejs server a bit
2021-10-19 14:22:10 +05:30
ansuz
04234aa1f4
fix a typo in a class
2021-08-13 15:52:14 +05:30
ansuz
7647a60219
guess OS version on checkup page
2021-08-10 19:48:15 +05:30
ansuz
a20bfbf6c1
lint compliance
2021-08-03 12:15:30 +05:30
ansuz
dd53b6fa72
constrain table width in checkup summaries
2021-08-02 18:05:46 +05:30
ansuz
613868bbde
fix safari-specific warnings in checkup
2021-08-02 17:59:53 +05:30
ansuz
b6cc4ef8cf
test browser-dependent SharedArrayBuffer support in checkup
...
include debugging information in final report
for when browser vendors inevitably break APIs again
2021-08-02 17:36:51 +05:30
ansuz
5f32a38f3e
Merge branch 'soon' into main
2021-07-28 03:45:09 +05:30
ansuz
921da962d0
narrow exceptions for use of localhost in checkup
2021-07-27 05:18:39 +05:30
ansuz
6578b66ba6
convert a warning to an error
2021-07-26 13:07:23 +05:30
ansuz
c774a5d06e
time out if checkup test #7 doesn't call back in 30s
2021-07-12 13:24:32 +05:30
ansuz
3095526066
remove some notes that have been addressed
2021-07-05 18:59:33 +05:30
ansuz
3b44c09bc4
check COOP headers for multiple endpoints
...
and improve some error reporting in the checkup RPC
2021-07-01 16:42:09 +05:30
ansuz
4a147815f6
disable server_tokens test until an easy solution is in place
2021-06-25 11:52:24 +05:30
ansuz
433470cf40
check that server responses don't contain 'Server' headers
...
if they do, check that the server is NGINX.
2021-06-23 07:54:28 +05:30
ansuz
e143873a20
display the currently set FLoC header in the checkup page's warning message.
...
Addresses #757
2021-06-17 09:09:04 +05:30
ansuz
2bd659a9b5
test whether the instance configured to use HTTPS for the main and sandbox domains
2021-06-15 16:05:17 +05:30
ansuz
1fe57c7e03
lint compliance and minor refactor
2021-05-31 16:30:47 +05:30
ansuz
24e181ab9a
elaborate on some messages in the checkup page
2021-05-28 15:34:27 +05:30
ansuz
8ecf7a70c4
lint compliance and dead code removal
2021-05-27 14:33:03 +05:30
ansuz
cba66d5db3
close websockets when the checkup is complete
2021-05-27 14:17:32 +05:30
ansuz
9c3dc7aa9c
simplify some tests on the checkup page
2021-05-26 19:05:19 +05:30
ansuz
1f86578920
update instructions for adminEmail configuration
2021-05-21 20:38:47 +05:30
ansuz
cc56745858
add more thorough tests for sandbox configuration on the checkup page
2021-05-21 20:35:48 +05:30
ansuz
0c7f77f5ed
sketch out some more sandbox tests and note down some improvements
2021-05-20 16:16:07 +05:30
ansuz
2ed25c38fb
display more information about incorrect headers on checkup page
2021-05-18 12:25:53 +05:30
ansuz
32494fca0c
let NGINX handle its own headers
2021-05-12 14:29:29 +05:30
yflory
7a682397e2
Add checkup test about Google's Floc
2021-05-07 14:23:15 +02:00
ansuz
fe41ca36bc
display the instance version on the checkup page
2021-05-05 12:08:20 +05:30
ansuz
9fbd10fa8e
Merge branch 'staging' into restricted-registration
2021-05-04 12:58:08 +05:30
ansuz
005573c512
provide detailed descriptions for addressing warnings on the checkup page
2021-05-03 16:09:38 +05:30
ansuz
88a1b94a4b
new tests for checkup page
2021-05-03 14:46:26 +05:30
ansuz
30fc2a5edf
Merge branch 'staging' into restricted-registration
2021-05-01 02:04:22 +05:30
ansuz
0822f93fcc
test api headers in checkup page
2021-04-30 10:02:48 +05:30
ansuz
8d12086aba
check for duplicated headers
2021-04-30 09:34:21 +05:30
ansuz
50045c08d0
WIP restrict registration
2021-04-26 18:31:33 +05:30
ansuz
359de1dc94
better checkup page error messages
2021-04-19 18:39:08 +05:30
ansuz
0b15f5793d
stub an incorrect test
2021-04-16 20:02:38 +05:30
ansuz
b7975bb791
add some debugging advice to the checkup page
2021-04-16 19:30:12 +05:30
ansuz
1ee2f70f49
fix spreadsheet CSP checkup and confirm that /api/broadcast is accessible
2021-04-12 17:49:22 +05:30
ansuz
0d60b08702
test that XLSX export headers are correctly set in checkup app
2021-04-02 19:30:48 +05:30
ansuz
f6f90712af
stricter tests for the sandbox checkup
2021-03-19 15:20:33 +05:30
ansuz
163b870f92
handle absent trailing slashes in config for checkup page
2021-03-18 12:26:05 +05:30
yflory
40e9da566e
lint compliance
2021-03-02 17:48:38 +01:00
yflory
b0e0a8dc75
Add spinner to the checkup page and test websockets
2021-03-02 16:45:52 +01:00
yflory
d43cb509dc
Checkup: test sandbox domain and login block
2021-03-02 16:05:18 +01:00
ansuz
792c05874e
change a non-critical XXX to a FIXME
2021-03-01 11:17:05 +05:30
ansuz
8af7e6054b
lint compliance
2021-02-25 18:56:01 +05:30
ansuz
c84ecbabc0
more tests for the checkup page
2021-02-24 13:53:59 +05:30
ansuz
ce1f96ac61
clean up /assert/ scripts and create a new instance checkup page
2021-02-23 14:23:34 +05:30