From c1be4554977aaacab8857e5e05c4de162c1f775f Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 1 Oct 2020 14:12:05 +0530 Subject: [PATCH 1/2] WIP changelog for X release --- CHANGELOG.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e30778d8..ec5e4005f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,21 @@ +# X (3.23.0) + +## Goals + +## Update notes + +## Features + +* responsive modals + * share + * access + * opencollective alert + * accessibility in alertify +* remove inactive users + +## Bug fixes + + # WoollyMammoth (3.22.0) ## Goals From cfcfe2f65f8bfc9555a99b58dcc8b962d878941a Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 7 Oct 2020 14:47:43 +0530 Subject: [PATCH 2/2] enable APIs for XLSX export in firefox --- docs/example.nginx.conf | 5 +++++ lib/defaults.js | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf index 93be85083..0c514e1ef 100644 --- a/docs/example.nginx.conf +++ b/docs/example.nginx.conf @@ -57,6 +57,11 @@ server { add_header Access-Control-Allow-Origin "*"; # add_header X-Frame-Options "SAMEORIGIN"; + # Enable SharedArrayBuffer in Firefox (for .xlsx export) + add_header Cross-Origin-Resource-Policy cross-origin; + add_header Cross-Origin-Opener-Policy same-origin; + add_header Cross-Origin-Embedder-Policy require-corp; + # Insert the path to your CryptPad repository root here root /home/cryptpad/cryptpad; index index.html; diff --git a/lib/defaults.js b/lib/defaults.js index 7119a0c6a..329e16f4c 100644 --- a/lib/defaults.js +++ b/lib/defaults.js @@ -47,7 +47,10 @@ Default.httpHeaders = function () { return { "X-XSS-Protection": "1; mode=block", "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": "*" + "Access-Control-Allow-Origin": "*", + "Cross-Origin-Resource-Policy": 'cross-origin', + "Cross-Origin-Opener-Policy": 'same-origin', + "Cross-Origin-Embedder-Policy": 'require-corp', }; };