diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f649883d..3330eb35b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,40 @@
+# YunnanLakeNewt (3.24.0)
+
+## Goals
+
+We are once again working to develop some significant new features. This release is fairly small but includes some significant changes to detect and handle a variety of errors.
+
+## Update notes
+
+This release includes some minor corrections the recommended NGINX configuration supplied in `cryptpad/docs/example.nginx.conf`.
+
+To update from 3.23.2 to 3.24.0:
+
+1. Update your NGINX config to replicate the most recent changes and reload NGINX to apply them.
+2. Stop the nodejs server.
+3. Pull the latest code from the `3.24.0` tag or the `main` branch using `git`.
+4. Ensure you have the latest clientside and serverside dependencies with `bower update` and `npm install`.
+5. Restart the nodejs server.
+
+## Features
+
+* A variety of CryptPad's pages now feature a much-improved loading screen which provides a more informative account of what is being loaded. It also implements some generic error handling to detect and report when something has failed in a catastrophic way. This is intended to both inform users that the page is in a broken state as well as to improve the quality of the debugging information they can provide to us so that we can fix the underlying cause.
+* It is now possible to create spreadsheets from templates. Template functionality has existed for a long time in our other editors, however, OnlyOffice's architecture differs significantly and required the implementation of a wholly different system.
+* One user reported some confusion regarding the use of the Kanban app's _tag_ functionality. We've updated the UI to be a little more informative.
+* The "table of contents" in rich text pads now includes "anchors" created via the editor's toolbar.
+
+## Bug fixes
+
+* Recent changes to CryptPad's recommended CSP headers enabled Firefox to export spreadsheets to XLSX format, but they also triggered some regressions due to a number of incompatible APIs.
+ * Our usage of the `sessionStorage` for the purpose of passing important information to editors opened in a new tab stopped working. This meant that when you created a document in a folder, the resulting new tab would not receive the argument describing where it should be stored, and would instead save it to the default location. We've addressed this by replacing our usage of sessionStorage with a new format for passing the same arguments via the hash in the new document's URL.
+ * The `window.print` API also failed in a variety of cases. We've updated the relevant CSP headers to only be applied on the sheet editor (to support XSLX export) but allow printing elsewhere. We've also updated some print styles to provide more appealing results.
+* The table of contents available in rich text pads failed to scroll when there were a sufficient number of heading to flow beyond the length of the page. Now a scrollbar appears when necessary.
+* We discovered a number of cases where the presence of an allow list prevented some valid behaviour due to the server incorrectly concluding that users were not authenticated. We've improved the client's ability to detect these cases and re-authenticate when necessary.
+* We also found that when the server was under very heavy load some database queries were timing out because they were slow (but not stopped). We've addressed this to only terminate such queries if they have been entirely inactive for several minutes.
+* It was possible for "safe links" to include a mode ("edit" or "view") which did not match the rights of the user opening them. For example, if a user loaded a safe link with edit rights though they only had read-only access via their "viewer" role in a team. CryptPad will now recover from such cases and open the document with the closest set of access rights that they possess.
+* We found that the server query `"IS_NEW_PAD"` could return an error but that clients would incorrectly interpret such a response as a `false`. This has been corrected.
+* Finally, we've modified the "trash" UI for user and team drives such that when users attempt to empty their trash of owned shared folders they are prompted to remove the items or delete them from the server entirely, as they would be with other owned assets.
+
# XerusDaamsi reloaded (3.23.2)
A number of instance administrators reported issues following our 3.23.1 release. We suspect the issues were caused by applying the recommended update steps out of order which would result in the incorrect HTTP header values getting cached for the most recent version of a file. Since the most recently updated headers modified some security settings, this caused a catastrophic error on clients receiving the incorrect headers which caused them to fail to load under certain circumstances.
diff --git a/customize.dist/loading.js b/customize.dist/loading.js
index 4f8b79125..edb66ef0a 100644
--- a/customize.dist/loading.js
+++ b/customize.dist/loading.js
@@ -312,25 +312,36 @@ button.primary:hover{
return bar;
};
+ var hasErrored = false;
var updateLoadingProgress = function (data) {
- if (!built) { return; }
+ if (!built || !data) { return; }
var c = types.indexOf(data.type);
if (c < current) { return console.error(data); }
try {
document.querySelector('.cp-loading-spinner-container').style.display = 'none';
document.querySelector('.cp-loading-progress-list').innerHTML = makeList(data);
document.querySelector('.cp-loading-progress-container').innerHTML = makeBar(data);
- } catch (e) { console.error(e); }
+ } catch (e) {
+ if (!hasErrored) { console.error(e); }
+ }
};
window.CryptPad_updateLoadingProgress = updateLoadingProgress;
+
window.CryptPad_loadingError = function (err) {
if (!built) { return; }
+ hasErrored = true;
+ var err2;
+ if (err === 'Script error.') {
+ err2 = Messages.error_unhelpfulScriptError;
+ }
+
try {
var node = document.querySelector('.cp-loading-progress');
+ if (!node) { return; }
if (node.parentNode) { node.parentNode.removeChild(node); }
document.querySelector('.cp-loading-spinner-container').setAttribute('style', 'display:none;');
document.querySelector('#cp-loading-message').setAttribute('style', 'display:block;');
- document.querySelector('#cp-loading-message').innerText = err;
+ document.querySelector('#cp-loading-message').innerText = err2 || err;
} catch (e) { console.error(e); }
};
return function () {
diff --git a/customize.dist/messages.js b/customize.dist/messages.js
index 40dbbfb95..303375e4e 100755
--- a/customize.dist/messages.js
+++ b/customize.dist/messages.js
@@ -26,7 +26,9 @@ var getStoredLanguage = function () { return localStorage && localStorage.getIte
var getBrowserLanguage = function () { return navigator.language || navigator.userLanguage || ''; };
var getLanguage = messages._getLanguage = function () {
if (window.cryptpadLanguage) { return window.cryptpadLanguage; }
- if (getStoredLanguage()) { return getStoredLanguage(); }
+ try {
+ if (getStoredLanguage()) { return getStoredLanguage(); }
+ } catch (e) { console.log(e); }
var l = getBrowserLanguage();
// Edge returns 'fr-FR' --> transform it to 'fr' and check again
return map[l] ? l :
@@ -65,7 +67,9 @@ define(req, function(AppConfig, Default, Language) {
if (AppConfig.availableLanguages.indexOf(language) === -1) {
language = defaultLanguage;
Language = Default;
- localStorage.setItem(LS_LANG, language);
+ try {
+ localStorage.setItem(LS_LANG, language);
+ } catch (e) { console.log(e); }
}
Object.keys(map).forEach(function (l) {
if (l === defaultLanguage) { return; }
diff --git a/docs/cryptpad.service b/docs/cryptpad.service
index eee8b2af5..43d8652f6 100644
--- a/docs/cryptpad.service
+++ b/docs/cryptpad.service
@@ -17,7 +17,7 @@ SyslogIdentifier=cryptpad
User=cryptpad
Group=cryptpad
# modify to match your working directory
-Environment='PWD="/home/cryptpad/cryptpad/cryptpad"'
+Environment='PWD="/home/cryptpad/cryptpad"'
# systemd sets the open file limit to 4000 unless you override it
# cryptpad stores its data with the filesystem, so you should increase this to match the value of `ulimit -n`
diff --git a/www/admin/inner.html b/www/admin/inner.html
index 01bda5fab..eeb234d0c 100644
--- a/www/admin/inner.html
+++ b/www/admin/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/admin/main.js b/www/admin/main.js
index 817d2bd2e..8a6ec7a70 100644
--- a/www/admin/main.js
+++ b/www/admin/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js',
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/admin/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
var addRpc = function (sframeChan, Cryptpad/*, Utils*/) {
// Adding a new avatar from the profile: pin it and store it in the object
diff --git a/www/code/inner.html b/www/code/inner.html
index a4ea56206..b25534297 100644
--- a/www/code/inner.html
+++ b/www/code/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/contacts/main.js b/www/contacts/main.js
index 38d6c5e71..faf92f94e 100644
--- a/www/contacts/main.js
+++ b/www/contacts/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js'
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/contacts/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
SFCommonO.start({
noRealtime: true,
diff --git a/www/debug/inner.html b/www/debug/inner.html
index 2ac53948c..7936c04f2 100644
--- a/www/debug/inner.html
+++ b/www/debug/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/notifications/main.js b/www/notifications/main.js
index 20c8653f9..785fb3b5d 100644
--- a/www/notifications/main.js
+++ b/www/notifications/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js',
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/notifications/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
var category;
if (window.location.hash) {
diff --git a/www/oodoc/inner.html b/www/oodoc/inner.html
index 529c5a8d9..884ae5a00 100644
--- a/www/oodoc/inner.html
+++ b/www/oodoc/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/ooslide/inner.html b/www/ooslide/inner.html
index d06820db2..e7c4e111f 100644
--- a/www/ooslide/inner.html
+++ b/www/ooslide/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/pad/app-pad.less b/www/pad/app-pad.less
index b413eed6a..489cbb17d 100644
--- a/www/pad/app-pad.less
+++ b/www/pad/app-pad.less
@@ -27,6 +27,7 @@ body.cp-app-pad {
#cp-app-pad-toc {
@toc-level-indent: 15px;
+ overflow-y: auto;
margin-top: 10px;
margin-left: 10px;
width: 200px;
diff --git a/www/pad/inner.html b/www/pad/inner.html
index e4dbcdf95..17bfec308 100644
--- a/www/pad/inner.html
+++ b/www/pad/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/profile/main.js b/www/profile/main.js
index 92b24b3fc..b041d926a 100644
--- a/www/profile/main.js
+++ b/www/profile/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js',
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/profile/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
var getSecrets = function (Cryptpad, Utils, cb) {
var Hash = Utils.Hash;
diff --git a/www/secureiframe/inner.html b/www/secureiframe/inner.html
index 29c3cf797..97bfb3930 100644
--- a/www/secureiframe/inner.html
+++ b/www/secureiframe/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/settings/main.js b/www/settings/main.js
index bbc0f87d3..750423a1d 100644
--- a/www/settings/main.js
+++ b/www/settings/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js'
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/settings/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
var addRpc = function (sframeChan, Cryptpad, Utils) {
sframeChan.on('Q_THUMBNAIL_CLEAR', function (d, cb) {
diff --git a/www/sheet/inner.html b/www/sheet/inner.html
index 07d21904d..68949568f 100644
--- a/www/sheet/inner.html
+++ b/www/sheet/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/slide/inner.html b/www/slide/inner.html
index c04091cf7..f067e8a2f 100644
--- a/www/slide/inner.html
+++ b/www/slide/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/support/main.js b/www/support/main.js
index b5ca65126..1dc8c0e56 100644
--- a/www/support/main.js
+++ b/www/support/main.js
@@ -3,40 +3,16 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js',
'/common/outer/local-store.js',
'/common/outer/login-block.js',
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO, LocalStore, Block) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO, LocalStore, Block) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/support/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
var category;
if (window.location.hash) {
diff --git a/www/teams/inner.html b/www/teams/inner.html
index 243a74edf..5ec12c287 100644
--- a/www/teams/inner.html
+++ b/www/teams/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/whiteboard/inner.html b/www/whiteboard/inner.html
index 533b4568f..4b56440e3 100644
--- a/www/whiteboard/inner.html
+++ b/www/whiteboard/inner.html
@@ -2,7 +2,7 @@
-
+
diff --git a/www/worker/main.js b/www/worker/main.js
index 04dffa748..633982146 100644
--- a/www/worker/main.js
+++ b/www/worker/main.js
@@ -3,38 +3,14 @@ define([
'/bower_components/nthen/index.js',
'/api/config',
'/common/dom-ready.js',
- '/common/requireconfig.js',
'/common/sframe-common-outer.js'
-], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
- var requireConfig = RequireConfig();
+], function (nThen, ApiConfig, DomReady, SFCommonO) {
// Loaded in load #2
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
- var req = {
- cfg: requireConfig,
- req: [ '/common/loading.js' ],
- pfx: window.location.origin
- };
- window.rc = requireConfig;
- window.apiconf = ApiConfig;
- document.getElementById('sbox-iframe').setAttribute('src',
- ApiConfig.httpSafeOrigin + '/worker/inner.html?' + requireConfig.urlArgs +
- '#' + encodeURIComponent(JSON.stringify(req)));
-
- // This is a cheap trick to avoid loading sframe-channel in parallel with the
- // loading screen setup.
- var done = waitFor();
- var onMsg = function (msg) {
- var data = JSON.parse(msg.data);
- if (data.q !== 'READY') { return; }
- window.removeEventListener('message', onMsg);
- var _done = done;
- done = function () { };
- _done();
- };
- window.addEventListener('message', onMsg);
+ SFCommonO.initIframe(waitFor);
}).nThen(function (/*waitFor*/) {
SFCommonO.start({
noRealtime: true,