Commit Graph

94 Commits (0513945f00070c94b5e41cfb908cbdc36733b3f2)

Author SHA1 Message Date
ansuz 83119a25c8 better error handling in checkup
ansuz e5df9cb730 display a notice if bower dependencies fail to load for the checkup page
ansuz 404b89eb28 update recommended settings for embedding to permit element desktop
ansuz 841884c631 translated warnings for people that use AdGuard
ansuz b4323b2c40 fix incorrect frame-ancestors and update test
ansuz 6253c7c61c don't panic if unsafeiframe is loaded with unsafe-eval
ansuz e6c51e3dff remove hardcoded translations and invert remote embedding logic
ansuz 9ae4101ea2 test for the presence of x-content-type-options for blob and block
ansuz 4c53d9b509 enforce only loading inner.html from nested contexts
ansuz f34a60665f check that the server is running at least NodeJS v16.14.2
ansuz b83e8600f4 clean up checkup tests and remove XXX
ansuz a54a0af604 more tests on checkup page
ansuz e38e08fb6e Merge branch 'soon' into block-embeds
ansuz c715334616 stub a test on the checkup page
ansuz 45d2eb0267 Merge branch 'soon' of github.com:xwiki-labs/cryptpad into support-categories
and include some tweaks for the checkup page

* sort errors above warnings
* improve messages for new tests
ansuz c111364024 add two new tests to diagnose unavailability of uploaded blocks and blobs
ansuz 1e2a059074 lint compliance
ansuz 7c3d563453 WIP support for customized and translated legal info
ansuz aaa00216d4 add a note about what configurations are supported re: third party embedding
ansuz 0917b45035 implement proper support for forbidding remote media-tag inclusion
...and test that the basic headers are correctly set on the checkup page
ansuz b40c81d088 support modifying CSP headers at runtime
ansuz 1a18eafb7f checkup page improvements
* removed a redundant test
* more descriptive error messages
* more useful return values in failed tests
* xhr reuse where possible for faster test completion
* guard against typeerrors caused by undefined CSP
* display server token value in summary if present
ansuz d781d3bba2 lint compliance
ansuz 6196e81953 WIP checkup tests
ansuz 6a62e28c60 include option upgradeURL CSP in checkup page tests
ansuz 7b6c8b83ef stricter websocket CSP and tests to match
ansuz c0686dad99 fix merge conflict
ansuz 19863b8fb0 Merge branch 'soon' into checkup
ansuz 0f46869217 WIP update recommended production CSP values
ansuz 383684d339 add new, very specific tests for CSP to the checkup page
ansuz cc1137b96b more WIP checkup
ansuz ee92ddb813 more WIP checkup
ansuz 2e14e8e930 more WIP checkup
ansuz f2ead5b588 more WIP checkup
ansuz d736e22c3b more WIP checkup
ansuz 876132fc76 more WIP checkup
ansuz 39f1530969 more WIP checkup
ansuz 521097e3ad more WIP checkup
ansuz 937b0b450f better checkup test
ansuz 8eefeace43 WIP checkup improvements
ansuz 5835721322 Updated checkup page tests
1. check that /api/config is reachable from the sandbox domain
2. check that interest-cohort rules are present rather than strict comparison of expected headers
ansuz f9be929eb9 check for unnecessarily permissive CSP
yflory 8f0543c3f3 Prepare possible OO migration
ansuz a2e6f0a1c4 disable outdated tests
ansuz b8d6af7891 adjust CSP headers for printing from OnlyOffice
* allow outer to load resources from the sandbox (for fonts)
* test whether the expected CSP values are present on the checkup page
* simplify the nodejs server a bit
ansuz 04234aa1f4 fix a typo in a class
ansuz 7647a60219 guess OS version on checkup page
ansuz a20bfbf6c1 lint compliance
ansuz dd53b6fa72 constrain table width in checkup summaries
ansuz 613868bbde fix safari-specific warnings in checkup