ansuz
0f46869217
WIP update recommended production CSP values
3 years ago
ansuz
383684d339
add new, very specific tests for CSP to the checkup page
3 years ago
ansuz
5835721322
Updated checkup page tests
...
1. check that /api/config is reachable from the sandbox domain
2. check that interest-cohort rules are present rather than strict comparison of expected headers
3 years ago
ansuz
f9be929eb9
check for unnecessarily permissive CSP
3 years ago
yflory
8f0543c3f3
Prepare possible OO migration
3 years ago
ansuz
a2e6f0a1c4
disable outdated tests
3 years ago
ansuz
b8d6af7891
adjust CSP headers for printing from OnlyOffice
...
* allow outer to load resources from the sandbox (for fonts)
* test whether the expected CSP values are present on the checkup page
* simplify the nodejs server a bit
3 years ago
ansuz
04234aa1f4
fix a typo in a class
3 years ago
ansuz
7647a60219
guess OS version on checkup page
3 years ago
ansuz
a20bfbf6c1
lint compliance
3 years ago
ansuz
dd53b6fa72
constrain table width in checkup summaries
3 years ago
ansuz
613868bbde
fix safari-specific warnings in checkup
3 years ago
ansuz
b6cc4ef8cf
test browser-dependent SharedArrayBuffer support in checkup
...
include debugging information in final report
for when browser vendors inevitably break APIs again
3 years ago
ansuz
5f32a38f3e
Merge branch 'soon' into main
3 years ago
ansuz
921da962d0
narrow exceptions for use of localhost in checkup
3 years ago
ansuz
6578b66ba6
convert a warning to an error
3 years ago
ansuz
c774a5d06e
time out if checkup test #7 doesn't call back in 30s
4 years ago
ansuz
3095526066
remove some notes that have been addressed
4 years ago
ansuz
3b44c09bc4
check COOP headers for multiple endpoints
...
and improve some error reporting in the checkup RPC
4 years ago
ansuz
4a147815f6
disable server_tokens test until an easy solution is in place
4 years ago
ansuz
433470cf40
check that server responses don't contain 'Server' headers
...
if they do, check that the server is NGINX.
4 years ago
ansuz
e143873a20
display the currently set FLoC header in the checkup page's warning message.
...
Addresses #757
4 years ago
ansuz
2bd659a9b5
test whether the instance configured to use HTTPS for the main and sandbox domains
4 years ago
ansuz
1fe57c7e03
lint compliance and minor refactor
4 years ago
ansuz
24e181ab9a
elaborate on some messages in the checkup page
4 years ago
ansuz
8ecf7a70c4
lint compliance and dead code removal
4 years ago
ansuz
cba66d5db3
close websockets when the checkup is complete
4 years ago
ansuz
9c3dc7aa9c
simplify some tests on the checkup page
4 years ago
ansuz
1f86578920
update instructions for adminEmail configuration
4 years ago
ansuz
cc56745858
add more thorough tests for sandbox configuration on the checkup page
4 years ago
ansuz
0c7f77f5ed
sketch out some more sandbox tests and note down some improvements
4 years ago
ansuz
2ed25c38fb
display more information about incorrect headers on checkup page
4 years ago
ansuz
32494fca0c
let NGINX handle its own headers
4 years ago
yflory
7a682397e2
Add checkup test about Google's Floc
4 years ago
ansuz
fe41ca36bc
display the instance version on the checkup page
4 years ago
ansuz
9fbd10fa8e
Merge branch 'staging' into restricted-registration
4 years ago
ansuz
005573c512
provide detailed descriptions for addressing warnings on the checkup page
4 years ago
ansuz
88a1b94a4b
new tests for checkup page
4 years ago
ansuz
30fc2a5edf
Merge branch 'staging' into restricted-registration
4 years ago
ansuz
0822f93fcc
test api headers in checkup page
4 years ago
ansuz
8d12086aba
check for duplicated headers
4 years ago
ansuz
50045c08d0
WIP restrict registration
4 years ago
ansuz
359de1dc94
better checkup page error messages
4 years ago
ansuz
0b15f5793d
stub an incorrect test
4 years ago
ansuz
b7975bb791
add some debugging advice to the checkup page
4 years ago
ansuz
1ee2f70f49
fix spreadsheet CSP checkup and confirm that /api/broadcast is accessible
4 years ago
ansuz
0d60b08702
test that XLSX export headers are correctly set in checkup app
4 years ago
ansuz
f6f90712af
stricter tests for the sandbox checkup
4 years ago
ansuz
163b870f92
handle absent trailing slashes in config for checkup page
4 years ago
yflory
40e9da566e
lint compliance
4 years ago