b4323b2c40
fix incorrect frame-ancestors and update test
3 years ago
6253c7c61c
don't panic if unsafeiframe is loaded with unsafe-eval
3 years ago
e6c51e3dff
remove hardcoded translations and invert remote embedding logic
3 years ago
9ae4101ea2
test for the presence of x-content-type-options for blob and block
3 years ago
4c53d9b509
enforce only loading inner.html from nested contexts
3 years ago
f34a60665f
check that the server is running at least NodeJS v16.14.2
3 years ago
b83e8600f4
clean up checkup tests and remove XXX
3 years ago
a54a0af604
more tests on checkup page
3 years ago
e38e08fb6e
Merge branch 'soon' into block-embeds
3 years ago
c715334616
stub a test on the checkup page
3 years ago
45d2eb0267
Merge branch 'soon' of github.com:xwiki-labs/cryptpad into support-categories
...
and include some tweaks for the checkup page
* sort errors above warnings
* improve messages for new tests
3 years ago
c111364024
add two new tests to diagnose unavailability of uploaded blocks and blobs
3 years ago
1e2a059074
lint compliance
3 years ago
7c3d563453
WIP support for customized and translated legal info
3 years ago
aaa00216d4
add a note about what configurations are supported re: third party embedding
3 years ago
0917b45035
implement proper support for forbidding remote media-tag inclusion
...
...and test that the basic headers are correctly set on the checkup page
3 years ago
b40c81d088
support modifying CSP headers at runtime
3 years ago
1a18eafb7f
checkup page improvements
...
* removed a redundant test
* more descriptive error messages
* more useful return values in failed tests
* xhr reuse where possible for faster test completion
* guard against typeerrors caused by undefined CSP
* display server token value in summary if present
3 years ago
d781d3bba2
lint compliance
3 years ago
6196e81953
WIP checkup tests
3 years ago
6a62e28c60
include option upgradeURL CSP in checkup page tests
3 years ago
7b6c8b83ef
stricter websocket CSP and tests to match
3 years ago
c0686dad99
fix merge conflict
3 years ago
19863b8fb0
Merge branch 'soon' into checkup
3 years ago
0f46869217
WIP update recommended production CSP values
3 years ago
383684d339
add new, very specific tests for CSP to the checkup page
3 years ago
cc1137b96b
more WIP checkup
3 years ago
ee92ddb813
more WIP checkup
3 years ago
2e14e8e930
more WIP checkup
3 years ago
f2ead5b588
more WIP checkup
3 years ago
d736e22c3b
more WIP checkup
3 years ago
876132fc76
more WIP checkup
3 years ago
39f1530969
more WIP checkup
3 years ago
521097e3ad
more WIP checkup
3 years ago
937b0b450f
better checkup test
3 years ago
8eefeace43
WIP checkup improvements
3 years ago
5835721322
Updated checkup page tests
...
1. check that /api/config is reachable from the sandbox domain
2. check that interest-cohort rules are present rather than strict comparison of expected headers
3 years ago
f9be929eb9
check for unnecessarily permissive CSP
3 years ago
8f0543c3f3
Prepare possible OO migration
3 years ago
a2e6f0a1c4
disable outdated tests
3 years ago
b8d6af7891
adjust CSP headers for printing from OnlyOffice
...
* allow outer to load resources from the sandbox (for fonts)
* test whether the expected CSP values are present on the checkup page
* simplify the nodejs server a bit
3 years ago
04234aa1f4
fix a typo in a class
3 years ago
7647a60219
guess OS version on checkup page
3 years ago
a20bfbf6c1
lint compliance
3 years ago
dd53b6fa72
constrain table width in checkup summaries
3 years ago
613868bbde
fix safari-specific warnings in checkup
3 years ago
b6cc4ef8cf
test browser-dependent SharedArrayBuffer support in checkup
...
include debugging information in final report
for when browser vendors inevitably break APIs again
3 years ago
5f32a38f3e
Merge branch 'soon' into main
3 years ago
921da962d0
narrow exceptions for use of localhost in checkup
3 years ago
6578b66ba6
convert a warning to an error
3 years ago
ansuz