Commit Graph

180 Commits (c1b3ac89605e8c721a5e182c754a2dfe00b2dfa6)

Author SHA1 Message Date
ansuz 942a136886 somewhat stricter httpUnsafeOrigin validation
ansuz 98c8d7086f include instance version in Env
ansuz 87a52b67f5 re-add an incorrectly removed curly brace
ansuz 41db88a360 WIP admin 'network' panel
ansuz b88963cec2 conditionally log some information about the checkup page when launching the server
ansuz 32494fca0c let NGINX handle its own headers
ansuz eb32651c67 leave some notes about a minor race condition
ansuz 30fc2a5edf Merge branch 'staging' into restricted-registration
ansuz bd37e45eb4 disable some seemingly problematic server code
ansuz 15a8284a30 add some logging and avoid some errors
ansuz 50045c08d0 WIP restrict registration
ansuz e90031b8d1 refined header fix for standalone instances
ansuz 3a0fe6968d refine the header fixes for chrome to avoid breaking standalone instances
ansuz ae173d31cb fix a chrome header issue
ansuz 34e02a23e7 deduplicate server code for caching rendered API endpoints
ansuz 4e3a7fef24 add notes from our review
yflory 8f679c141c Broadcast update
yflory 96892bff48 Merge branch 'staging' into broadcast
yflory b108960d67 Rename ooslide and oodoc
ansuz 3141d7add1 remove trailing slashes from configured origins
in both the server and the example config file
yflory 7971a6d267 Major broadcast refactoring
yflory d15c0461cc Add /api/broadcast and improve message deletion
ansuz 1ef6a96cd1 avoid duplicating CSP headers in production environments
ansuz 3c4b2ffad0 avoid setting headers for /api/config that will be duplicated by nginx
ansuz 929159a0f4 implement server offline mode (no ws)
yflory 396eb4d263 Stop autodownloading big mediatags
ansuz ebc394c4b3 expose defaultStorageLimit via /api/config
ansuz aa547a7b76 align nodejs http headers with example nginx
ansuz 804443e5f7 send basic team info along with support tickets
...and fix a server bug that had broken /api/config.supportMailbox
ansuz 369c92c01d initialize Env from server and deduplicate several attributes
ansuz c99de4ffc2 expose the canonical representation of adminKeys via /api/config
ansuz b5d3a10dc2 guard against possible typeErrors from unvalidated config input
ansuz 6519f8242e Merge branch 'signing-key-format' into staging
ansuz ebcc9a069b add server-side support for the new format of public signing keys
yflory b94a596751 remove unsafe-inline requirement in pad
ansuz 5196440e65 guard against a typeError when httpSafeOrigin is not defined
ansuz 9fa93172cf tolerate trailing slashes in httpSafeDomain
ansuz 3b05d24f10 wip csp issue
Jason Heard 9b3013278b Check httpSafeOrigin in config variable
ansuz 53ed247bc2 expose maxUploadSize and premiumUploadSize via /api/config
ansuz e70c3ff0ab add some default config values and warn if provided values seem incorrect
ansuz 74771f13f5 implement caching for /api/config responses
ansuz 80c012f34d prepare to merge history keeper and rpc
ansuz c388641479 drop support for 'retainData' configuration
ansuz f45de2b52f move some server deps from repo root to lib/
ansuz 671999c600 treat onlyoffice iframes specially with regard to CSP
yflory 47768112b4 Merge branch 'staging' into communities-oo
Ludovic Dubost d593f3961c Updated OnlyOffice editors, Updated x2t.js to 5.4.2
Ludovic Dubost 1065ef5d4c Fix security policy for ooslide and oodoc which would break x2t wasm export on Chrome
ansuz 05699b2c94 unify websocket configuration points