rugk
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
735a77b783
Merge branch 'floc'
2021-04-17 08:39:50 +02:00
El RIDO
5f4200c721
document change
2021-04-17 08:39:35 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc
2021-04-17 08:35:21 +02:00
El RIDO
3b9b6c948f
Merge branch 'cspBaseUrl'
2021-04-17 08:20:32 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
8232dce395
Merge branch 'cookie-secure-flag'
2021-04-16 20:51:11 +02:00
El RIDO
6f3bb25b09
disable Google FloC
2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472
2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765
2021-04-16 19:19:11 +02:00
El RIDO
d727837324
Merge branch 'crowdin-translation'
2021-04-16 18:27:45 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation
2021-04-16 18:27:12 +02:00
El RIDO
51f1f67fe8
Merge branch 'master' into crowdin-translation
2021-04-16 18:00:42 +02:00
PrivateBin Translator Bot
ab250d8686
New translations en.json (Lithuanian)
2021-04-10 16:52:48 +02:00
PrivateBin Translator Bot
1ff8637c23
New translations en.json (Lithuanian)
2021-04-10 15:45:21 +02:00
PrivateBin Translator Bot
727166e945
New translations en.json (Estonian)
2021-04-08 23:05:35 +02:00
PrivateBin Translator Bot
e50f3eb311
New translations en.json (Estonian)
2021-04-08 22:00:09 +02:00
PrivateBin Translator Bot
f5fa37b5f2
New translations en.json (Estonian)
2021-04-08 20:55:45 +02:00
PrivateBin Translator Bot
587822838a
New translations en.json (Chinese Simplified)
2021-04-07 09:18:03 +02:00
PrivateBin Translator Bot
553417194c
New translations en.json (Estonian)
2021-04-06 20:07:13 +02:00
El RIDO
8a08a2167b
fix display of indonesian label in drop-down
2021-04-06 06:27:12 +02:00
El RIDO
d65bf02d78
upgraded kjua
2021-04-05 17:33:07 +02:00
El RIDO
30c8d97517
update PHP dependencies
2021-04-05 17:11:51 +02:00
El RIDO
65d8f896c7
fix make coverage-php
2021-04-05 17:05:46 +02:00
El RIDO
458ebcb321
incrementing version
2021-04-05 17:05:14 +02:00
El RIDO
ec022b2db9
documenting fix for #682
2021-04-05 13:51:23 +02:00
El RIDO
a369202c51
add missing expiration reset
2021-04-05 13:47:37 +02:00
El RIDO
77ee40909f
record defaults during initialization, fixes #682
2021-04-05 13:24:53 +02:00
El RIDO
5fd829aa09
adding unit tests for TopNav.resetInput(), triggering bug described in #682
2021-04-05 12:50:23 +02:00
El RIDO
8864523173
Merge pull request #766 from PrivateBin/codacy
...
Let's try Codacy code scanning again
2021-04-05 12:21:14 +02:00
El RIDO
44cc70ee35
Merge pull request #764 from FozzieHi/patch-1
...
Remove mention of HPKP in the README.
2021-04-05 12:15:31 +02:00
rugk
cdc970a434
Let's try Codacy code scanning again
...
It should now be included into GitHub's security tab.
Fixes https://github.com/PrivateBin/PrivateBin/issues/741
2021-04-04 13:29:41 +02:00
George
2ca479786c
Remove mention of HPKP in the README.
...
HPKP has been removed by all major browsers and according to Can I use it is only supported by browsers that have last received an update over a year ago - https://caniuse.com/?search=HPKP .
2021-04-04 12:05:48 +01:00
El RIDO
7ca33019d2
translate new message
2021-04-04 11:43:27 +02:00
El RIDO
99358bbffc
translate new message, kudos @Cellophile in #715
2021-04-04 11:41:14 +02:00
El RIDO
df126f89d6
add missing translation, fixes #715
2021-04-04 11:39:46 +02:00
El RIDO
a227443cb6
add missing indonesian language
2021-04-04 11:38:50 +02:00
El RIDO
3780db627d
update changelog
2021-04-03 08:28:36 +02:00
El RIDO
a40f3b2950
update DOMpurify to version 2.2.7
2021-04-03 07:04:59 +02:00
El RIDO
2e10bdbd22
update DOMpurify to version 2.2.7
2021-04-02 09:09:47 +02:00
El RIDO
4fcf7f31a1
Merge branch 'crowdin-translation'
2021-04-02 09:00:50 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation
2021-04-02 09:00:27 +02:00
PrivateBin Translator Bot
52d65abce7
New translations en.json (Catalan)
2021-03-27 14:30:25 +01:00
PrivateBin Translator Bot
f3fee65ba9
New translations en.json (Catalan)
2021-03-27 10:00:26 +01:00
PrivateBin Translator Bot
4a5f08074b
New translations en.json (Indonesian)
2021-03-27 03:21:45 +01:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation
2021-03-09 05:54:06 +01:00
PrivateBin Translator Bot
f71e62c07e
New translations en.json (Indonesian)
2021-03-09 05:45:44 +01:00
hogren
b55a0456af
Avoid the use of <i> markup in a translation.
2021-03-09 05:23:10 +01:00
El RIDO
066aa77ba1
Merge branch 'master' into crowdin-translation
2021-03-09 05:16:41 +01:00