El RIDO
288cf3f005
Merge branch 'master' into stevenandres-master
2022-02-25 06:42:18 +01:00
El RIDO
0e3a7196f9
set frame-ancestors to none
...
disables embedding the site in any frames, which can bypass some of the security mechanisms reg. cross site scripting
2022-02-20 15:21:47 +01:00
El RIDO
91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter
2022-02-20 09:09:20 +01:00
El RIDO
d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master
2022-02-20 08:44:09 +01:00
El RIDO
a200f8875c
php warning in templates, fixes #875
2022-02-15 19:02:44 +01:00
El RIDO
df2f5931cd
improve readability, kudos @rugk
2021-08-19 19:28:52 +02:00
El RIDO
ff3b668958
apply StyleCI recommendation
2021-08-19 11:04:31 +02:00
El RIDO
eb10d4d35e
be more flexible with configuration paths
...
1. only consider CONFIG_PATH environment variable, if non-empty
2. fall back to search in PATH (defined in index.php), if CONFIG_PATH doesn't contain a readable configuration file
2021-08-19 10:21:21 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters
2021-06-08 06:37:27 +02:00
El RIDO
de8f40ac1a
kudos @StyleCI
2021-06-06 19:35:31 +02:00
El RIDO
c758eca0a4
removed automatic .ini configuration file migration, closes #808
2021-06-06 17:53:08 +02:00
Mark van Holsteijn
342270d6dd
added Google Cloud Storage support
2021-05-28 22:39:50 +02:00
LinQhost Managed hosting
63d6816c7c
Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt
2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA
2021-05-04 11:20:24 +02:00
LinQhost Managed hosting
7d82c82fd9
Make it possible to exempt ips from the rate-limiter
2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side
2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
...
Following the tests and HTTP Observatory, I think we can disable forms altogether.
Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
458ebcb321
incrementing version
2021-04-05 17:05:14 +02:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file
2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419
Make it possible to change the info text
...
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
El RIDO
4204e4b8b7
make StyleCI happy and change unit test to use a string
2020-07-03 21:00:42 +02:00
ZerooCool
e61c44ef46
Make Opengraph really functional
...
Make Opengraph really functional
Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968
Make Opengraph really functional
...
3 URLs of images used on social networks are passed in absolute URL.
Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?
Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634
2020-06-11 18:29:32 +02:00
Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
...
Firefox
2020-05-30 05:37:35 -04:00
Steven Andrés
d847e2fcf2
alignment
2020-05-07 16:46:31 -07:00
Steven Andrés
5644001c53
added "whitelist" under [traffic]
2020-05-05 14:17:15 -07:00
El RIDO
9914c37683
incrementing version
2020-03-22 06:44:04 +01:00
El RIDO
adece1d784
incrementing version
2020-02-16 11:15:51 +01:00
El RIDO
ed590ee557
incrementing version
2020-01-08 19:31:06 +01:00
El RIDO
0efe6f7a8e
simplify logic, fullfills the unit test
2019-12-25 08:11:25 +01:00
Lucas Savva
7d9ec9509b
Handle previously renamed CONFIG_PATH gracefully
2019-12-24 19:12:08 +00:00
Lucas Savva
d5d13fa831
Add logic to rename insecure CONFIG_PATH
2019-12-24 18:51:47 +00:00
Lucas Savva
b5c86e290f
squashme: fix code style issue
2019-12-20 10:42:59 +00:00
Lucas Savva
6b0468ebff
Add support for a CONFIG_PATH variable
2019-12-19 23:06:32 +00:00
El RIDO
2d4edfe401
incrementing version number in preparation of release
2019-09-22 19:42:04 +02:00
El RIDO
d5aeba60ca
increase default size limit to 10 MiB, documenting change
2019-09-20 07:04:26 +02:00
Haocen Xu
ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
...
attachment
Fix cloning paste with attachment
Update CSP in sample and default configuration
Ensure clone paste also clone format
Fix clone button hiding logic when paste is burn after read
Remove attachment name when new paste clicked on
Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO
07018e5876
incrementing version number in preparation of release
2019-07-08 18:35:34 +02:00
El RIDO
11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196
2019-06-27 20:31:10 +02:00
El RIDO
c2e060d464
made compression configurable, fixes #38
2019-06-23 19:45:40 +02:00
El RIDO
42c2003220
made notice configurable, fixing a few CSS glitches
2019-06-17 21:40:37 +02:00
El RIDO
362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons
2019-06-16 07:06:58 +02:00
El RIDO
f915af1a5a
adjust CSP header to allow blob URLs
2019-06-15 09:36:09 +02:00
El RIDO
398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules
2019-05-20 18:29:37 +02:00
El RIDO
b5ebc4a3d7
incrementing version
2018-08-11 19:29:58 +02:00
El RIDO
720897b902
correct CSP to allow password prompt
2018-07-21 06:45:09 +00:00