El RIDO
c2c0980c57
Merge branch 'formAction'
2021-04-18 21:06:24 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side
2021-04-18 21:05:32 +02:00
PrivateBin Translator Bot
993abd746e
New translations en.json (Estonian)
2021-04-18 21:04:28 +02:00
PrivateBin Translator Bot
30228cc33c
New translations en.json (French)
2021-04-18 21:04:27 +02:00
PrivateBin Translator Bot
14ff704b28
New translations en.json (Spanish)
2021-04-18 21:04:26 +02:00
PrivateBin Translator Bot
cd1b0e0a50
New translations en.json (Arabic)
2021-04-18 21:04:25 +02:00
PrivateBin Translator Bot
4a73afa057
New translations en.json (Bulgarian)
2021-04-18 21:04:24 +02:00
PrivateBin Translator Bot
63d20330b4
New translations en.json (Czech)
2021-04-18 21:04:23 +02:00
PrivateBin Translator Bot
982a4f957c
New translations en.json (German)
2021-04-18 21:04:22 +02:00
PrivateBin Translator Bot
67fd327df4
New translations en.json (Greek)
2021-04-18 21:04:21 +02:00
PrivateBin Translator Bot
db0db4ebff
New translations en.json (Hebrew)
2021-04-18 21:04:20 +02:00
PrivateBin Translator Bot
4514f1f3a4
New translations en.json (Hungarian)
2021-04-18 21:04:19 +02:00
PrivateBin Translator Bot
926fab30e9
New translations en.json (Italian)
2021-04-18 21:04:18 +02:00
PrivateBin Translator Bot
492cdc9926
New translations en.json (Japanese)
2021-04-18 21:04:17 +02:00
PrivateBin Translator Bot
6b5e7c1b49
New translations en.json (Kurdish)
2021-04-18 21:04:15 +02:00
PrivateBin Translator Bot
2bc7e8e38f
New translations en.json (Catalan)
2021-04-18 21:04:14 +02:00
PrivateBin Translator Bot
48916d5df7
New translations en.json (Lithuanian)
2021-04-18 21:04:13 +02:00
PrivateBin Translator Bot
0887f567ab
New translations en.json (Norwegian)
2021-04-18 21:04:12 +02:00
PrivateBin Translator Bot
3e4def2069
New translations en.json (Polish)
2021-04-18 21:04:11 +02:00
PrivateBin Translator Bot
39867d8151
New translations en.json (Portuguese)
2021-04-18 21:04:10 +02:00
PrivateBin Translator Bot
c7a86ebd5c
New translations en.json (Russian)
2021-04-18 21:04:09 +02:00
PrivateBin Translator Bot
56d993ca82
New translations en.json (Slovenian)
2021-04-18 21:04:08 +02:00
PrivateBin Translator Bot
45b3ec4ac6
New translations en.json (Swedish)
2021-04-18 21:04:07 +02:00
PrivateBin Translator Bot
9bd04c55c9
New translations en.json (Turkish)
2021-04-18 21:04:06 +02:00
PrivateBin Translator Bot
dd4633ff8f
New translations en.json (Ukrainian)
2021-04-18 21:04:05 +02:00
PrivateBin Translator Bot
c0207d00a2
New translations en.json (Chinese Simplified)
2021-04-18 21:04:04 +02:00
PrivateBin Translator Bot
bd83415c82
New translations en.json (Hindi)
2021-04-18 21:04:02 +02:00
PrivateBin Translator Bot
478f806e9c
New translations en.json (Latin)
2021-04-18 21:04:01 +02:00
PrivateBin Translator Bot
db402baa14
New translations en.json (Occitan)
2021-04-18 21:04:00 +02:00
PrivateBin Translator Bot
dac5bd1d93
New translations en.json (Dutch)
2021-04-18 21:03:59 +02:00
PrivateBin Translator Bot
4b2f2920a2
New translations en.json (Indonesian)
2021-04-18 21:03:57 +02:00
El RIDO
83620d7eb5
Merge branch 'master' into formAction
2021-04-18 20:59:17 +02:00
El RIDO
de4abad748
Merge branch 'download-feature'
2021-04-18 20:55:59 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
...
Following the tests and HTTP Observatory, I think we can disable forms altogether.
Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
...
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs
Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
0e78534e48
re-label "Download" button to "Save paste"
2021-04-18 09:07:57 +02:00
PrivateBin Translator Bot
b68ae363ec
New translations en.json (Indonesian)
2021-04-18 01:03:48 +02:00
El RIDO
3181cfe58a
translate download button, add it to page template
2021-04-17 09:15:00 +02:00
El RIDO
bc11452259
make filename unique per paste ID
2021-04-17 09:08:11 +02:00
El RIDO
853a4f386f
fix indentation
2021-04-17 08:51:25 +02:00
El RIDO
9683c591bb
document change
2021-04-17 08:48:12 +02:00
El RIDO
47029fb04e
Merge branch 'master' into download-feature
2021-04-17 08:47:14 +02:00
El RIDO
735a77b783
Merge branch 'floc'
2021-04-17 08:39:50 +02:00
El RIDO
5f4200c721
document change
2021-04-17 08:39:35 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc
2021-04-17 08:35:21 +02:00
El RIDO
3b9b6c948f
Merge branch 'cspBaseUrl'
2021-04-17 08:20:32 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation
2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
...
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net ):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.
Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
8232dce395
Merge branch 'cookie-secure-flag'
2021-04-16 20:51:11 +02:00
El RIDO
6f3bb25b09
disable Google FloC
2021-04-16 20:25:50 +02:00