Commit Graph

21 Commits

Author SHA1 Message Date
El RIDO 9aac073a49
clarifying for #525 that none is a string, as PHP might evaluate it to NULL instead 2020-01-09 05:42:42 +01:00
El RIDO d5aeba60ca
increase default size limit to 10 MiB, documenting change 2019-09-20 07:04:26 +02:00
El RIDO 8e27dbff15
clarify the use of 'unsafe-eval' and what the impact removing it has - Firefox users may not care and disable it to improve security 2019-09-19 19:24:28 +02:00
Haocen Xu ab75b183fb
Fix click on new paste on clone paste editing view not removing custom
attachment

Fix cloning paste with attachment

Update CSP in sample and default configuration

Ensure clone paste also clone format

Fix clone button hiding logic when paste is burn after read

Remove attachment name when new paste clicked on

Enable file operation only when editing
2019-08-25 02:16:58 -04:00
El RIDO 11375a4f59
moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196 2019-06-27 20:31:10 +02:00
El RIDO c2e060d464
made compression configurable, fixes #38 2019-06-23 19:45:40 +02:00
rugk b7db033bdd
Adjust config text 2019-06-21 19:50:40 +02:00
El RIDO 42c2003220
made notice configurable, fixing a few CSS glitches 2019-06-17 21:40:37 +02:00
El RIDO 362045c664
re-add data-URLs to CSP for img-src, as these are used for the comment icons 2019-06-16 07:06:58 +02:00
El RIDO f915af1a5a
adjust CSP header to allow blob URLs 2019-06-15 09:36:09 +02:00
El RIDO 398fabd664
Chrome requires unsafe-eval for it to parse and evaluate WASM modules 2019-05-20 18:29:37 +02:00
El RIDO 720897b902 correct CSP to allow password prompt 2018-07-21 06:45:09 +00:00
rugk 60d4ccb02c
Add comment about blocked images
Fixes https://github.com/PrivateBin/PrivateBin/issues/275
2018-07-01 14:59:24 +02:00
El RIDO d6f203dc4c
Removed option to hide clone button on expiring pastes, since this requires reading the paste for rendering the template, which leaks information on the pastes state 2018-05-27 15:05:31 +02:00
El RIDO caf87cc6f1
Merge branch 'master' into burnafterreading-fix, regression in expired paste error 2018-04-30 20:01:38 +02:00
El RIDO 2c82279292
Merge branch 'attachment-handling' of https://github.com/thororm/PrivateBin into thororm-attachment-handling
apart from resolving conflicts:
- added missing docs
- inlined functions that were used in only one location
- updated unit test to support all previews
- fixed a regression that displayed the preview even when there was no preview and too early
2018-04-29 11:57:03 +02:00
rugk 9c132cd839
Disallow form-action in CSP to limit outgoing connections
See https://github.com/PrivateBin/PrivateBin/issues/272
2018-01-06 18:06:06 +01:00
rugk 414ab0eb71
Add config and basic page template support
* load JS file asyncronously (just HTML5 async attribut)
* add basic support for page template, where it generates the code inside
  of a simple div at the top
* added option to turn off QR code support
2017-12-25 14:59:15 +01:00
El RIDO 4ded4b7f8c
adding correct HTTP error to response, as per @rugk's recommentation 2017-10-08 16:43:46 +02:00
El RIDO 6625a9dc59
hiding INI contents from StyleCI 2017-10-08 16:26:21 +02:00
El RIDO 7197705d5c
updating unit test in preparation for planned file name change, currently failing 2017-10-08 16:25:11 +02:00
Renamed from cfg/conf.ini.sample (Browse further)