Commit Graph

2510 Commits

Author SHA1 Message Date
rugk 3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk 5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO 0e78534e48
re-label "Download" button to "Save paste" 2021-04-18 09:07:57 +02:00
PrivateBin Translator Bot b68ae363ec New translations en.json (Indonesian) 2021-04-18 01:03:48 +02:00
El RIDO 3181cfe58a
translate download button, add it to page template 2021-04-17 09:15:00 +02:00
El RIDO bc11452259
make filename unique per paste ID 2021-04-17 09:08:11 +02:00
El RIDO 853a4f386f
fix indentation 2021-04-17 08:51:25 +02:00
El RIDO 9683c591bb
document change 2021-04-17 08:48:12 +02:00
El RIDO 47029fb04e
Merge branch 'master' into download-feature 2021-04-17 08:47:14 +02:00
El RIDO 735a77b783
Merge branch 'floc' 2021-04-17 08:39:50 +02:00
El RIDO 5f4200c721
document change 2021-04-17 08:39:35 +02:00
El RIDO 9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO 3b9b6c948f
Merge branch 'cspBaseUrl' 2021-04-17 08:20:32 +02:00
El RIDO 7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO 8232dce395
Merge branch 'cookie-secure-flag' 2021-04-16 20:51:11 +02:00
El RIDO 6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO 1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
Christian Pierre MOMON ed66351337
Added download feature (#5318). 2021-04-16 19:29:03 +02:00
El RIDO 9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO d727837324
Merge branch 'crowdin-translation' 2021-04-16 18:27:45 +02:00
El RIDO 175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO 51f1f67fe8
Merge branch 'master' into crowdin-translation 2021-04-16 18:00:42 +02:00
PrivateBin Translator Bot ab250d8686 New translations en.json (Lithuanian) 2021-04-10 16:52:48 +02:00
PrivateBin Translator Bot 1ff8637c23 New translations en.json (Lithuanian) 2021-04-10 15:45:21 +02:00
PrivateBin Translator Bot 727166e945 New translations en.json (Estonian) 2021-04-08 23:05:35 +02:00
PrivateBin Translator Bot e50f3eb311 New translations en.json (Estonian) 2021-04-08 22:00:09 +02:00
PrivateBin Translator Bot f5fa37b5f2 New translations en.json (Estonian) 2021-04-08 20:55:45 +02:00
PrivateBin Translator Bot 587822838a New translations en.json (Chinese Simplified) 2021-04-07 09:18:03 +02:00
PrivateBin Translator Bot 553417194c New translations en.json (Estonian) 2021-04-06 20:07:13 +02:00
El RIDO 8a08a2167b
fix display of indonesian label in drop-down 2021-04-06 06:27:12 +02:00
El RIDO d65bf02d78
upgraded kjua 2021-04-05 17:33:07 +02:00
El RIDO 30c8d97517
update PHP dependencies 2021-04-05 17:11:51 +02:00
El RIDO 65d8f896c7
fix make coverage-php 2021-04-05 17:05:46 +02:00
El RIDO 458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO ec022b2db9
documenting fix for #682 2021-04-05 13:51:23 +02:00
El RIDO a369202c51
add missing expiration reset 2021-04-05 13:47:37 +02:00
El RIDO 77ee40909f
record defaults during initialization, fixes #682 2021-04-05 13:24:53 +02:00
El RIDO 5fd829aa09
adding unit tests for TopNav.resetInput(), triggering bug described in #682 2021-04-05 12:50:23 +02:00
El RIDO 8864523173
Merge pull request #766 from PrivateBin/codacy
Let's try Codacy code scanning again
2021-04-05 12:21:14 +02:00
El RIDO 44cc70ee35
Merge pull request #764 from FozzieHi/patch-1
Remove mention of HPKP in the README.
2021-04-05 12:15:31 +02:00
rugk cdc970a434
Let's try Codacy code scanning again
It should now be included into GitHub's security tab.

Fixes https://github.com/PrivateBin/PrivateBin/issues/741
2021-04-04 13:29:41 +02:00
George 2ca479786c
Remove mention of HPKP in the README.
HPKP has been removed by all major browsers and according to Can I use it is only supported by browsers that have last received an update over a year ago - https://caniuse.com/?search=HPKP.
2021-04-04 12:05:48 +01:00
El RIDO 7ca33019d2
translate new message 2021-04-04 11:43:27 +02:00
El RIDO 99358bbffc
translate new message, kudos @Cellophile in #715 2021-04-04 11:41:14 +02:00
El RIDO df126f89d6
add missing translation, fixes #715 2021-04-04 11:39:46 +02:00
El RIDO a227443cb6
add missing indonesian language 2021-04-04 11:38:50 +02:00
El RIDO 3780db627d
update changelog 2021-04-03 08:28:36 +02:00
El RIDO a40f3b2950
update DOMpurify to version 2.2.7 2021-04-03 07:04:59 +02:00
El RIDO 2e10bdbd22
update DOMpurify to version 2.2.7 2021-04-02 09:09:47 +02:00