Commit Graph

2029 Commits

Author SHA1 Message Date
El RIDO fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
PrivateBin Translator Bot 993abd746e New translations en.json (Estonian) 2021-04-18 21:04:28 +02:00
PrivateBin Translator Bot 30228cc33c New translations en.json (French) 2021-04-18 21:04:27 +02:00
PrivateBin Translator Bot 14ff704b28 New translations en.json (Spanish) 2021-04-18 21:04:26 +02:00
PrivateBin Translator Bot cd1b0e0a50 New translations en.json (Arabic) 2021-04-18 21:04:25 +02:00
PrivateBin Translator Bot 4a73afa057 New translations en.json (Bulgarian) 2021-04-18 21:04:24 +02:00
PrivateBin Translator Bot 63d20330b4 New translations en.json (Czech) 2021-04-18 21:04:23 +02:00
PrivateBin Translator Bot 982a4f957c New translations en.json (German) 2021-04-18 21:04:22 +02:00
PrivateBin Translator Bot 67fd327df4 New translations en.json (Greek) 2021-04-18 21:04:21 +02:00
PrivateBin Translator Bot db0db4ebff New translations en.json (Hebrew) 2021-04-18 21:04:20 +02:00
PrivateBin Translator Bot 4514f1f3a4 New translations en.json (Hungarian) 2021-04-18 21:04:19 +02:00
PrivateBin Translator Bot 926fab30e9 New translations en.json (Italian) 2021-04-18 21:04:18 +02:00
PrivateBin Translator Bot 492cdc9926 New translations en.json (Japanese) 2021-04-18 21:04:17 +02:00
PrivateBin Translator Bot 6b5e7c1b49 New translations en.json (Kurdish) 2021-04-18 21:04:15 +02:00
PrivateBin Translator Bot 2bc7e8e38f New translations en.json (Catalan) 2021-04-18 21:04:14 +02:00
PrivateBin Translator Bot 48916d5df7 New translations en.json (Lithuanian) 2021-04-18 21:04:13 +02:00
PrivateBin Translator Bot 0887f567ab New translations en.json (Norwegian) 2021-04-18 21:04:12 +02:00
PrivateBin Translator Bot 3e4def2069 New translations en.json (Polish) 2021-04-18 21:04:11 +02:00
PrivateBin Translator Bot 39867d8151 New translations en.json (Portuguese) 2021-04-18 21:04:10 +02:00
PrivateBin Translator Bot c7a86ebd5c New translations en.json (Russian) 2021-04-18 21:04:09 +02:00
PrivateBin Translator Bot 56d993ca82 New translations en.json (Slovenian) 2021-04-18 21:04:08 +02:00
PrivateBin Translator Bot 45b3ec4ac6 New translations en.json (Swedish) 2021-04-18 21:04:07 +02:00
PrivateBin Translator Bot 9bd04c55c9 New translations en.json (Turkish) 2021-04-18 21:04:06 +02:00
PrivateBin Translator Bot dd4633ff8f New translations en.json (Ukrainian) 2021-04-18 21:04:05 +02:00
PrivateBin Translator Bot c0207d00a2 New translations en.json (Chinese Simplified) 2021-04-18 21:04:04 +02:00
PrivateBin Translator Bot bd83415c82 New translations en.json (Hindi) 2021-04-18 21:04:02 +02:00
PrivateBin Translator Bot 478f806e9c New translations en.json (Latin) 2021-04-18 21:04:01 +02:00
PrivateBin Translator Bot db402baa14 New translations en.json (Occitan) 2021-04-18 21:04:00 +02:00
PrivateBin Translator Bot dac5bd1d93 New translations en.json (Dutch) 2021-04-18 21:03:59 +02:00
PrivateBin Translator Bot 4b2f2920a2 New translations en.json (Indonesian) 2021-04-18 21:03:57 +02:00
El RIDO 83620d7eb5
Merge branch 'master' into formAction 2021-04-18 20:59:17 +02:00
El RIDO de4abad748
Merge branch 'download-feature' 2021-04-18 20:55:59 +02:00
rugk 3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk 5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO 0e78534e48
re-label "Download" button to "Save paste" 2021-04-18 09:07:57 +02:00
PrivateBin Translator Bot b68ae363ec New translations en.json (Indonesian) 2021-04-18 01:03:48 +02:00
El RIDO 3181cfe58a
translate download button, add it to page template 2021-04-17 09:15:00 +02:00
El RIDO bc11452259
make filename unique per paste ID 2021-04-17 09:08:11 +02:00
El RIDO 853a4f386f
fix indentation 2021-04-17 08:51:25 +02:00
El RIDO 9683c591bb
document change 2021-04-17 08:48:12 +02:00
El RIDO 47029fb04e
Merge branch 'master' into download-feature 2021-04-17 08:47:14 +02:00
El RIDO 735a77b783
Merge branch 'floc' 2021-04-17 08:39:50 +02:00
El RIDO 5f4200c721
document change 2021-04-17 08:39:35 +02:00
El RIDO 9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO 3b9b6c948f
Merge branch 'cspBaseUrl' 2021-04-17 08:20:32 +02:00
El RIDO 7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO 8232dce395
Merge branch 'cookie-secure-flag' 2021-04-16 20:51:11 +02:00
El RIDO 6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO 1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00