tldraw/apps/dotcom/index.html

<!doctype html>
<html lang="en">
	<head>
		<meta charset="UTF-8" />

		<link rel="manifest" href="/manifest.webmanifest" />

		<meta name="referrer" content="strict-origin-when-cross-origin" />
		<meta name="theme-color" content="#FFFFFF" data-rh="true" />
		<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
		<link rel="icon" type="image/svg+xml" href="/favicon.svg" />
		<meta name="application-name" content="tldraw" />
		<meta name="apple-mobile-web-app-capable" content="yes" />
		<meta name="apple-mobile-web-app-status-bar-style" content="default" />
		<meta name="apple-mobile-web-app-title" content="tldraw" />
		<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#FFFFFF" />

		<meta name="description" content="A free and instant collaborative diagramming tool." />
		<meta name="format-detection" content="telephone=no" />
		<meta name="mobile-web-app-capable" content="yes" />
		<meta name="msapplication-config" content="browserconfig.xml" />
		<meta name="msapplication-TileColor" content="#FFFFFF" />
		<meta name="msapplication-tap-highlight" content="no" />

		<link rel="apple-touch-icon" href="/apple-touch-icon.png" />
		<link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icon-152x152.svg" />
		<link rel="apple-touch-icon" sizes="167x167" href="/apple-touch-icon-167x167.svg" />
		<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon-180x180.svg" />

		<meta name="twitter:card" content="summary" />
		<meta name="twitter:url" content="https://www.tldraw.com/" />
		<meta name="twitter:title" content="tldraw" />
		<meta name="twitter:description" content="A free and instant collaborative diagramming tool." />
		<meta name="twitter:image" content="https://www.tldraw.com/social-twitter.png" />
		<meta name="twitter:creator" content="@tldraw" />
		<meta property="og:type" content="website" />
		<meta property="og:title" content="tldraw" />
		<meta property="og:description" content="A free and instant collaborative diagramming tool." />
		<meta property="og:site_name" content="tldraw" />
		<meta property="og:url" content="https://www.tldraw.com/" />
		<meta property="og:image" content="https://www.tldraw.com/social-og.png" />
		<title>tldraw</title>
	</head>

	<body>
		<div id="root" class="site-wrapper"></div>
		<script type="module" src="./src/main.tsx"></script>
		<noscript>You need to enable JavaScript to run tldraw. ✌️</noscript>
	</body>
</html>
[dx] Allow vscode to search inside md files by default (#3105) Before this PR all .md files were targeted by the `.ignore` file, which has bitten me on a number of occasions since .md files often contain valuable information (e.g. the vscode extensions docs). This PR unignores .md files while still ignoring _generated_ .md files like our changelogs, the api-report files, and the generated docs sections. Additionally, the `yarn format` and `yarn lint` commands were configured slightly differently, which was confusing, so I've unified those and simplified the lint.ts script at the same time. ### Change Type - [ ] `patch` — Bug fix - [ ] `minor` — New feature - [ ] `major` — Breaking change - [ ] `dependencies` — Changes to package dependencies[^1] - [ ] `documentation` — Changes to the documentation only[^2] - [ ] `tests` — Changes to any test code only[^2] - [x] `internal` — Any other changes that don't affect the published package[^2] - [ ] I don't know [^1]: publishes a `patch` release, for devDependencies use `internal` [^2]: will not publish a new version 2024-03-11 14:08:04 +00:00			`<!doctype html>`
unbrivate, dot com in (#2475) This PR moves the tldraw.com app into the public repo. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] --------- Co-authored-by: Dan Groshev <git@dgroshev.com> Co-authored-by: alex <alex@dytry.ch> 2024-01-16 14:38:05 +00:00			`<html lang="en">`
			`<head>`
			`<meta charset="UTF-8" />`

			`<link rel="manifest" href="/manifest.webmanifest" />`

security: don't send referrer paths for images and bookmarks (#3881) We're currently sending `referrer` with path for image/bookmark requests. We shouldn't do that as it exposes the rooms to other servers. ## `<img>` - `<img>` tags have the right referrerpolicy to be `strict-origin-when-cross-origin`: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#referrerpolicy - _however_, because we use React, it looks like react creates a raw DOM node and adds properties one by one and it loses the default referrerpolicy it would otherwise get! So, in `BookmarkShapeUtil` we explicitly state the `referrerpolicy` - `background-image` does the right thing 👍 - _also_, I added this to places we do programmatic `new Image()` ## `fetch` - _however_, fetch does not! wtf. https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch it's almost a footnote in this section of the docs (https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#supplying_request_options) that `no-referrer-when-downgrade` is the default. ## `new Image()` ugh, but _also_ doing a programmatic `new Image()` doesn't do the right thing and we need to set the referrerpolicy here as well ### Change Type <!-- ❗ Please select a 'Scope' label ❗️ --> - [x] `sdk` — Changes the tldraw SDK - [x] `dotcom` — Changes the tldraw.com web app - [ ] `docs` — Changes to the documentation, examples, or templates. - [ ] `vs code` — Changes to the vscode plugin - [ ] `internal` — Does not affect user-facing stuff <!-- ❗ Please select a 'Type' label ❗️ --> - [x] `bugfix` — Bug fix - [ ] `feature` — New feature - [ ] `improvement` — Improving existing features - [ ] `chore` — Updating dependencies, other boring stuff - [ ] `galaxy brain` — Architectural changes - [ ] `tests` — Changes to any test code - [ ] `tools` — Changes to infrastructure, CI, internal scripts, debugging tools, etc. - [ ] `dunno` — I don't know ### Test Plan 1. Test on staging that referrer with path isn't being sent anymore. ### Release Notes - Security: fix referrer being sent for bookmarks and images. 2024-06-05 10:52:10 +00:00			`<meta name="referrer" content="strict-origin-when-cross-origin" />`
unbrivate, dot com in (#2475) This PR moves the tldraw.com app into the public repo. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] --------- Co-authored-by: Dan Groshev <git@dgroshev.com> Co-authored-by: alex <alex@dytry.ch> 2024-01-16 14:38:05 +00:00			`<meta name="theme-color" content="#FFFFFF" data-rh="true" />`
			`<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />`
			`<link rel="icon" type="image/svg+xml" href="/favicon.svg" />`
			`<meta name="application-name" content="tldraw" />`
			`<meta name="apple-mobile-web-app-capable" content="yes" />`
			`<meta name="apple-mobile-web-app-status-bar-style" content="default" />`
			`<meta name="apple-mobile-web-app-title" content="tldraw" />`
			`<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#FFFFFF" />`

			`<meta name="description" content="A free and instant collaborative diagramming tool." />`
			`<meta name="format-detection" content="telephone=no" />`
			`<meta name="mobile-web-app-capable" content="yes" />`
			`<meta name="msapplication-config" content="browserconfig.xml" />`
			`<meta name="msapplication-TileColor" content="#FFFFFF" />`
			`<meta name="msapplication-tap-highlight" content="no" />`

fix(infra): Fix routing config (#2741) Describe what your pull request does. If appropriate, add GIFs or images showing the before and after. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] [^1]: publishes a `patch` release, for devDependencies use `internal` [^2]: will not publish a new version 2024-02-06 13:31:02 +00:00			`<link rel="apple-touch-icon" href="/apple-touch-icon.png" />`
			`<link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icon-152x152.svg" />`
			`<link rel="apple-touch-icon" sizes="167x167" href="/apple-touch-icon-167x167.svg" />`
			`<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon-180x180.svg" />`
unbrivate, dot com in (#2475) This PR moves the tldraw.com app into the public repo. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] --------- Co-authored-by: Dan Groshev <git@dgroshev.com> Co-authored-by: alex <alex@dytry.ch> 2024-01-16 14:38:05 +00:00
			`<meta name="twitter:card" content="summary" />`
			`<meta name="twitter:url" content="https://www.tldraw.com/" />`
			`<meta name="twitter:title" content="tldraw" />`
			`<meta name="twitter:description" content="A free and instant collaborative diagramming tool." />`
			`<meta name="twitter:image" content="https://www.tldraw.com/social-twitter.png" />`
			`<meta name="twitter:creator" content="@tldraw" />`
			`<meta property="og:type" content="website" />`
			`<meta property="og:title" content="tldraw" />`
			`<meta property="og:description" content="A free and instant collaborative diagramming tool." />`
			`<meta property="og:site_name" content="tldraw" />`
			`<meta property="og:url" content="https://www.tldraw.com/" />`
			`<meta property="og:image" content="https://www.tldraw.com/social-og.png" />`
			`<title>tldraw</title>`
			`</head>`

			`<body>`
seo: take 2 (#2817) (pending landing on: "Going to wait to land this one until the Google SEO 'soft 404' validation finishes. I want to make sure we're testing separate things.") - removes Loading text - adds sitemap to try to get Google to play nice ### Change Type - [x] `patch` — Bug fix --------- Co-authored-by: Steve Ruiz <steveruizok@gmail.com> 2024-02-15 11:28:43 +00:00			`<div id="root" class="site-wrapper"></div>`
unbrivate, dot com in (#2475) This PR moves the tldraw.com app into the public repo. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] --------- Co-authored-by: Dan Groshev <git@dgroshev.com> Co-authored-by: alex <alex@dytry.ch> 2024-01-16 14:38:05 +00:00			`<script type="module" src="./src/main.tsx"></script>`
seo: take 2 (#2817) (pending landing on: "Going to wait to land this one until the Google SEO 'soft 404' validation finishes. I want to make sure we're testing separate things.") - removes Loading text - adds sitemap to try to get Google to play nice ### Change Type - [x] `patch` — Bug fix --------- Co-authored-by: Steve Ruiz <steveruizok@gmail.com> 2024-02-15 11:28:43 +00:00			`<noscript>You need to enable JavaScript to run tldraw. ✌️</noscript>`
unbrivate, dot com in (#2475) This PR moves the tldraw.com app into the public repo. ### Change Type - [x] `internal` — Any other changes that don't affect the published package[^2] --------- Co-authored-by: Dan Groshev <git@dgroshev.com> Co-authored-by: alex <alex@dytry.ch> 2024-01-16 14:38:05 +00:00			`</body>`
			`</html>`