Commit graph

300 commits

Author SHA1 Message Date
rodehoed
af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed
5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed
502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed
89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed
a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed
4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed
c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed
805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed
b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO
175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO
458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO
da0896fe42
set plurals for and credit Catalan translation 2021-04-02 09:00:27 +02:00
El RIDO
5a9bcea3a9
set plurals for and credit Indonesian translation 2021-03-09 05:54:06 +01:00
El RIDO
b38ebc503e
plural rules and documenting newly added languages 2021-01-07 21:16:03 +01:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419 Make it possible to change the info text
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
El RIDO
3668f1e3f4
attempt to accomodate Crowdin by providing a single source translation file that is not actually used or loaded by our code 2020-10-04 12:39:35 +02:00
El RIDO
4204e4b8b7
make StyleCI happy and change unit test to use a string 2020-07-03 21:00:42 +02:00
ZerooCool
e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
El RIDO
5450a431cf
Merge branch 'Haocen-625-bugfixes' 2020-06-07 07:38:59 +02:00
El RIDO
7794915172
expose permission exceptions to the API 2020-05-31 16:33:25 +02:00
Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
Firefox
2020-05-30 05:37:35 -04:00
El RIDO
9914c37683
incrementing version 2020-03-22 06:44:04 +01:00
El RIDO
afd82ac34d
Merge branch 'master' into php7.4-ci 2020-02-16 13:23:11 +01:00
El RIDO
adece1d784
incrementing version 2020-02-16 11:15:51 +01:00
El RIDO
5d54006c9e
update minimum required PHP version to 5.6 and replace slowEquals() with native hash_equals() function 2020-02-05 19:30:14 +01:00
El RIDO
1b206e8495
ensuring consistent use of php side encoding, testing all encoding cases, correctly report the language in the <html> tag 2020-02-01 09:15:14 +01:00
El RIDO
cc0920fc09
add HTML entity encoding to PHP translation logic, remove exception to allow <br/> tags in DOMpurify by eliminating the single case that made use of it 2020-02-01 08:46:59 +01:00
El RIDO
ed590ee557
incrementing version 2020-01-08 19:31:06 +01:00
El RIDO
0efe6f7a8e
simplify logic, fullfills the unit test 2019-12-25 08:11:25 +01:00
Lucas Savva
7d9ec9509b Handle previously renamed CONFIG_PATH gracefully 2019-12-24 19:12:08 +00:00
Lucas Savva
d5d13fa831 Add logic to rename insecure CONFIG_PATH 2019-12-24 18:51:47 +00:00
Lucas Savva
b5c86e290f squashme: fix code style issue 2019-12-20 10:42:59 +00:00
Lucas Savva
6b0468ebff Add support for a CONFIG_PATH variable 2019-12-19 23:06:32 +00:00
El RIDO
8cf0c86ebb
simplify case statement, update documentation 2019-11-02 17:18:22 +01:00
Andriy Zhuk
65b7077756 Added plural rules for ukrainian 2019-10-18 12:31:40 +03:00
El RIDO
2d4edfe401
incrementing version number in preparation of release 2019-09-22 19:42:04 +02:00