blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15530 commits 72 branches 132 tags 541 MiB
Commit graph

71 commits

Author SHA1 Message Date
mathilde-cryptpad
5ae741926b update Nginx examples with the new http2 option 2024-06-18 09:58:51 +02:00
David Benque
8f0a6319a5 Apply headers 2023-10-20 15:35:26 +01:00
yflory
6c6220edfc Fix comments in nginx file 2023-10-03 12:04:55 +02:00
yflory
1c2764dbb8 Revert revert "have 2 distinctives Nginx examples, default & advanced" 
This reverts commit 9fa981cfd8.
 2023-10-03 11:51:12 +02:00
Mathilde Grünig
c756909a89 add new default Nginx example config file 2023-09-05 13:19:25 +02:00
Mathilde Grünig
bccfb28ac9 move old default Nginx example config to advanced file 2023-09-05 13:17:12 +02:00
Wolfgang Ginolas
a3772cf92c Fix typo in example.nginx.conf 2023-08-10 16:00:46 +02:00
yflory
dc6bbec19f Recovery page trailing slash redirect in nginx conf #1143 2023-07-18 17:35:18 +02:00
yflory
8b1aaaa9a7 Add missing trailing slash redirect for the diagram app 2023-07-13 11:12:31 +02:00
yflory
c10fc37645 Merge branch 'totp-ui' into 5.4-rc 2023-07-11 10:30:36 +02:00
yflory
b2788744de Merge branch 'drawio-bower' into 5.4-rc 2023-06-30 12:45:54 +02:00
Wolfgang Ginolas
00af2c3efb Update example nginx config for diagram 2023-06-29 11:22:41 +02:00
ansuz
bf548c1022 updated nginx config for new API server features 2023-05-11 17:06:46 +05:30
ansuz
493bf1346c Merge tag '5.3.0' into 5.3-auth 2023-05-06 15:26:21 +05:30
ansuz
c27ff40db1 proxy requests for blocks to the API server 2023-05-06 14:41:22 +05:30
ansuz
ee5d270d6a Merge branch 'basic-auth' into authentication 2023-03-20 13:44:10 +05:30
ansuz
50c84949c8 invert NGINX settings to forbid remote embedding by default 2023-02-13 12:47:18 +05:30
Ente
c9fd6359aa
Send HTTP credentials when fetching blobs 
With this change media-tag now sends HTTP credentials when fetching
blobs. Also changed the example nginx config to send
Access-Control-Allow-Credentials CORS headers. For this to work, we can
no longer use '*' for Access-Control-Allow-Origin [1][2]: Therefore the
example config was changed to set Access-Control-Allow-Origin to the
sandbox domain only.

Fixes:
- #705: Blob fetch fails with 401 Unauthorized when HTTP basic auth is enabled [3]

Referenes:
[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
[2]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
[3]: https://github.com/xwiki-labs/cryptpad/issues/705
 2022-12-14 11:27:51 +01:00
Mathilde Grünig
37ccaddbbe 2nd thought on HTTP/80, not needed in the end 2022-12-07 14:04:00 +01:00
Mathilde Grünig
1b731e2643 Add future-proof Nginx configuration 
- support IPv6
- 80 to 443 redirect
- TLS generation
- better SSL sessions
- longer HSTS (2 years)
- OCSP stapling
 2022-12-07 13:56:12 +01:00
ansuz
01cdfa1bbc document yet another way that Safari/webkit is terrible 2022-10-05 15:17:07 +05:30
ansuz
8d7973850a slightly smarter caching rules in example NGINX config 2022-09-13 18:34:30 +05:30
ansuz
c889823fca fix custom file serving logic for static pages in NGINX 2022-09-06 14:36:23 +05:30
ansuz
4d022a2247 handle more cases for the cache-control header in NGINX 2022-09-06 14:35:13 +05:30
ansuz
aaa6efbbb0 better worst-case performance for static files served by NGINX 2022-07-22 16:46:02 +05:30
Maxime Cesson
c1adae6d59 Complete last commit (add og data to "Drive" and "File", handle missing config, modify nginx example config) 2022-07-21 18:44:21 +02:00
ansuz
8adeeb21ec display instance info on the home page 
* implements /api/instance
* updates recommended NGINX config
* adds a test on /checkup/
 2022-05-03 18:20:34 +05:30
ansuz
01b6dd539b add trailing slash if /convert/ is loaded without its trailing slash 2022-04-04 20:38:52 +05:30
ansuz
404b89eb28 update recommended settings for embedding to permit element desktop 2022-04-04 12:31:40 +05:30
ansuz
16b843c2c8 set x-content-type-options headers for blob and block in nginx example 2022-03-23 15:24:51 +05:30
ansuz
e1abf4ef77 nginx updates 2022-03-14 18:23:38 +05:30
ansuz
7b14c135b3 update example NGINX CSP configuration 2022-02-15 15:54:33 +05:30
ansuz
0f46869217 WIP update recommended production CSP values 2022-02-10 17:11:17 +05:30
ansuz
ae84d99af0 update the recommended settings for img-src and media-src 2022-01-21 17:48:53 +05:30
ansuz
31c5bba8db update example NGINX config and changelog for 4.12.0 2021-10-20 18:42:02 +05:30
yflory
b050f04090 Fix CSP errors in oodoc and ooslide 2021-10-19 17:09:42 +02:00
ansuz
d2db0066a4 update example nginx config to match dev server 2021-10-19 17:56:55 +05:30
ansuz
34acded538 clarify comment in example nginx config 2021-08-27 14:07:23 +05:30
ansuz
3b44c09bc4 check COOP headers for multiple endpoints 
and improve some error reporting in the checkup RPC
 2021-07-01 16:42:09 +05:30
ansuz
0978074c74 add convert app to example nginx and update changelog 2021-06-30 19:31:48 +05:30
ansuz
14483814fd update nginx trailing-slash rewrite for new apps 2021-06-15 03:52:54 +05:30
ansuz
32494fca0c let NGINX handle its own headers 2021-05-12 14:29:29 +05:30
yflory
4d5d809447 Opt out of Google's FLoC Network by default 2021-04-22 12:24:05 +02:00
ansuz
49035f3aad update example nginx config 2021-04-14 10:38:16 +05:30
ansuz
38cfba275a elaborate on some comments in example config files 2020-12-15 13:37:13 +05:30
yflory
2647acbb78 Expose Content-Length header 2020-12-07 15:42:25 +01:00
ansuz
a2b79d84b8 align nodejs http headers with example nginx 2020-10-27 08:12:23 +05:30
ansuz
a8f53d04fc proposed nginx configuration to enable XLSX export without disabling print from other apps 2020-10-26 17:24:35 +05:30
ansuz
8c980df660 tell clients not to cache their outer html 2020-10-21 13:11:29 +05:30
ansuz
cfcfe2f65f enable APIs for XLSX export in firefox 2020-10-07 14:47:43 +05:30