Commit Graph

73 Commits

Author SHA1 Message Date
El RIDO
849e32201e
improve SRI example 2024-10-19 11:28:01 +02:00
rugk
6631e770a0 doc: make config consistent in quoting yourls header too as everything is unused 2024-10-16 22:30:11 +00:00
rugk
2cb10b841f doc: fix wrong doc missing quotation marks 2024-10-16 22:29:20 +00:00
El RIDO
8b3b16be44
SRI hashes are now configurable, no longer hardcoded in templates
- addresses #1365
- should make upgrades easier for those using custom templates
- if the JS files got customized, the default SRI hashes can be replaced in the conf.php file, added commented section in conf.sample.php
2024-07-07 16:36:52 +02:00
El RIDO
28e5ec582a
typo 2024-05-05 22:52:49 +02:00
El RIDO
b00528388f
Merge branch 'master' into chrono-privacy 2024-05-05 10:25:31 +02:00
El RIDO
513408b4fb
Update cfg/conf.sample.php
Co-authored-by: rugk <rugk+git@posteo.de>
2024-05-04 15:44:29 +02:00
El RIDO
0f9158b37b
allow disabling comment date display using discussiondatedisplay configuration option 2024-05-04 14:38:41 +02:00
El RIDO
5425ea79f8
Merge branch 'master' into bootstrap5 2024-05-04 12:08:10 +02:00
El RIDO
491ed9a521
bootstrap 5 template function complete
current status:
- got expiration and format selections to work
- fixed modals (password, QR-code, etc.)
- replaced glyphicons with Bootstrap icons (needs CSP relaxation to work)
- tested the different settings and combinations
- got editor tabs to change active status

to be done:
- add "Dark Mode" to translation strings
- figure out how to change prettify theme when dark mode gets selected
- check tab alignment in HTML source
2024-04-18 21:36:43 +02:00
El RIDO
aae3ea7cbf
update documentation
- clarify all template options & link to previews
- document new ctype extension requirement
2024-04-01 14:34:23 +02:00
Chris Dailey
1c9da2ffac
Update conf.sample.php
A small comment addition to `conf.sample.php` that mentions the other strings to use for the included themes. The "bootstrap-dark" one in particular is perhaps not obvious to any user who doesn't look at the contents of `tpl/bootstrap.php`.
2024-03-21 09:01:01 -04:00
Aaron Sherber
7a4c6c010f
Update conf.sample.php 2024-03-16 19:46:57 -04:00
Sergio Giraldo
6728053ab0
test: default value for email configuration item;nit necessary to close php comment
::by sergio giraldo
@ 20230910T0958CEST, gpg signed
2023-09-10 09:58:04 +02:00
Sergio Giraldo
c665385ff6
feat: make the email button optional. Issue #1031
::by sergio giraldo
@ 20230909T2226CEST, gpg signed
2023-09-09 22:26:11 +02:00
Felipe Nakandakari
f48fffd7c2
Add sample config for S3 without hard-coded access keys 2023-02-28 08:30:58 +11:00
El RIDO
b53df70227
Merge pull request #1008 from PrivateBin/jdenticons-test
Jdenticons size and speed test results
2022-11-10 07:28:13 +01:00
El RIDO
66600e5eb3
Merge pull request #1003 from PrivateBin/yourls-cleanup
improve configuration wording, adjust self check
2022-11-03 19:54:56 +01:00
El RIDO
89d575ace3
in light of the perf/size test results of Jdenticons, switch back to Identicons as the default 2022-10-30 09:24:35 +01:00
El RIDO
432d3e71d3
improve configuration wording, adjust self check 2022-10-29 07:58:40 +02:00
El RIDO
d5e7e6e2ab
document Jdenticon change 2022-10-26 07:11:02 +02:00
El RIDO
8ac69590cf
add new Jdenticon comment icon library, set it as default, fixes #793 2022-10-26 06:53:56 +02:00
El RIDO
0a949d3903
credit change, document it and improve wording 2022-10-23 13:10:55 +02:00
Jens-U. Mozdzen
3115cb8883 added parameters for server-side YOURLS shortener call 2022-10-23 00:19:43 +02:00
Felix J. Ogris
ee212b1a33 implemented S3 storage backend
added sample configuration + aws php sdk version

coding style cleanup
2022-10-22 18:30:24 +02:00
Ra'Jiska
8dded4e8e4 GCS Support for Uniform ACL Buckets 2022-10-06 12:19:06 +08:00
PeGaSuS
f8ff49509b
Update conf.sample.php
Fixed typo to match the mysql database name
2022-06-05 18:42:54 +02:00
PeGaSuS
6d748de33a
Update conf.sample.php
Added an working PostgreSQL database configuration.
2022-06-05 18:41:09 +02:00
El RIDO
11b16fc6fd
removed directive needed for the PDF preview in FireFox < 78
fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1582115 and
https://bugzilla.mozilla.org/show_bug.cgi?id=1638826 for FF 78
2022-03-27 08:45:33 +02:00
El RIDO
6b001b5e4a
typo 2022-02-28 16:23:11 +01:00
El RIDO
288cf3f005
Merge branch 'master' into stevenandres-master 2022-02-25 06:42:18 +01:00
El RIDO
0e3a7196f9
set frame-ancestors to none
disables embedding the site in any frames, which can bypass some of the security mechanisms reg. cross site scripting
2022-02-20 15:21:47 +01:00
El RIDO
91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter 2022-02-20 09:09:20 +01:00
El RIDO
d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master 2022-02-20 08:44:09 +01:00
El RIDO
18972ae0fa
luckily the PHP ini parser doesn't interpret this as an empty block, replacing the one defined above 2021-08-19 10:18:08 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
Mark van Holsteijn
342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
LinQhost Managed hosting
63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
LinQhost Managed hosting
7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO
fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk
3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk
5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
rugk
fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419 Make it possible to change the info text
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
ZerooCool
e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
45a0535640
adding new flag to sandbox policy, introduced and required by Chrome 83 - fixes #634 2020-06-11 18:29:32 +02:00
Haocen Xu
bb9a5772bc
Add resource: to script-src cspheader to allowed rendering of pdf in
Firefox
2020-05-30 05:37:35 -04:00
Steven Andrés
b8594c174a
whitelist_paste_creation description 2020-05-07 16:48:17 -07:00