Commit Graph

73 Commits

Author SHA1 Message Date
El RIDO
81fdf8ebfc
re-lax samesite cookie policy
As per discussion in code review:

> Cookies are always scoped in browsers. That's not the issue. SameSite attribute just protects against CSRF attacks. But Get requests (aka links) are also "protected" with Strict, which breaks it… and for users that is highly confusing when they (apparently arbitrarily) do not get the language they have set before when clicking a link.

https://github.com/PrivateBin/PrivateBin/pull/1287#discussion_r1589299210
2024-05-04 12:12:31 +02:00
El RIDO
142a380bb2
undo simplification, here we actually check if it is a non-empty string 2024-04-23 22:02:41 +02:00
El RIDO
f4e8e363cb
fix scrutinizer reported issue
empty only works with variables, not constants - here we want to error out if PATH either isn't defined or does not end in a directory separator, so we can concatenate onto it
2024-04-23 21:15:33 +02:00
El RIDO
658383e6d1
set lang cookie with strict SameSite property 2024-04-21 11:36:31 +02:00
El RIDO
491ed9a521
bootstrap 5 template function complete
current status:
- got expiration and format selections to work
- fixed modals (password, QR-code, etc.)
- replaced glyphicons with Bootstrap icons (needs CSP relaxation to work)
- tested the different settings and combinations
- got editor tabs to change active status

to be done:
- add "Dark Mode" to translation strings
- figure out how to change prettify theme when dark mode gets selected
- check tab alignment in HTML source
2024-04-18 21:36:43 +02:00
Zwyx
6130547ca6
Add response header X-Uncompressed-Content-Length for JSON API
Because the response from the API is PHP output, the usual `Content-Length` header is absent.

This [custom header technique](https://stackoverflow.com/questions/15097712/how-can-i-use-deflated-gzipped-content-with-an-xhr-onprogress-function/32799706#32799706) allows the client to know the total length of the data being received, in order to display a progress indicator.

Here's a code example with `XMLHttpRequest`:


```
xhr.addEventListener("progress", (e) => {
	if (e.lengthComputable) {
		onDownloadProgress({
			loaded: e.loaded,
			total: e.total,
		});
	} else {
		const uncompressedContentLength = xhr.getResponseHeader(
			"X-Uncompressed-Content-Length",
		);

		if (uncompressedContentLength) {
			onDownloadProgress({
				loaded: e.loaded,
				total: Number(uncompressedContentLength),
			});
		}
	}
});
```

Notes:
- `Fetch` can be used as well (only reason I use `XMLHttpRequest` is because `fetch` doesn't allow to track the progress of uploaded data (when creating a paste); whereas `XMLHttpRequest` does).
- `e.loaded` can be different between browsers; Firefox reports the length of the compressed data, Chrome reports the length of uncompressed data (see https://github.com/whatwg/xhr/issues/388). A workaround for this is to manually set our progress indicator to 100% when the request finishes.
2024-03-24 19:40:50 +08:00
Aaron Sherber
fd7d9f4715
Fix styleci issues 2024-03-09 16:55:44 -05:00
Aaron Sherber
8abf6ae9cb
Always add cache control headers 2024-03-09 16:49:42 -05:00
El RIDO
aad975a721
incrementing version 2024-02-11 15:31:11 +01:00
El RIDO
a3ee624d3a
incrementing version 2024-02-11 14:17:27 +01:00
El RIDO
d88945663e detect and report on damaged pastes
May occur during statistics or purge, when existing pastes get parsed, addresses #1214
2023-12-16 07:38:09 +01:00
El RIDO
d0420fb418
1.6.2 release 2023-12-15 07:20:20 +01:00
El RIDO
3bd570bd6a
incrementing version 2023-12-04 21:07:17 +01:00
El RIDO
f56907bd38
increment version 2023-09-11 19:36:45 +02:00
Sergio Giraldo
c665385ff6
feat: make the email button optional. Issue #1031
::by sergio giraldo
@ 20230909T2226CEST, gpg signed
2023-09-09 22:26:11 +02:00
El RIDO
ecf100551d document change, raise minimum PHP version to 7.3, remove branch refresh 2023-07-23 10:04:57 +02:00
El RIDO
01afe7d481
incrementing version 2023-07-09 08:44:22 +02:00
El RIDO
3a4e5ed0c9
unnecessary string concatenation 2023-01-15 14:45:10 +01:00
El RIDO
bf7d2f05b6
expose types JSON-LD incl. configured expiration dates, resolves #1045 2023-01-15 08:04:44 +01:00
El RIDO
e84a8694e4
incrementing version 2022-12-24 05:52:07 +01:00
El RIDO
b5602dd1ae
incrementing version 2022-12-11 05:02:15 +01:00
El RIDO
78e915e049
adding tests for YOURLS functionality 2022-10-23 13:09:54 +02:00
El RIDO
0dc9ab7576
refactor shortenviayourls.php for our MVC framework 2022-10-23 08:10:56 +02:00
rugk
e740d0f761
Remove COOP header for now
Same as https://github.com/PrivateBin/docker-nginx-fpm-alpine/pull/108

Disable the header here as it breaks links to the own site.
2022-08-22 13:25:56 +02:00
Harald Leithner
4b3d11c988
Add browsing-topics premission policy 2022-04-10 11:28:52 +02:00
Harald Leithner
7b8e031ab5
Remove FLoC Header
Google announced that it is discontinuing FLoC.
2022-04-10 10:36:39 +02:00
El RIDO
456ced37c2
incrementing version 2022-04-05 07:30:51 +02:00
El RIDO
6c1f0dde0c
set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header 2022-03-13 18:11:13 +01:00
El RIDO
1034d4038e
unify IP-related logic into traffic limiter 2022-02-20 11:25:19 +01:00
El RIDO
91041d8c59
simplify/unify naming & wording of the two types of IP lists for the traffic limiter 2022-02-20 09:09:20 +01:00
El RIDO
d764c03759
Merge branch 'master' of https://github.com/stevenandres/PrivateBin into stevenandres-master 2022-02-20 08:44:09 +01:00
El RIDO
93135e0abf
improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO
7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO
b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO
3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO
9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO
6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO
1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO
9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO
458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO
bb6a44ce7a
remove double translation, avoid unsupported double quotes in INI file 2020-10-13 07:28:35 +02:00
Andreas Schneider
eb32ea1419 Make it possible to change the info text
This makes it possible to change the last part of the info text and
replace it with something individual. E.g pointing to the cmdline
client.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2020-10-11 17:04:08 +02:00
ZerooCool
e61c44ef46 Make Opengraph really functional
Make Opengraph really functional

Change : #664 for #651
2020-07-01 19:47:12 +02:00
ZerooCool
13c2f8d968 Make Opengraph really functional
3 URLs of images used on social networks are passed in absolute URL.

Note that I did not pass all the images in absolute URLs, but, it could be consistent to do so, but, if the images work, maybe a relative call is more efficient?

Remove the version of PrivateBin, at the end of each image. This apparently prevents the opengraph from working, and, so I deleted on all of the images, to remain consistent at this level. This will make fewer requests, and, anyway, the images are not intended to change with each version.
2020-06-30 22:42:12 +02:00
El RIDO
7794915172
expose permission exceptions to the API 2020-05-31 16:33:25 +02:00
Steven Andrés
3f75c81a2f
fixed duplicated getKey() 2020-05-08 12:18:20 -07:00
Steven Andrés
effe6ad3e5
fixed spacing to please StyleCI 2020-05-08 11:37:21 -07:00
Steven Andrés
8fbdb69d8a
added check for null whitelist 2020-05-08 11:36:19 -07:00
Steven Andrés
c152f85b50
removed $remoteip that the audit didn't like 2020-05-07 16:45:24 -07:00
Steven Andrés
819d25a74c
change to whitelist_paste_creation 2020-05-07 16:13:25 -07:00