libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 11:12:01 +01:00
Code Issues Projects Releases Wiki Activity
5583 commits 208 branches 105 tags 125 MiB
Commit graph

29 commits

Author SHA1 Message Date
John McLear
fa3e4b146a settings: document the possibility of using Unix sockets 
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen), which
in turn supports Unix sockets.

The only remaining thing to do was documenting it.

Fixes #3312
 2020-03-30 03:36:55 +02:00
ahmadine
0a0b90c4d0 referer: change referrer policy. Stop sending referers as much as possible 
Pull request with discussion: https://github.com/ether/etherpad-lite/pull/3636

What's already there:
* `meta name=referrer`: already done in 1.6.1:
  https://github.com/ether/etherpad-lite/pull/3044

  https://caniuse.com/#feat=referrer-policy
  https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-delivery-meta
  (Chrome>=78, Firefox>=70, Safari>=13, Opera>=64, ~IE[1], ~Edge[1])

The previous two commits (by @joelpurra) I backported in this batch:
* `<a rel=noreferrer>`: a pull request denied before:
  https://github.com/ether/etherpad-lite/pull/2498

  https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
  https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types
  (Firefox>=37, I can't find more info about support)

This commit adds the following:
* `<a rel="noopener">`: fixing a not-so-well-known way to extract referer
  https://html.spec.whatwg.org/multipage/links.html#link-type-noopener
  (Chrome>=49, Firefox>=52, Safari>=10.1, Opera>=36, !IE, !Edge)

* `Referrer-Policy: same-origin`: the last bastion of referrer security
  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
  (Chrome>=61, Firefox>=52, Safari>=11.1, Opera>=48, !IE, !Edge)

meta name=referrer wasn't enough. I happened to leak a few referrers with my
Firefox browser, though for some browsers it could have been enough.

[1] IE>=11, Edge>=18 use a different syntax for meta name=referrer, making it
    most probably incompatible (but I may be wrong on that, they may support
    both, but I have no way to test it currently). The next Edge release will be
    based on Chromium, so for that the Chrome version applies.
 2019-11-25 00:05:40 +01:00
Tristram Gräbener
28a6f505c5 Parameters: the version is exposed in http header only when configured 
Currently the version is exposed in a 'Server' http headers.

This commit allows to parameterize it in the settings. By defaults it is
not exposed.

Fixes #3423
 2019-04-15 23:17:34 +00:00
muxator
705cc6f5e4 Change everywhere the link to https://etherpad.org (it was plain http) 2019-04-16 00:54:54 +02:00
muxator
75a0f339e1 Settings.js, express.js: trivial reformatting 
Future commits by Tristram Gräbener will modify them.
 2019-04-16 00:17:56 +02:00
muxator
dc7e49f89d Remove trailing whitespaces 
Hoping to minimize future diffs. Not touching vendorized libraries.
 2019-04-16 00:34:29 +02:00
muxator
27b3b0ecd2 logs: on the server, use template literals when possible 
It's just synctactic sugar, but it is always better than executing string
concatenations in one's mind.

Do not do this with files in src/static, because we want to keep IE 11
compatibility.
 2018-08-27 01:29:37 +02:00
John McLear
bb40aa00be
Update express.js 2018-04-03 10:59:10 +01:00
John McLear
254edffa9c fixes #2547 2015-04-24 14:17:49 +01:00
Andreas Åkre Solberg
ec7b3fc787 Adding support for providing intermediate CA certificates when running etherpad-lite with ssl through Node/expressjs 2015-04-22 20:29:19 +02:00
John McLear
402e53d88e Merge pull request #2584 from devoidfury/express4 
Express 4 support
 2015-04-11 00:13:45 +01:00
Stefan
db5bdc8719 Log version number and git-sha on server start 2015-04-11 00:13:04 +02:00
Tom Hunkapiller
d0b39c01fb update for express 4.x 2015-04-08 23:12:11 -05:00
John McLear
ddc69831b2 working, need to test though 2015-02-11 17:59:05 +00:00
webzwo0i
5d15f655f0 dont make local variables global 2014-12-14 22:01:28 +01:00
John McLear
c627608ea5 Merge pull request #1619 from ether/stricter-transport 
Enable HSTS on TLS connections
 2014-06-17 12:58:47 +01:00
Marcel Klehr
897f5189b0 Enable HSTS for TLS connections 
Don't use X-Frame-Options: deny for now
 2014-06-17 13:21:38 +02:00
Marcel Klehr
7b17bd58ae Merge branch 'pr/1756' into develop 
Conflicts:
	src/node/handler/SocketIORouter.js
 2013-09-29 16:45:12 +02:00
Eric Schrijver
b34224559d ‘Etherpad Lite’ -> ‘Etherpad’ 2013-09-29 13:57:37 +02:00
Spruce (Felix Fichte)
fb0bc31056 updated to use settings 
updated handler/SocketIORouter.js to use new setting
updated hooks/express.js to use new setting
updated utils/Settings.js to accept new setting
updated settings.json.template so new setting is present
 2013-04-24 12:19:41 +02:00
John McLear
ffe7e65db6 allow strict transport if ssl is on and stop x-frame-options, this might break embedded pads, please test 2013-03-14 19:03:20 -03:00
John McLear
746396951d Resolve #1301 startup pointing at old bitly URL 2012-12-26 00:17:43 +00:00
John McLear
8a9045b335 remove ssl not enabled message 2012-12-02 18:33:31 +00:00
Wikinaut
eed6b752d4 initial https version fix #1148 2012-11-22 10:12:58 +01:00
Hyacinthe Cartiaux
d6027726e6
Fix urls, use github.com/ether 
Signed-off-by: Hyacinthe Cartiaux <hyacinthe.cartiaux@uni.lu>
 2012-11-22 01:12:30 +01:00
Marcel Klehr
4416210471 Differentiate between http server and express app 2012-09-21 17:12:22 +02:00
johnyma22
c8b6d3b4f3 attempt to put correct init in right place but could be wrong 2012-09-12 19:38:53 +01:00
Marcel Klehr
af3c57a120 Load npm to enable server to see the git revision. 2012-07-08 11:37:24 +02:00
Egil Moeller
b438a278a1 Make the server restart on plugin install 2012-07-03 23:31:44 +02:00