diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..5b718a3 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,5 @@ +Important Security Note + +We do not recommend running Element from the same domain name as your Matrix homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See vector-im/element-web#1977 for more details. \ No newline at end of file diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..e69de29 diff --git a/scripts/upgrade b/scripts/upgrade index 03722f0..8ae8200 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -40,7 +40,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" #--keep="config.json" + ynh_setup_source --dest_dir="$install_dir" --keep="config.json" fi # Set permissions to app files @@ -50,12 +50,12 @@ chown -R $app:www-data "$install_dir" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +#ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" +#ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" -chmod 400 "$install_dir/config.json" -chown $app:$app "$install_dir/config.json" +#chmod 400 "$install_dir/config.json" +#chown $app:$app "$install_dir/config.json" #================================================= # NGINX CONFIGURATION