YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity
9367 commits 33 branches 409 tags 24 MiB
Commit graph

18 commits

Author SHA1 Message Date
Alexandre Aubin
a1cf770e1b Merge branch 'dev' into portal-api 2023-07-11 17:11:02 +02:00
Alexandre Aubin
3957b10e92 nginx: replace $http_host by $host, cf https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md / Credit to A.Wolski 2023-07-04 15:00:02 +02:00
Alexandre Aubin
d42c99835a nginx: use /var/www/.well-known folder for ynh diagnosis and acme challenge, because /tmp/ could be manipulated by user to serve maliciously crafted files 2023-06-09 22:30:32 +02:00
Yann Autissier
e8dd243218 update Content-Security-Policy header for chromium 
Chromium fails to load a jitsi video conference, refusing to create a
worker because it violates the Content Security Policy directive:
"script-src https: data: 'unsafe-inline' 'unsafe-eval'".
 2023-05-19 20:39:29 +00:00
Alexandre Aubin
e458d8813e nginx/security: fix empty webadmin allowlist breaking nginx conf... 2023-02-26 15:11:18 +01:00
Kayou
c444dee4fe
add xmpp-upload. and muc. server_name only if xmpp_enabled is enabled 2023-01-23 15:18:44 +01:00
Alexandre Aubin
e9b5ec90a4 Yoloimplementation of app logo support (require change in app catalog build) 2023-01-03 00:46:14 +01:00
Alexandre Aubin
a5a2a15351 Merge branch 'dev_on_muc' of github.com:larchange/yunohost into larchange-dev_on_muc 2022-11-27 03:02:42 +01:00
Alexandre Aubin
867632d355 domains: propagate mail/xmpp enable/disable toggle to actual system configurations 2022-11-27 02:54:35 +01:00
Alexandre Aubin
afdc2ad5b4 nginx: fix broken postinstall, yunohost_http_errors.conf.inc was not actually copied to /etc/nginx/conf.d. Moving to plain/ subfolder where all files in this folder are copied during nginx regenconf 2022-11-19 20:20:26 +01:00
tituspijean
5063e12835
Add 502 custom error page (#1530) 2022-11-14 23:24:08 +01:00
Alexandre Aubin
47543b19b7 configpanels: Iterating on action POC to create a certificat section in domain config panels 2022-09-30 15:03:03 +02:00
Alexandre Aubin
1246fcf8f6 nginx: I'm tired of people reporting the 'Report-Only' error message they see in the console. This is useless. Just get rid of it. 2022-08-14 18:56:20 +02:00
Alexandre Aubin
58ffff556c Merge remote-tracking branch 'origin/dev' into portal-api 2022-08-09 18:22:32 +02:00
Keoma Brun
b32bc3a034
Content Security Policies Report and Websockets 
Add the `wss:` field so that Nginx does not create warning when using Websocket over TLS.

This modification only affects the `Report-Only` part of the CSP, that takes care of creating warnings in the logs.

Warning ex (fr only sorry):
```
Content Security Policy: Les paramètres de la page ont empêché le chargement d’une ressource à wss://your.website.tld (« default-src »). Un rapport CSP est en cours d’envoi.
```
 2022-05-15 18:33:44 +02:00
Alexandre Aubin
1efb50c7ab Iterate on new portal API design: nginx config, cookie format, be able to open a non-root ldap session, 2021-12-25 15:44:14 +01:00
Alexandre Aubin
05f25fa85f Propagate dir structure change to scripts etc 2021-11-10 18:25:37 +01:00
Alexandre Aubin
5de9e4fe6a Yolorework the repo dir structure 2021-11-10 17:56:02 +01:00