io mintz
|
44c03e355f
|
CSP: remove a bunch of unused mozilla-only domains and FXA domains
|
2020-11-13 22:24:38 +00:00 |
|
Danny Coates
|
b5ef1785ab
|
replaced fxa-geodb with load balancer header
Co-authored-by: timvisee <tim@visee.me>
|
2020-10-16 15:51:28 +02:00 |
|
Danny Coates
|
ccbcb69666
|
Merge pull request #1434 from MichaelPeter-Shockoe/master
modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL
|
2020-07-09 19:37:02 -07:00 |
|
jackyzy823
|
e2876b119d
|
add configs to handle content-security-policy correctly for custom fxa urls
|
2020-06-11 21:57:48 +08:00 |
|
Michael Peter
|
5ff6266a5e
|
modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL
|
2020-01-17 17:47:09 -05:00 |
|
Danny Coates
|
d5c488196d
|
no-cache harder
|
2019-09-05 13:33:12 -07:00 |
|
Danny Coates
|
58191975b9
|
stubbed /login page for redirect base login flow
|
2019-07-23 09:27:34 -07:00 |
|
Danny Coates
|
b9c87fd779
|
updated tailwindcss to 1.0
|
2019-06-14 11:37:30 -07:00 |
|
Danny Coates
|
efea0e5ab0
|
added gravatar to CSP image-src
|
2019-03-31 13:04:15 -07:00 |
|
Danny Coates
|
8cf3b89f91
|
increase file id to 8 bytes
|
2019-03-26 09:32:44 -07:00 |
|
Danny Coates
|
fb0f0f0b5d
|
added gcp dev to csp
|
2019-03-06 12:59:54 -08:00 |
|
Danny Coates
|
445811931f
|
added accounts.firefox.com to csp connect-src for /metrics-flow
|
2019-03-05 13:05:51 -08:00 |
|
Danny Coates
|
f968083f74
|
added '-' to /api/filelist validation
|
2019-02-26 19:58:03 -08:00 |
|
Danny Coates
|
4cb6646cce
|
updated filelist storage so userid is not used directly
|
2019-02-26 13:53:11 -08:00 |
|
Danny Coates
|
1c44d1d0f9
|
added /config endpoint, use fewer globals (#1172)
* added /config endpoint, use fewer globals
* fixed integration tests
|
2019-02-26 10:39:50 -08:00 |
|
Danny Coates
|
cccc1a5383
|
enabled accounts on Edge
|
2019-02-25 11:44:44 -08:00 |
|
Danny Coates
|
c146c584f6
|
static require cryptofill for Edge
|
2019-02-21 11:21:06 -08:00 |
|
Danny Coates
|
8eaacfea18
|
use text/plain on /api/metrics
|
2019-02-15 11:59:39 -08:00 |
|
Danny Coates
|
9b37e92a81
|
implemented amplitude metrics (#1141)
|
2019-02-12 11:50:06 -08:00 |
|
Danny Coates
|
d4528848d9
|
moved jsconfig code into initScript
|
2018-11-20 12:23:05 -08:00 |
|
Danny Coates
|
416b9902cb
|
added a webmanifest (#1023)
|
2018-11-20 15:00:32 -05:00 |
|
Danny Coates
|
932a2a4576
|
removed unused code
|
2018-11-01 10:44:47 -07:00 |
|
Danny Coates
|
0e5202c470
|
updated modal
|
2018-11-01 10:44:45 -07:00 |
|
Danny Coates
|
cc85486414
|
wip
|
2018-11-01 10:43:14 -07:00 |
|
Danny Coates
|
a997a44a23
|
renamed auth route
|
2018-09-26 12:22:51 -07:00 |
|
Danny Coates
|
c8bf3101aa
|
fixed multiple issues with the /signin page. #935 #936 #937
|
2018-09-24 12:01:39 -07:00 |
|
Danny Coates
|
7ccf462bf8
|
implemented PKCE auth (#921)
* implemented PKCE auth
* removed node-jose
* added PKCE tests
|
2018-09-14 11:00:33 -04:00 |
|
Danny Coates
|
fb7176d989
|
added fxa auth to /params
|
2018-08-31 11:43:56 -07:00 |
|
Danny Coates
|
718d74fa50
|
Implemented FxA
|
2018-08-30 22:10:08 -07:00 |
|
Emily
|
c9ae76b209
|
hook multifile to ui
|
2018-08-03 16:10:00 -07:00 |
|
Danny Coates
|
d14aeb29e9
|
began adding capability flags
|
2018-07-31 11:29:26 -07:00 |
|
Danny Coates
|
ddeaf8076d
|
added wss to csp connect-src
|
2018-07-12 14:27:49 -07:00 |
|
Danny Coates
|
af7a262ef0
|
refactored upload away from multipart forms to binary data
|
2018-05-31 14:10:02 -07:00 |
|
Danny Coates
|
74728782f3
|
removed unsafe-inline styles via svgo-loader. fixes #740
|
2018-02-26 11:48:28 -08:00 |
|
Danny Coates
|
22e836c98a
|
removed unused deps
|
2018-02-24 18:00:43 -08:00 |
|
Danny Coates
|
3fd2537311
|
refactored server
|
2018-02-09 15:03:05 -08:00 |
|
Danny Coates
|
1c5e47b4c4
|
validate id param without middleware
|
2018-02-05 17:21:32 -08:00 |
|
Danny Coates
|
aae61f9451
|
extracted server id validation
|
2018-02-05 16:37:06 -08:00 |
|
Danny Coates
|
97ad674be2
|
added /api/info/:id route
|
2018-01-30 17:29:51 -08:00 |
|
Danny Coates
|
7b4060f9e1
|
Added multiple download option
|
2017-12-04 15:52:31 -08:00 |
|
Danny Coates
|
b54f4575ee
|
allow inline styles. fixes #644
|
2017-11-15 10:54:13 -08:00 |
|
Danny Coates
|
bfcdf9340d
|
use fluent-langneg for subtag support
|
2017-11-10 12:40:18 -08:00 |
|
Danny Coates
|
2e233da16d
|
unsupport MS Edge (for now, sorry) and some http header nits
|
2017-11-06 13:36:56 -08:00 |
|
Danny Coates
|
bc24a069da
|
Add optional password to the download url
|
2017-10-10 10:45:10 -07:00 |
|
Danny Coates
|
74718d6361
|
disable CSP when env = development
|
2017-08-29 11:19:21 -07:00 |
|
Danny Coates
|
0a31e2d521
|
fixed __heartbeat__ route
|
2017-08-25 10:03:49 -07:00 |
|
Danny Coates
|
53e822964e
|
a few changes to make A/B testing easier
|
2017-08-25 09:44:52 -07:00 |
|