Commit Graph

50 Commits

Author SHA1 Message Date
James Cole
1912e46113
Remove strict CSP header for #4622 2021-04-09 06:05:27 +02:00
James Cole
f2073a4494
Fix various issues in forms. 2021-04-08 17:41:19 +02:00
James Cole
3e12d26afd
Disable almost all things. 2021-04-08 16:47:16 +02:00
James Cole
a709596ccb
Add headers. 2021-04-08 12:27:54 +02:00
James Cole
849c7dfe02
Strict headers and CSS nonce 2021-04-08 12:10:04 +02:00
James Cole
e580093a34
Weird headers. 2021-04-08 12:05:08 +02:00
James Cole
4fa7a5c1bc
Update headers 2021-04-08 11:58:21 +02:00
James Cole
d668007fee
Remove style thing 2021-04-08 11:55:10 +02:00
James Cole
6cbccf3be6
Small change in headers 2021-04-08 11:50:59 +02:00
James Cole
4ecda4d4e0
Add some special headers. 2021-04-07 20:47:40 +02:00
James Cole
b5eeacc128
Code cleanup. 2021-03-28 11:46:23 +02:00
James Cole
206845575c
Code cleanup 2021-03-21 09:15:40 +01:00
James Cole
15ae9203b6 Fix #3307 2020-04-29 06:37:02 +02:00
James Cole
24129ab69c
Code cleanup that (hopefully) matches style CI 2020-03-17 15:02:57 +01:00
James Cole
3771cc3b75
Update email address 2020-01-31 07:32:04 +01:00
James Cole
ff44dbaea0
Update analytics code. 2020-01-17 04:30:44 +01:00
James Cole
8c36a371be
Remove https. 2020-01-11 09:58:35 +01:00
James Cole
2416fd6773
Remove experimental simple nonce. 2020-01-11 06:24:53 +01:00
James Cole
77fa3af87e
Use a very simple nonce to see if Edge stops complaining. 2020-01-11 06:15:08 +01:00
James Cole
5da8b2ec9e
Some CSP tuning. 2020-01-11 06:14:10 +01:00
James Cole
c55bfc0b8c
Improve config of CSP headers. 2020-01-11 05:28:20 +01:00
James Cole
925f63c8e1
Experimental switch of parameters and different urls 2020-01-09 20:43:32 +01:00
James Cole
2efe5b07e2
#2981 whoops 2020-01-09 19:29:43 +01:00
James Cole
42de629646
Fix #2981 2020-01-09 19:28:23 +01:00
James Cole
7f002eb6a9
Be backwards compatible. 2020-01-09 17:04:10 +01:00
James Cole
8c6f8460a2
Be backwards compatible. 2020-01-09 17:03:59 +01:00
James Cole
d83d8d3f97
Code for #2920 2020-01-04 11:00:44 +01:00
James Cole
041357c2ff
First steps for #2920 2020-01-04 07:24:43 +01:00
James Cole
92158e52ef
Update copyright of Firefly III to the GNU Affero General Public License as suggested by @nxxxse in #2607. This applies to all code in this commit from this moment onwards. 2019-10-02 06:37:26 +02:00
James Cole
a42992efb0
Merge tag '4.7.17.3' into develop
4.7.17.3

# Conflicts:
#	changelog.md
#	config/firefly.php
2019-07-16 19:24:07 +02:00
James Cole
531161db09
Fixes #2338 2019-07-16 19:21:58 +02:00
James Cole
2210b8054d
Fix Google Ana;ytics. 2019-07-13 20:57:29 +02:00
James Cole
8676764513 Remove various sort routines. 2019-05-04 20:58:43 +02:00
James Cole
71fb9d8fa5 Code cleaning stuff. 2019-02-13 17:38:41 +01:00
James Cole
968505ac0e Route can be null. 2019-01-27 18:24:11 +01:00
James Cole
20b458f35d Ignore form action when doing oAuth2. 2019-01-27 17:15:40 +01:00
Luca Bognolo
59cfaa20ab
Fixed wrong CSP value
Signed-off-by: Luca Bognolo <git@bogny.eu>
2019-01-03 16:04:48 +01:00
Luca Bognolo
ab0471c78e
Fixed missing CSP directive and value
Signed-off-by: Luca Bognolo <git@bogny.eu>
2019-01-03 00:21:21 +01:00
James Cole
c54541b839 Learned that I should not refer to env vars directly so I removed all references. 2018-12-15 07:59:02 +01:00
James Cole
1b3b39d2ea
Add option to disable the X-Frame header 2018-11-24 07:24:32 +01:00
James Cole
8088c28235
Solve a problem with inline displaying of file attachments. 2018-10-07 18:41:02 +02:00
James Cole
e29e6c147c
Upgrade Firefly III to PHP 7.2 and Laravel 5.7 2018-09-19 16:50:16 +02:00
James Cole
d77112955d Fix secure headers for new Google tag. 2018-09-10 20:23:43 +02:00
James Cole
b33f8b70d4 Improve code coverage. 2018-09-07 20:12:22 +02:00
HamuZ HamuZ
52f8b24041
2FA QR doesn't show up due to CSP error
Relevant stackoverflow fix:
https://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28
2018-09-03 08:19:38 +03:00
James Cole
0d82589916 Make some charts currency aware for #740 2018-08-27 18:59:30 +02:00
James Cole
5de01628a6 Expand secure headers. 2018-08-25 10:49:52 +02:00
James Cole
2834aca597 Update header readability, add Google as an optional allowed source. 2018-08-25 10:36:27 +02:00
James Cole
dfdbace298 Add secure headers middleware. 2018-08-25 07:55:47 +02:00
James Cole
a9590d2bb6 Add secure headers middleware. 2018-08-25 07:55:32 +02:00