Commit Graph

31 Commits (cced92088e2d93036c260ad9fd1ebf5080689539)

Author SHA1 Message Date
bsatarnejad ce555179e7 sets the content security policy 3 years ago
Oliver Günther 693d01f8c7
Bump Sentry and implement log handling in core (#9133) 4 years ago
Oliver Günther 0fa8b4a77b
Forward CSP extensions to login controller (#9047) 4 years ago
Markus Kahl 939f1d1df7 s3 hosts differ for pre-signed form uploads and downloads 4 years ago
Markus Kahl c1b82bad00 direct uploads to S3 for attachments including IFC models 4 years ago
Oliver Günther 739860cc48
Fix spec not testing for response headers in selenium 5 years ago
Wieland Lindenthal 1841304742 Add Oauth redirect hosts to CSP action-form 5 years ago
Oliver Günther 6f6bec8b22 Add optional sentry handling of frontend errors 5 years ago
Cyril Rohr 27564608db Display a security badge with the installation status 6 years ago
Oliver Günther 8d265e4f84
Allow to load rack-mini-profiler with OPENPROJECT_RACK_PROFILER_ENABLED 6 years ago
Oliver Günther 18b9a7c340
Allow proxy IP to differ from localhost 6 years ago
Jens Ulferts 97ad5e0008
reenable previews 6 years ago
Oliver Günther 3fef1f697d
Add spec for code-block macro 6 years ago
Oliver Günther e3903a70e6
Disable unsafe-eval now that we're on AOT 6 years ago
Oliver Günther 68e184f41f
Add resize helper for resizing images 6 years ago
Jens Ulferts 7da9bde5c8
fix angular cli handling in test 6 years ago
Oliver Günther e1e6b7a959
Extract frontend asset helper building 7 years ago
Oliver Günther 02d44331af
Add ws/http connect_src to dev mode only 7 years ago
Roman Roelofsen ec3728ac14 working dev mode 7 years ago
Oliver Günther 5da004491c
Remove https from default-src 7 years ago
Wieland Lindenthal e5fca5fa65 Limit where crowdin can communicate to. 7 years ago
Oliver Günther dd5d9e1a19
Move crowdin CSP into separate helper to override CSP at runtime 7 years ago
Wieland Lindenthal a6f88f552f Add vimeo as allowed frame-src for introductional video (#6227) 7 years ago
Oliver Günther e2d7c7b070
Allow crowdin in-context with CSP, but add opt-out 7 years ago
Oliver Günther 33eeb8c0df
Allow sameorigin iframe for help modal 7 years ago
Oliver Günther 8c477e5860
Fix more project settings related specs 7 years ago
Oliver Günther 07f92b911a
Allow unsafe-eval for Angular JIT 7 years ago
Oliver Günther 06472450c6
Implement CSP with secure_headers gem 7 years ago