Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-23 17:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,408 Commits 73 Branches 487 Tags
b265e6f68b101c386a6c16b124d67780ee0553a4
Commit Graph

38 Commits

Author SHA1 Message Date
Barış Soner Uşaklı
b265e6f68b feat: add filter 2021-04-26 11:02:55 -04:00
Barış Soner Uşaklı
a05905f196 performance improvements (#8795) 
* perf: nconf/winston/render

cache nconf.get calls
modify middleware.pageView to call next earlier
don't call winston.verbose on every hook see https://github.com/winstonjs/winston/issues/1669
translate header/footer separately and cache results for guests

* fix: copy paste fail

* refactor: style and fire hook only log in dev mode

* fix: cache key, header changes based on template

* perf: change replace

* fix: add missing await

* perf: category

* perf: lodash clone

* perf: remove escapeRegexChars
 2020-10-26 10:43:18 -04:00
Julian Lam
d68ffea80d feat: send 'Vary' header when ACAO header set 2020-10-21 10:34:38 -04:00
Barış Soner Uşaklı
bbafa1b82a Revert "fix: [breaking] send configured config URL as origin if not custom" 
This reverts commit 205a10308e.
 2020-10-20 18:38:50 -04:00
Julian Lam
205a10308e fix: [breaking] send configured config URL as origin if not custom 
This is a breaking change if your install uses multiple URLs to access. You will need to update the Access-Control-Allow-Origin header in ACP > Advanced > Headers to supply all URLs you use to access your site
 2020-10-20 15:25:20 -04:00
Barış Soner Uşaklı
46ab2711d4 fix: #8432, add CSP frame-ancestors 2020-09-06 17:10:43 -04:00
Barış Soner Uşaklı
6fc31df033 feat: use const/let 2020-09-06 17:04:43 -04:00
Barış Soner Uşaklı
3761f05c98 feat: change invalid language codes to default lang 2020-07-24 12:22:24 -04:00
Barış Soner Uşaklı
dcb85ee7a1 #8344 (#8346) 
* feat: wip

* feat: wrap middlewares

* feat: middleware errors

* feat: more middleware changes

* fix: remove unused async

* fix: prevent version errors from blocking acp render

* feat: wrap more middlewares
 2020-06-03 20:18:42 -04:00
Barış Soner Uşaklı
5781a2dc65 feat: fix session mismatch errors by clearing cookie on logout (#8338) 
* feat: fix session mismatch errors by clearing cookie on logout

* feat: remove app.upateHeader

ported from 2.0

* feat: handle if user doesn't click button and just refreshes page
 2020-05-27 12:15:02 -04:00
Julian Lam
e327d1247e Revert "fix: #8142 invalid session warning if server-side session destroyed" 
This reverts commit 526b3cd9ec.
 2020-05-20 11:27:13 -04:00
Barış Soner Uşaklı
4263efa091 feat: don't overwrite req.query.lang if it exists 2020-05-19 14:18:07 -04:00
Julian Lam
526b3cd9ec fix: #8142 invalid session warning if server-side session destroyed 
Resolved regression caused by 5a0c7c1497
 2020-05-15 16:41:35 -04:00
Julian Lam
eddbd86837 fix: tweak to session validation in addHeaders 2020-02-18 16:08:23 -05:00
Barış Soner Uşaklı
630f5d5b85 fix: only call clearCookie for logged in users 2020-02-18 16:06:05 -05:00
Barış Soner Uşaklı
5a0c7c1497 fix: register 2020-02-11 21:46:34 -05:00
Julian Lam
d6e3f3f058 fix: #8142, broken site if no server-side session (#8148) 
* fix: #8142, broken site if no server-side session

During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session.  If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.

Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.

* feat: exported method to get cookie config

* fix: don't clear cookie if cookie is being set

* fix: socket.io tests

Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
 2020-02-06 15:52:37 -05:00
Barış Soner Uşaklı
fdfbcc6efe feat: give names to more middlewares 2018-12-17 16:23:38 -05:00
Julian Lam
5f3d1c76c8 fix: #7038, autoLocale logic not playing nicely with no-refresh auths (#7059) 
* fix: #7038, autoLocale logic not playing nicely with no-refresh auths

- on login, req.query.lang is deleted (since it seems to be left over)
- on logout, the middleware.autoLocale is executed, which resets
  req.query.lang
- middleware.autoLocale is new, just refactored existing logic in
  webserver.js into new middleware method.

* style: tests, use lodash

* fix: timeago strings not switching languages on login or out
 2018-12-07 11:29:20 -05:00
renovate[bot]
64b9dabff8 chore(deps): update dependency eslint-config-airbnb-base to v13 (#6599) 
* chore(deps): update dependency eslint-config-airbnb-base to v13

* chore: #6599, linting 😬
 2018-11-07 15:53:14 -05:00
Barış Soner Uşaklı
14f6e74bad closes #6556 2018-06-06 13:11:48 -04:00
Barış Soner Uşaklı
ae0f1847ae allow multiple origins for access-control-allow-origin header 
add access-control-allow-credentials header to acp
 2018-03-20 12:25:00 -04:00
Julian Lam
98b0bdc7e1 added helmet for better standard of protection across the board 2018-02-21 14:13:29 -05:00
Julian Lam
7edc58b727 stricter Referrer-Policy to reduce unintended information leakage 2018-02-20 16:11:07 -05:00
Julian Lam
9a1f722a05 appending X-Upstream-Hostname header in dev mode 2018-02-20 14:51:41 -05:00
Baris Usakli
59aeee6516 remove addExpiresHeaders 2017-07-10 15:26:58 -04:00
psychobunny
e121a5a798 closes #5574 2017-04-06 17:57:01 -04:00
Peter Jaszkowiak
3b0dd2d1ef ESlint padded-blocks 2017-02-18 02:32:24 -07:00
Peter Jaszkowiak
a038c66549 ESlint quotes 2017-02-18 01:56:23 -07:00
Peter Jaszkowiak
52f2028206 ESlint no-multiple-empty-lines 2017-02-17 22:08:23 -07:00
Peter Jaszkowiak
bc1d70c126 ESlint comma-dangle 2017-02-17 19:31:21 -07:00
barisusakli
6beacdb80c fix headers for new installs 
encodeURI(undefined) === "undefined"
 2016-11-23 21:06:02 +03:00
Julian Lam
b7fa8c1db1 fixes #5230 2016-11-23 12:25:01 -05:00
barisusakli
17f8afd0dc closes #5230 2016-11-23 16:09:46 +03:00
barisusakli
c972a339e6 fix value 2016-10-17 19:01:11 +03:00
barisusakli
862678eefe encodeURIComponent header values 2016-10-17 18:58:25 +03:00
HeeL
4a3c31b2dc Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00
barisusakli
8f408faf46 organize middlewares 
removed app.locals.middleware
middlewares can be required anywhere, ie in controllers
 2016-08-26 18:50:37 +03:00