mirror/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2026-05-06 20:29:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,146 Commits 21 Branches 339 Tags
331dae4eb0f8b33a9bd88a367474b4f55f2ecd82
Commit Graph

10146 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Panagiotis Papadopoulos 331dae4eb0 chore: delete unused loader-register file 2025-01-17 08:02:26 +01:00
Panagiotis Papadopoulos 748e30b63c chore(scripts): use tsx for webpack 2025-01-16 23:52:51 +01:00
Panagiotis Papadopoulos 76a0bffcc3 chore(scripts): remove unnecessary cross-env 2025-01-16 23:08:57 +01:00
Elian Doran b2e1a3e97a Merge pull request #961 from pano9000/fix-csrf-settings 
fix(csrf): set more secure csrf related settings
 2025-01-16 23:03:43 +02:00
Panagiotis Papadopoulos 5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Elian Doran 283a12b0d5 Merge pull request #960 from pano9000/fix_csrf-csrf_existing_cookie 
fix(csrf): fix handling of existing _csrf cookies
 2025-01-16 21:53:09 +02:00
Panagiotis Papadopoulos 139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos 6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Elian Doran edc6b983ac Merge remote-tracking branch 'origin/master' into develop 2025-01-16 18:36:35 +02:00
Elian Doran d684440c1f fix(client): undefined entity in some cases 2025-01-16 18:36:29 +02:00
Elian Doran 1e182f5820 chore(client/ts): port mermaid 2025-01-16 18:20:23 +02:00
Elian Doran 5ca876ca62 fix(mobile): force grouping in editing toolbar 2025-01-16 16:41:52 +02:00
Elian Doran 187ef60350 feat(mobile): disable overscroll for toolbar 2025-01-16 16:32:47 +02:00
Elian Doran 706b011b23 feat(mobile): enforce classic editor 2025-01-16 16:29:51 +02:00
Elian Doran 6f2538a070 feat(mobile): hide editing toolbar on non-text note 2025-01-16 16:14:37 +02:00
Elian Doran 6caddc8004 fix(mobile): position of editing toolbar on tablet mode 2025-01-16 16:09:11 +02:00
Elian Doran 0cab891d2e chore(client/ts): port classic_editor_toolbar 2025-01-16 15:51:58 +02:00
Elian Doran 1d6e3af9aa fix(mobile): position of editing toolbar 2025-01-16 15:48:56 +02:00
Elian Doran c8b745bc6a Merge pull request #952 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.7
 2025-01-16 10:49:07 +02:00
Elian Doran d1be673763 Merge pull request #953 from TriliumNext/renovate/better-sqlite3-11.x-lockfile 
fix(deps): update dependency better-sqlite3 to v11.8.0
 2025-01-16 10:45:59 +02:00
Elian Doran 2fbfc9d668 Merge pull request #946 from TriliumNext/renovate/electron-34.x 
chore(deps): update dependency electron to v34
 2025-01-16 10:43:33 +02:00
renovate[bot] b77f8aeb43 fix(deps): update dependency better-sqlite3 to v11.8.0 2025-01-16 00:56:43 +00:00
renovate[bot] 01b88c52ef chore(deps): update dependency @types/node to v22.10.7 2025-01-16 00:56:32 +00:00
Elian Doran 4c451753bc chore(build): remove redundant npx 2025-01-15 19:11:26 +02:00
Elian Doran 7076c4cbd6 chore(deps): update better-sqlite3 to 11.8.0 2025-01-15 19:11:05 +02:00
renovate[bot] 0eab68e8d1 chore(deps): update dependency electron to v34 2025-01-15 02:07:18 +00:00
Elian Doran 7dfeb20678 Merge pull request #936 from pano9000/fix_views-deprecated-meta-tag 
fix(views): replace deprecated meta tag
 2025-01-14 23:51:46 +02:00
Elian Doran 155900929f Merge pull request #945 from hasecilu/i18n/Spanish 
Update Spanish translation
 2025-01-14 23:19:46 +02:00
hasecilu 3486e566ae chore(code): be more explicit on config for json files 
To avoid changing end line character of translation files
 2025-01-14 13:26:40 -06:00
hasecilu 7f9e42abbd chore(i18n): update Spanish translation 2025-01-14 13:26:39 -06:00
Elian Doran c1211647ab Merge pull request #940 from pano9000/chore_npm-script-start-test-server 
chore(scripts): update `start-test-server` script
 2025-01-14 21:26:09 +02:00
Elian Doran 8a7a607fcb Merge pull request #926 from pano9000:refactor_backend_log 
refactor(backend_log): improve `getBackendLog`
 2025-01-14 20:41:29 +02:00
Elian Doran 3f612a1b70 Merge pull request #864 from pano9000/refactor_replace-csurf 
refactor: replace csurf with csrf-csrf
 2025-01-14 20:33:29 +02:00
Elian Doran c8c501d717 Merge branch 'develop' into refactor_replace-csurf 2025-01-14 20:32:52 +02:00
Elian Doran 7dabe33eb2 chore(git): mark root package-lock as auto-generated 2025-01-14 20:32:30 +02:00
Elian Doran eb1af98830 Merge pull request #880 from pano9000/refactor_data_dir 
refactor(data_dir): simplify logic and make code robust and testable
 2025-01-14 20:20:32 +02:00
Elian Doran 3c0e4b842a Merge pull request #941 from process/ck-logging 
Add server logging for CKEditor state changes
 2025-01-14 20:18:06 +02:00
Elian Doran 73053a8728 Merge pull request #928 from TriliumNext/renovate/mind-elixir-4.x 
fix(deps): update dependency mind-elixir to v4.3.6
 2025-01-14 20:15:24 +02:00
Elian Doran f478985761 chore(ci): define relations between dev jobs 2025-01-14 20:09:16 +02:00
Elian Doran 0221039ebe fix(client/ts): fix build errors & define command to event bridge 2025-01-14 20:08:57 +02:00
Elian Doran ef28445de6 Merge pull request #935 from pano9000/fix_deps-update-deprecated-electron 
fix(deps): update deprecated electron packages
 2025-01-14 19:23:44 +02:00
Elian Doran acf34addf4 Merge pull request #937 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.6
 2025-01-14 19:22:57 +02:00
Elian Doran cf2535cb92 Merge branch 'develop' into renovate/mind-elixir-4.x 2025-01-14 19:22:34 +02:00
Elian Doran 73719407ba Merge pull request #929 from TriliumNext/renovate/ts-loader-9.x 
fix(deps): update dependency ts-loader to v9.5.2
 2025-01-14 19:22:18 +02:00
Elian Doran 331b2252f2 chore(e2e): rename incorrect test suite 2025-01-14 19:19:46 +02:00
Elian Doran 580bebb4a3 chore(client/ts): port mind_map 2025-01-14 19:18:44 +02:00
Elian Doran e16f4a1a71 chore(client/ts): port type_widget 2025-01-14 19:12:29 +02:00
Elian Doran 353156e625 fix(mindmap): not working due to dependency change 2025-01-14 18:47:42 +02:00