Commit Graph

16 Commits (docker-travis)

Author SHA1 Message Date
Richard Hansen 2db4b04af3 cookies: Use `SameSite=None` if in an iframe from another site 2020-10-04 08:57:44 +01:00
Richard Hansen bf9d613e95
feature: New user-specific `readOnly` and `canCreate` settings (#4370)
Also:
  * Group the tests for readability.
  * Factor out some common test setup.
2020-09-28 11:22:06 +01:00
Daniel Krol 61c7bb9699
feat(i18n) Custom i18n strings (#4000)
* Custom i18n strings (and some code formatting)

* Documentation for per-instance l10n overwrites
2020-05-19 13:21:31 +01:00
Paul Tiedtke 85adaa44d8 docker: make settings fully configurable via env vars
Now every setting in the official Etherpad container will be configurable via
environment variables.
2020-04-21 04:44:56 +02:00
muxator 9882362e2e settings: clarify that null defaults are supported, using the syntax "${VAR_NAME}"
Using "${VAR_NAME:null}", instead, would define the literal string "null".
2020-04-21 04:44:56 +02:00
Sebastian Castro c6f5ced23c css: adds UI skin variants builder (only for colibris skin) 2020-04-19 03:03:44 +02:00
Sebastian Castro 709e5d2233 colibris: introduce skin variants, in order to customize the rendering
This provide a nice way to change the colors of main containers from settings file. See comment inside settings for how it works
2020-04-19 03:03:44 +02:00
muxator 5acbdb83e5 docker: allow to control import/export rate limiting parameters
The newly introduces environment variables are IMPORT_EXPORT_RATE_LIMIT_WINDOW
and IMPORT_EXPORT_MAX_REQ_PER_IP.
2020-04-14 03:36:13 +02:00
John McLear c9d55c81a3 import/export: always rate limit import and exports
This is a departure from previous versions, which did not limit import/export
requests. Now such requests are ALWAYS rate limited. The default is 10 requests
per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3.

Administrators can tune the parameters via settings.importExportRateLimiting.
2020-04-14 03:36:13 +02:00
muxator f5d9b94ca1 docker: allow to control the maximum file size of an import via IMPORT_MAX_SIZE 2020-04-14 03:36:13 +02:00
John McLear f4418149cb import: introduce importMaxFileSize setting. Defaults to 50 MB
From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
file will always be bounded.

The maximum allowed size can be configured via importMaxFileSize.
2020-04-14 03:36:13 +02:00
muxator 6cba0f1dc5 settings: "http://etherpad.org" -> "https://etherpad.org" in the default text of a pad 2020-04-09 03:54:46 +02:00
Paul Tiedtke 79406051fa Settings.js: support newlines in default values when using variable substitution
This allows, among other things, to correctly support the configuration of
defaultPadText in Docker via an environment variable.
2020-04-07 04:32:37 +02:00
John McLear fa3e4b146a settings: document the possibility of using Unix sockets
We have been supporting Unix sockets by ages, because express.listen()
(http://expressjs.com/en/4x/api.html#app.listen_path_callback) re-exposes
net.server.listen() (https://nodejs.org/api/net.html#net_server_listen), which
in turn supports Unix sockets.

The only remaining thing to do was documenting it.

Fixes #3312
2020-03-30 03:36:55 +02:00
muxator a817acbbcc security: when served over https, set the "secure" flag for "express_sid" and "language" cookie
The mechanism used for determining if the application is being served over SSL
is wrapped by the "express-session" library for "express_sid", and manual for
the "language" cookie, but it's very similar in both cases.

The "secure" flag is set if one of these is true:

1. we are directly serving Etherpad over SSL using the native nodejs
   functionality, via the "ssl" options in settings.json

2. Etherpad is being served in plaintext by nodejs, but we are using a reverse
   proxy for terminating the SSL for us;
   In this case, the user has to be instructed to properly set trustProxy: true
   in settings.json, and the information wheter the application is over SSL or
   not will be extracted from the X-Forwarded-Proto HTTP header.

Please note that this will not be compatible with applications being served over
http and https at the same time.

The change on webaccess.js amends 009b61b338, which did not work when the SSL
termination was performed by a reverse proxy.

Reference for automatic "express_sid" configuration:
https://github.com/expressjs/session/blob/v1.17.0/README.md#cookiesecure

Closes #3561.
2019-12-07 04:36:01 +01:00
muxator 30fd53f1fd docker: move docker/settings.json to /settings.json.docker 2019-11-08 23:50:50 +01:00