Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-21 11:22:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
13,632 Commits 21 Branches 339 Tags
Commit Graph

10107 Commits

Author SHA1 Message Date
Adorian Doran
07dd8995b6 style(next): overhaul the check / uncheck animation for radio buttons 2025-01-17 01:22:09 +02:00
Adorian Doran
4c84bc724d style(next): refactor 2025-01-17 01:06:25 +02:00
Adorian Doran
2773d560b9 style(next): enforce left padding for radios and check boxes 2025-01-17 01:00:19 +02:00
Adorian Doran
a2a9bee7eb style(next): rename some variables 2025-01-17 00:58:11 +02:00
Adorian Doran
398591fb1f style(next): restyle check boxes 2025-01-17 00:51:26 +02:00
Adorian Doran
fe539b1647 style(next): tweak the colors of the radio buttons 2025-01-16 23:39:18 +02:00
Caleb Norton
b8f15d2fe3
Fix parent share link 2025-01-16 15:28:30 -06:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Panagiotis Papadopoulos
139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Adorian Doran
15dbaf441d style(next): restyle radio buttons 2025-01-16 18:51:35 +02:00
Elian Doran
edc6b983ac
Merge remote-tracking branch 'origin/master' into develop 2025-01-16 18:36:35 +02:00
Elian Doran
d684440c1f
fix(client): undefined entity in some cases 2025-01-16 18:36:29 +02:00
Elian Doran
1e182f5820
chore(client/ts): port mermaid 2025-01-16 18:20:23 +02:00
Elian Doran
5ca876ca62
fix(mobile): force grouping in editing toolbar 2025-01-16 16:41:52 +02:00
Elian Doran
187ef60350
feat(mobile): disable overscroll for toolbar 2025-01-16 16:32:47 +02:00
Elian Doran
706b011b23
feat(mobile): enforce classic editor 2025-01-16 16:29:51 +02:00
Elian Doran
6f2538a070
feat(mobile): hide editing toolbar on non-text note 2025-01-16 16:14:37 +02:00
Elian Doran
6caddc8004
fix(mobile): position of editing toolbar on tablet mode 2025-01-16 16:09:11 +02:00
Elian Doran
0cab891d2e
chore(client/ts): port classic_editor_toolbar 2025-01-16 15:51:58 +02:00
Elian Doran
1d6e3af9aa
fix(mobile): position of editing toolbar 2025-01-16 15:48:56 +02:00
Adorian Doran
edd39ad0db style(next): fix the quick search box 2025-01-15 02:59:55 +02:00
Adorian Doran
c2dbf0a463 style(next): fix the note title text box 2025-01-15 02:44:28 +02:00
Adorian Doran
896d7a383b style(next): tweak combo boxes 2025-01-15 02:31:49 +02:00
Adorian Doran
a184d5bb26 client: use combo box-like dropdown buttons in the "Basic Properties" widget 2025-01-15 02:14:56 +02:00
Adorian Doran
0339d83434 style(next): create a style for dropdown buttons to mimic combo boxes 2025-01-15 02:11:17 +02:00
Adorian Doran
f7efc033e1 style(next): fix broken states on textareas 2025-01-15 01:28:18 +02:00
Elian Doran
7dfeb20678
Merge pull request #936 from pano9000/fix_views-deprecated-meta-tag 
fix(views): replace deprecated meta tag
 2025-01-14 23:51:46 +02:00
Adorian Doran
cb65591004 style(next): tweak the group header for combo box items 2025-01-14 22:39:30 +02:00
Adorian Doran
40b95325dd style(next): tweak the combo box arrow 2025-01-14 22:10:06 +02:00
Adorian Doran
99a6e65d15 style(next): update the colors of combo boxes 2025-01-14 21:40:05 +02:00
hasecilu
7f9e42abbd
chore(i18n): update Spanish translation 2025-01-14 13:26:39 -06:00
Elian Doran
8a7a607fcb
Merge pull request #926 from pano9000:refactor_backend_log 
refactor(backend_log): improve `getBackendLog`
 2025-01-14 20:41:29 +02:00
Elian Doran
c8c501d717
Merge branch 'develop' into refactor_replace-csurf 2025-01-14 20:32:52 +02:00
Elian Doran
eb1af98830
Merge pull request #880 from pano9000/refactor_data_dir 
refactor(data_dir): simplify logic and make code robust and testable
 2025-01-14 20:20:32 +02:00
Elian Doran
3c0e4b842a
Merge pull request #941 from process/ck-logging 
Add server logging for CKEditor state changes
 2025-01-14 20:18:06 +02:00
Elian Doran
0221039ebe
fix(client/ts): fix build errors & define command to event bridge 2025-01-14 20:08:57 +02:00
Elian Doran
580bebb4a3
chore(client/ts): port mind_map 2025-01-14 19:18:44 +02:00
Elian Doran
e16f4a1a71
chore(client/ts): port type_widget 2025-01-14 19:12:29 +02:00
Elian Doran
353156e625
fix(mindmap): not working due to dependency change 2025-01-14 18:47:42 +02:00
Justin Chines
b173429dc5 Add more logging of CKEditor crashes 2025-01-14 15:39:04 +07:00
Justin Chines
7768511fe6 Add server logging for CKEditor state changes 2025-01-14 15:38:13 +07:00
Adorian Doran
9724b19cd2 style(next): add visual cues for the input action buttons when focused via keyboard 2025-01-14 02:12:26 +02:00
Adorian Doran
707d406ee9 style(next): fix the background of disabled input action buttons 2025-01-14 01:51:18 +02:00
Adorian Doran
26e3c13575 style(next): add states for input action buttons, tweak card background color on dark theme 2025-01-14 01:46:28 +02:00
Adorian Doran
f462e7f93b style(next): add the initial style for input groups 2025-01-14 01:30:31 +02:00
Elian Doran
1807b2b031
chore(types): missing import type for JS imports 2025-01-13 23:18:10 +02:00
Panagiotis Papadopoulos
8b91c528aa fix(views): replace deprecated meta tag 
`apple-mobile-web-app-capable` =>
`mobile-web-app-capable`

as warned by Chrome and also already implemented by
e.g. Flutter or vercel/Next.js:

https://github.com/vercel/next.js/pull/70363
https://github.com/flutter/flutter/issues/154596
 2025-01-13 20:49:53 +01:00