Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-07-29 11:02:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
10,145 Commits 21 Branches 339 Tags
Commit Graph

10145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Panagiotis Papadopoulos
748e30b63c chore(scripts): use tsx for webpack 2025-01-16 23:52:51 +01:00
Panagiotis Papadopoulos
76a0bffcc3 chore(scripts): remove unnecessary cross-env 2025-01-16 23:08:57 +01:00
Elian Doran
b2e1a3e97a
Merge pull request #961 from pano9000/fix-csrf-settings 
fix(csrf): set more secure csrf related settings
 2025-01-16 23:03:43 +02:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Elian Doran
283a12b0d5
Merge pull request #960 from pano9000/fix_csrf-csrf_existing_cookie 
fix(csrf): fix handling of existing _csrf cookies
 2025-01-16 21:53:09 +02:00
Panagiotis Papadopoulos
139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Elian Doran
edc6b983ac
Merge remote-tracking branch 'origin/master' into develop 2025-01-16 18:36:35 +02:00
Elian Doran
d684440c1f
fix(client): undefined entity in some cases 2025-01-16 18:36:29 +02:00
Elian Doran
1e182f5820
chore(client/ts): port mermaid 2025-01-16 18:20:23 +02:00
Elian Doran
5ca876ca62
fix(mobile): force grouping in editing toolbar 2025-01-16 16:41:52 +02:00
Elian Doran
187ef60350
feat(mobile): disable overscroll for toolbar 2025-01-16 16:32:47 +02:00
Elian Doran
706b011b23
feat(mobile): enforce classic editor 2025-01-16 16:29:51 +02:00
Elian Doran
6f2538a070
feat(mobile): hide editing toolbar on non-text note 2025-01-16 16:14:37 +02:00
Elian Doran
6caddc8004
fix(mobile): position of editing toolbar on tablet mode 2025-01-16 16:09:11 +02:00
Elian Doran
0cab891d2e
chore(client/ts): port classic_editor_toolbar 2025-01-16 15:51:58 +02:00
Elian Doran
1d6e3af9aa
fix(mobile): position of editing toolbar 2025-01-16 15:48:56 +02:00
Elian Doran
c8b745bc6a
Merge pull request #952 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.7
 2025-01-16 10:49:07 +02:00
Elian Doran
d1be673763
Merge pull request #953 from TriliumNext/renovate/better-sqlite3-11.x-lockfile 
fix(deps): update dependency better-sqlite3 to v11.8.0
 2025-01-16 10:45:59 +02:00
Elian Doran
2fbfc9d668
Merge pull request #946 from TriliumNext/renovate/electron-34.x 
chore(deps): update dependency electron to v34
 2025-01-16 10:43:33 +02:00
renovate[bot]
b77f8aeb43
fix(deps): update dependency better-sqlite3 to v11.8.0 2025-01-16 00:56:43 +00:00
renovate[bot]
01b88c52ef
chore(deps): update dependency @types/node to v22.10.7 2025-01-16 00:56:32 +00:00
Elian Doran
4c451753bc
chore(build): remove redundant npx 2025-01-15 19:11:26 +02:00
Elian Doran
7076c4cbd6
chore(deps): update better-sqlite3 to 11.8.0 2025-01-15 19:11:05 +02:00
renovate[bot]
0eab68e8d1
chore(deps): update dependency electron to v34 2025-01-15 02:07:18 +00:00
Elian Doran
7dfeb20678
Merge pull request #936 from pano9000/fix_views-deprecated-meta-tag 
fix(views): replace deprecated meta tag
 2025-01-14 23:51:46 +02:00
Elian Doran
155900929f
Merge pull request #945 from hasecilu/i18n/Spanish 
Update Spanish translation
 2025-01-14 23:19:46 +02:00
hasecilu
3486e566ae
chore(code): be more explicit on config for json files 
To avoid changing end line character of translation files
 2025-01-14 13:26:40 -06:00
hasecilu
7f9e42abbd
chore(i18n): update Spanish translation 2025-01-14 13:26:39 -06:00
Elian Doran
c1211647ab
Merge pull request #940 from pano9000/chore_npm-script-start-test-server 
chore(scripts): update `start-test-server` script
 2025-01-14 21:26:09 +02:00
Elian Doran
8a7a607fcb
Merge pull request #926 from pano9000:refactor_backend_log 
refactor(backend_log): improve `getBackendLog`
 2025-01-14 20:41:29 +02:00
Elian Doran
3f612a1b70
Merge pull request #864 from pano9000/refactor_replace-csurf 
refactor: replace csurf with csrf-csrf
 2025-01-14 20:33:29 +02:00
Elian Doran
c8c501d717
Merge branch 'develop' into refactor_replace-csurf 2025-01-14 20:32:52 +02:00
Elian Doran
7dabe33eb2
chore(git): mark root package-lock as auto-generated 2025-01-14 20:32:30 +02:00
Elian Doran
eb1af98830
Merge pull request #880 from pano9000/refactor_data_dir 
refactor(data_dir): simplify logic and make code robust and testable
 2025-01-14 20:20:32 +02:00
Elian Doran
3c0e4b842a
Merge pull request #941 from process/ck-logging 
Add server logging for CKEditor state changes
 2025-01-14 20:18:06 +02:00
Elian Doran
73053a8728
Merge pull request #928 from TriliumNext/renovate/mind-elixir-4.x 
fix(deps): update dependency mind-elixir to v4.3.6
 2025-01-14 20:15:24 +02:00
Elian Doran
f478985761
chore(ci): define relations between dev jobs 2025-01-14 20:09:16 +02:00
Elian Doran
0221039ebe
fix(client/ts): fix build errors & define command to event bridge 2025-01-14 20:08:57 +02:00
Elian Doran
ef28445de6
Merge pull request #935 from pano9000/fix_deps-update-deprecated-electron 
fix(deps): update deprecated electron packages
 2025-01-14 19:23:44 +02:00
Elian Doran
acf34addf4
Merge pull request #937 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.6
 2025-01-14 19:22:57 +02:00
Elian Doran
cf2535cb92
Merge branch 'develop' into renovate/mind-elixir-4.x 2025-01-14 19:22:34 +02:00
Elian Doran
73719407ba
Merge pull request #929 from TriliumNext/renovate/ts-loader-9.x 
fix(deps): update dependency ts-loader to v9.5.2
 2025-01-14 19:22:18 +02:00
Elian Doran
331b2252f2
chore(e2e): rename incorrect test suite 2025-01-14 19:19:46 +02:00
Elian Doran
580bebb4a3
chore(client/ts): port mind_map 2025-01-14 19:18:44 +02:00
Elian Doran
e16f4a1a71
chore(client/ts): port type_widget 2025-01-14 19:12:29 +02:00
Elian Doran
353156e625
fix(mindmap): not working due to dependency change 2025-01-14 18:47:42 +02:00
Elian Doran
62fbf3ffd0
Merge branch 'develop' into renovate/mind-elixir-4.x 2025-01-14 12:38:34 +02:00