mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-03-22 13:10:41 +08:00
Merge branch 'master' into download-feature
This commit is contained in:
commit
47029fb04e
|
@ -3,6 +3,8 @@
|
||||||
* **1.4 (not yet released)**
|
* **1.4 (not yet released)**
|
||||||
* ADDED: Translation for Estonian
|
* ADDED: Translation for Estonian
|
||||||
* ADDED: new HTTP headers improving security (#765)
|
* ADDED: new HTTP headers improving security (#765)
|
||||||
|
* ADDED: Opt-out of federated learning of cohorts (FLoC) (#776)
|
||||||
|
* CHANGED: Language selection cookie only transmitted over HTTPS (#472)
|
||||||
* **1.3.5 (2021-04-05)**
|
* **1.3.5 (2021-04-05)**
|
||||||
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
|
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
|
||||||
* ADDED: Make the project info configurable (#681)
|
* ADDED: Make the project info configurable (#681)
|
||||||
|
|
|
@ -87,7 +87,7 @@ languageselection = false
|
||||||
; async functions and display an error if not and for Chrome to enable
|
; async functions and display an error if not and for Chrome to enable
|
||||||
; webassembly support (used for zlib compression). You can remove it if Chrome
|
; webassembly support (used for zlib compression). You can remove it if Chrome
|
||||||
; doesn't need to be supported and old browsers don't need to be warned.
|
; doesn't need to be supported and old browsers don't need to be warned.
|
||||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
|
; cspheader = "default-src 'none'; base-uri 'self'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
|
||||||
|
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
|
|
@ -3701,7 +3701,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||||
*/
|
*/
|
||||||
function setLanguage(event)
|
function setLanguage(event)
|
||||||
{
|
{
|
||||||
document.cookie = 'lang=' + $(event.target).data('lang');
|
document.cookie = 'lang=' + $(event.target).data('lang') + ';secure';
|
||||||
UiHelper.reloadHome();
|
UiHelper.reloadHome();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -55,7 +55,7 @@ class Configuration
|
||||||
'urlshortener' => '',
|
'urlshortener' => '',
|
||||||
'qrcode' => true,
|
'qrcode' => true,
|
||||||
'icon' => 'identicon',
|
'icon' => 'identicon',
|
||||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
|
'cspheader' => 'default-src \'none\'; base-uri \'self\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
'httpwarning' => true,
|
'httpwarning' => true,
|
||||||
'compression' => 'zlib',
|
'compression' => 'zlib',
|
||||||
|
|
|
@ -170,7 +170,7 @@ class Controller
|
||||||
// force default language, if language selection is disabled and a default is set
|
// force default language, if language selection is disabled and a default is set
|
||||||
if (!$this->_conf->getKey('languageselection') && strlen($lang) == 2) {
|
if (!$this->_conf->getKey('languageselection') && strlen($lang) == 2) {
|
||||||
$_COOKIE['lang'] = $lang;
|
$_COOKIE['lang'] = $lang;
|
||||||
setcookie('lang', $lang);
|
setcookie('lang', $lang, 0, '', '', true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -349,6 +349,7 @@ class Controller
|
||||||
header('Cross-Origin-Resource-Policy: same-origin');
|
header('Cross-Origin-Resource-Policy: same-origin');
|
||||||
header('Cross-Origin-Embedder-Policy: require-corp');
|
header('Cross-Origin-Embedder-Policy: require-corp');
|
||||||
header('Cross-Origin-Opener-Policy: same-origin');
|
header('Cross-Origin-Opener-Policy: same-origin');
|
||||||
|
header('Permissions-Policy: interest-cohort=()');
|
||||||
header('Referrer-Policy: no-referrer');
|
header('Referrer-Policy: no-referrer');
|
||||||
header('X-Content-Type-Options: nosniff');
|
header('X-Content-Type-Options: nosniff');
|
||||||
header('X-Frame-Options: deny');
|
header('X-Frame-Options: deny');
|
||||||
|
@ -367,7 +368,7 @@ class Controller
|
||||||
$languageselection = '';
|
$languageselection = '';
|
||||||
if ($this->_conf->getKey('languageselection')) {
|
if ($this->_conf->getKey('languageselection')) {
|
||||||
$languageselection = I18n::getLanguage();
|
$languageselection = I18n::getLanguage();
|
||||||
setcookie('lang', $languageselection);
|
setcookie('lang', $languageselection, 0, '', '', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
$page = new View;
|
$page = new View;
|
||||||
|
|
|
@ -72,7 +72,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-mouOfFQR5Gn4RQLPg0PJmO/7tSXUrr1ohq+qDHNMXrKCKTZCvY9XcPYhIZjC3Pd6ClZ4eZ57da+EbnFX0m6Byg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-aro4zOmrXSR8u8UJ3OvapTAWEGNx/o5Leob2ovfRDfKRl6Z6eNuIs+ZNS5CrPUSilwsLAtOqVprFe+obin5y6w==" crossorigin="anonymous"></script>
|
||||||
<!-- icon -->
|
<!-- icon -->
|
||||||
<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
|
<link rel="apple-touch-icon" href="<?php echo I18n::encode($BASEPATH); ?>img/apple-touch-icon.png" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png" sizes="32x32" />
|
||||||
|
|
|
@ -50,7 +50,7 @@ endif;
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/purify-2.2.7.js" integrity="sha512-7Ka1I/nJuR2CL8wzIS5PJS4HgEMd0HJ6kfAl6fFhwFBB27rhztFbe0tS+Ex+Qg+5n4nZIT4lty4k4Di3+X9T4A==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/legacy.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-LYos+qXHIRqFf5ZPNphvtTB0cgzHUizu2wwcOwcwz/VIpRv9lpcBgPYz4uq6jx0INwCAj6Fbnl5HoKiLufS2jg==" crossorigin="anonymous"></script>
|
||||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-mouOfFQR5Gn4RQLPg0PJmO/7tSXUrr1ohq+qDHNMXrKCKTZCvY9XcPYhIZjC3Pd6ClZ4eZ57da+EbnFX0m6Byg==" crossorigin="anonymous"></script>
|
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-aro4zOmrXSR8u8UJ3OvapTAWEGNx/o5Leob2ovfRDfKRl6Z6eNuIs+ZNS5CrPUSilwsLAtOqVprFe+obin5y6w==" crossorigin="anonymous"></script>
|
||||||
<!-- icon -->
|
<!-- icon -->
|
||||||
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
<link rel="apple-touch-icon" href="img/apple-touch-icon.png?<?php echo rawurlencode($VERSION); ?>" sizes="180x180" />
|
||||||
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
<link rel="icon" type="image/png" href="img/favicon-32x32.png?<?php echo rawurlencode($VERSION); ?>" sizes="32x32" />
|
||||||
|
|
Loading…
Reference in New Issue
Block a user