oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity
2273 commits 1 branch 82 tags 76 MiB
Commit graph

22 commits

Author SHA1 Message Date
jvoisin
3ab9ca9e4d refactor(http): Don't hardcode TLS configuration 
- TLS 1.2 is used as MinVersion by default
- With regard to CipherSuites, in Go 1.22 RSA key exchange based cipher suites
  were removed from the default list, and in Go 1.23 3DES cipher suites were
  removed as well. Ciphers for TLS1.3 aren't configurable.
- No need to specify CurveP25, as the servers will likely disable the weird
  ones like CurveP384 and CurveP521. Removing the explicit specification also
  enables the post-quantum X25519MLKEM768, wow!

I trust the go team to make better choices on the long term than us keeping
miniflux up to date with the latest TLS trend.
 2025-06-18 20:12:55 -07:00
jvoisin
117c031f1c feat(integration)!: remove Pocket integration 
BREAKING CHANGE: Pocket will no longer be available after July 8, 2025.

https://support.mozilla.org/en-US/kb/future-of-pocket#w_when-is-pocket-shutting-down
 2025-06-15 13:29:55 -07:00
Frédéric Guillot
5920e02562 feat: add liveness and readiness probes 
- Added new routes: /liveness, /healthz, /readiness, /readyz
- These routes do not take the base path into consideration and are always available at the root of the server
 2025-05-24 20:36:05 -07:00
Frédéric Guillot
036704b3e4 feat(response): change error response content type to plain text and escape HTML 
Adding another layer of security in addition to the existing CSP cannot
hurt.
 2025-05-11 19:15:54 -07:00
Frédéric Guillot
3de9629a49 feat(googlereader): avoid SQL query to fetch username in streamItemContentsHandler 2025-05-04 20:38:53 -07:00
Frédéric Guillot
cb695e653a fix(security): use a more restrictive CSP for untrusted content 2025-03-29 19:49:41 -07:00
Frédéric Guillot
c531be8780 fix: update Content-Security-Policy to use 'sandbox' directive 2025-03-28 13:06:59 -07:00
Frédéric Guillot
3ebeb38ade fix(api): return 500 response when JSON serialization fails 2025-01-30 18:19:50 -08:00
jvoisin
60e1d9e361 Broaden an error condition 
`http.ErrNoCookie` isn't the only possible error value.
 2025-01-23 19:20:13 -08:00
Kioubit
7d6a4243c1 Make cookie duration dependent on configuration 
This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS.
As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry.
Fixes: #2214
 2024-05-01 19:34:13 -07:00
Frédéric Guillot
2c4c845cd2 http/response: add brotli compression support 2024-04-19 12:16:49 -07:00
jvoisin
93c9d43497 http/response: get rid of the X-XSS-Protection header 
It's useless at best, dangerous at worst, and shouldn't be used anymore
anywhere. See the following resources for details:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://chromestatus.com/feature/5021976655560704
- https://bugzilla.mozilla.org/show_bug.cgi?id=528661
- https://blogs.windows.com/windows-insider/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
 2024-03-24 13:45:38 -07:00
jvoisin
9df12177eb Minor idiomatic pass on internal/http/request/context.go 2024-03-19 20:21:23 -07:00
Ole Bertram
698bea4ec8 Fix inaccessible metrics endpoint when listening on Unix socket 2023-12-06 19:52:33 -08:00
Florian Rüchel
62ef8ed57a
Add WebAuthn / Passkey integration 
This is a rebase of #1618 in which @dave-atx added WebAuthn support.

Closes #1618
 2023-11-05 18:57:35 +01:00
Frédéric Guillot
14e25ab9fe Refactor HTTP Client and LocalizedError packages 2023-10-22 13:09:30 -07:00
Frédéric Guillot
4cc99881d8 Refactor Batch Builder and prevent accidental and excessive refreshes from the web ui 2023-10-20 16:07:18 -07:00
jinmiaoluo
fd69012357 Correct the timestamp format for Expires response header 2023-10-13 20:21:58 -07:00
Frédéric Guillot
67eb574fd4 Remove deprecated PreferServerCipherSuites 2023-10-05 20:27:44 -07:00
Frédéric Guillot
c0e954f19d Implement structured logging using log/slog package 2023-09-24 22:37:33 -07:00
Frédéric Guillot
ff5d391701 Add OAuth2 PKCE support 2023-09-02 22:11:47 -07:00
Frédéric Guillot
168a870c02 Move internal packages to an internal folder 
For reference: https://go.dev/doc/go1.4#internalpackages
 2023-08-10 20:29:34 -07:00