oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-06-27 16:36:00 +00:00
Code Wiki Activity
2171 commits 1 branch 82 tags 76 MiB
Commit graph

18 commits

Author SHA1 Message Date
Frédéric Guillot
3de9629a49 feat(googlereader): avoid SQL query to fetch username in streamItemContentsHandler 2025-05-04 20:38:53 -07:00
Frédéric Guillot
cb695e653a fix(security): use a more restrictive CSP for untrusted content 2025-03-29 19:49:41 -07:00
Frédéric Guillot
c531be8780 fix: update Content-Security-Policy to use 'sandbox' directive 2025-03-28 13:06:59 -07:00
Frédéric Guillot
3ebeb38ade fix(api): return 500 response when JSON serialization fails 2025-01-30 18:19:50 -08:00
jvoisin
60e1d9e361 Broaden an error condition 
`http.ErrNoCookie` isn't the only possible error value.
 2025-01-23 19:20:13 -08:00
Kioubit
7d6a4243c1 Make cookie duration dependent on configuration 
This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS.
As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry.
Fixes: #2214
 2024-05-01 19:34:13 -07:00
Frédéric Guillot
2c4c845cd2 http/response: add brotli compression support 2024-04-19 12:16:49 -07:00
jvoisin
93c9d43497 http/response: get rid of the X-XSS-Protection header 
It's useless at best, dangerous at worst, and shouldn't be used anymore
anywhere. See the following resources for details:

- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://chromestatus.com/feature/5021976655560704
- https://bugzilla.mozilla.org/show_bug.cgi?id=528661
- https://blogs.windows.com/windows-insider/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
 2024-03-24 13:45:38 -07:00
jvoisin
9df12177eb Minor idiomatic pass on internal/http/request/context.go 2024-03-19 20:21:23 -07:00
Ole Bertram
698bea4ec8 Fix inaccessible metrics endpoint when listening on Unix socket 2023-12-06 19:52:33 -08:00
Florian Rüchel
62ef8ed57a
Add WebAuthn / Passkey integration 
This is a rebase of #1618 in which @dave-atx added WebAuthn support.

Closes #1618
 2023-11-05 18:57:35 +01:00
Frédéric Guillot
14e25ab9fe Refactor HTTP Client and LocalizedError packages 2023-10-22 13:09:30 -07:00
Frédéric Guillot
4cc99881d8 Refactor Batch Builder and prevent accidental and excessive refreshes from the web ui 2023-10-20 16:07:18 -07:00
jinmiaoluo
fd69012357 Correct the timestamp format for Expires response header 2023-10-13 20:21:58 -07:00
Frédéric Guillot
67eb574fd4 Remove deprecated PreferServerCipherSuites 2023-10-05 20:27:44 -07:00
Frédéric Guillot
c0e954f19d Implement structured logging using log/slog package 2023-09-24 22:37:33 -07:00
Frédéric Guillot
ff5d391701 Add OAuth2 PKCE support 2023-09-02 22:11:47 -07:00
Frédéric Guillot
168a870c02 Move internal packages to an internal folder 
For reference: https://go.dev/doc/go1.4#internalpackages
 2023-08-10 20:29:34 -07:00