agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-07 08:09:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,198 Commits 3 Branches 19 Tags
ef5b6e5c3aa98ea06faa30f54ffa70df888675df
Commit Graph

70 Commits

Author SHA1 Message Date
Brian Gough ef5b6e5c3a Merge pull request #17675 from overleaf/bg-session-mitigation-redis-store-metrics 
add CustomSessionStore class to handle session metrics and logging

GitOrigin-RevId: 49d4cda9fd94a8801adb33e894be239dc38ad544
 2024-04-03 08:03:55 +00:00
Brian Gough c0d90a26e9 Merge pull request #17537 from overleaf/bg-session-mitigation-log-session-size 
Add custom session store to track largest session sizes for anonymous users

GitOrigin-RevId: 23312689d7adb8196e66bb925afcfef78c4c558d
 2024-03-13 09:03:44 +00:00
Jessica Lawshe cfce3c3710 Merge pull request #15419 from overleaf/em-error-request-logging 
Use the request logger for errors in web

GitOrigin-RevId: f654fc69e0bbdab8b16d23b007aefbad08925358
 2023-10-31 09:04:36 +00:00
Jakob Ackermann ac5765508e Merge pull request #14902 from overleaf/jpa-node-18-18-0 
[misc] upgrade Node.js to latest LTS 18.18.0

GitOrigin-RevId: 96c7171065ceb8797c28efa4ab331d86a84868d2
 2023-09-25 08:04:25 +00:00
Jakob Ackermann 76b0ebcfa5 Merge pull request #14562 from overleaf/jpa-disable-connection-checking 
[web] workaround for broken detection of idle connections in CI

GitOrigin-RevId: ae9ff2b9b1bf99b56d8eb1af6e035b6ed08f7477
 2023-08-30 08:05:02 +00:00
Alf Eaton 8a4ac0d03b Set Cache-Control: private for project files (#13750) 
GitOrigin-RevId: b111c792a49a8a5e37734b5fcce1a69f4904c1ff
 2023-08-04 08:05:31 +00:00
Jessica Lawshe 2b919e2efa Merge pull request #12819 from overleaf/jpa-institutions-lookup 
[web] migrate /institutions/ proxies to explicit V1 requests

GitOrigin-RevId: 535da280a6350dacbe2c957d2f2cedaeee02a48a
 2023-04-28 08:04:34 +00:00
Eric Mc Sween 7ccf310945 Merge pull request #11489 from overleaf/em-fix-paypal 
Set COOP header to same-origin-allow-popups

GitOrigin-RevId: c8c3751386addb307ee2caf59c228484e8e593c0
 2023-01-27 09:05:43 +00:00
Tim Down 4fe3290907 Merge pull request #10966 from overleaf/td-add-coop-header 
Upgrade Helmet to add some security-related response headers, including COOP

GitOrigin-RevId: fce8538b004f7b3ba6c6ca65ad311957d75b496a
 2023-01-24 09:05:27 +00:00
Simon Detheridge e2ac86adf4 Merge pull request #10227 from overleaf/spd-td-opentelementry 
Add opentelemetry to dev environment

GitOrigin-RevId: 31a8234197337a264412b411429692525793c8b0
 2022-11-01 09:04:53 +00:00
June Kelly a831286b2c Merge pull request #9679 from overleaf/jk-fix-the-module-system 
[web] Fix how imports work in the Module system

GitOrigin-RevId: 00cb3bfa19c6af979216b9d5e6104d489c18244b
 2022-09-23 08:04:15 +00:00
Miguel Serrano d4e5ed2316 Disable rolling sessions in web-admin (#9307) 
GitOrigin-RevId: 7f098d5222d21187f219c0906757b913890e85e7
 2022-09-01 08:03:53 +00:00
Jakob Ackermann 5f26e90d48 Merge pull request #8776 from overleaf/jpa-drop-service-worker 
[web] goodbye service worker

GitOrigin-RevId: ce85d4850faba15c5877ce1f3e78026de30c6eae
 2022-07-11 08:03:57 +00:00
Eric Mc Sween 7527da7c29 Merge pull request #7906 from overleaf/em-downgrade-logs 
Downgrade all INFO logs to DEBUG

GitOrigin-RevId: 05ed582ef0721fcada059f0ad158565f50feca27
 2022-05-17 08:05:26 +00:00
Eric Mc Sween 7e76f94e17 Merge pull request #7228 from overleaf/em-node-16 
Upgrade to Node 16

GitOrigin-RevId: 3db1ae57ffb02f8a2b9012ffbb3efecfc01d2b04
 2022-04-05 12:20:52 +00:00
Jakob Ackermann c6f638023f Merge pull request #6614 from overleaf/jpa-msm-separate-admin-app 
[misc] move admin capability from www. to admin. subdomain

GitOrigin-RevId: e0daeacf3c06b856ffb9fd35dce76e71f14e8459
 2022-04-05 12:18:24 +00:00
Jakob Ackermann caf3eb3a98 Merge pull request #7105 from overleaf/jpa-static-no-csp 
[web] remove CSP header from static assets

GitOrigin-RevId: 2f12974f490ff22796ed74c38a466fe4649877c1
 2022-03-18 09:03:07 +00:00
Jakob Ackermann 6dd1616d8f [web] set a default, strict CSP on ALL endpoints (#6271) 
* Remove use of CSP_PERCENTAGE

* Move header calculation earlier

* Set a default policy and add comments

* Apply the CSP header to all responses

* Enable CSP in dev environment

* [web] set a default, strict CSP on ALL endpoints

* [misc] enable CSP in dev-env

* Only build the default policy once

* Update docker-compose.yml

* [web] webpack: set default CSP header on webpack assets

This aligns the webpack dev-server with production in nocdn=true mode.

Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
GitOrigin-RevId: 088a6082ad21c5b3f229887ba0ab3eca8d0528cd
 2022-03-18 09:03:01 +00:00
Thomas 48c6972034 Re-add dropbox webhook signature verification and decaf cleanup (#6735) 
* Re-apply #6352 dropbox webhook signature verification/ decaf cleanup

* Add verification for Sharelatex legacy dropbox app signature

* Add SL and OL dropbox app secrets to web secrets

GitOrigin-RevId: 0aa2e8371069a09330850218124937d4e03e75bb
 2022-03-01 09:04:27 +00:00
Thomas 313ef1fabf Merge pull request #6570 from overleaf/revert-6352-tm-dropbox-webhook-signature-verification 
Revert "Add dropbox webhook signature verification and decaf cleanup"

GitOrigin-RevId: eb1fab093d7979a010700f0bc3e1e696f3cba6ae
 2022-02-02 09:03:18 +00:00
Thomas 4d1d992018 Add dropbox webhook signature verification and decaf cleanup (#6352) 
* Decaf: move functions to top level, removing unused vars

* Decaf: fix camelcase identifiers

* Decaf: remove unnecessary code created because of implicit returns

* Decaf: remove next() fallback callbacks

* Decaf: shorten null checks, remove decaf/eslint comments

* Add signature verification for Dropbox webhook

* Add overleaf dropbox app secret to web (staging+prod)

* Add simple acceptance test for dropbox webhook events processing

* Add method for modules to register app middleware prior to bodyParser call, move rawBody middleware to Dropbox module

GitOrigin-RevId: 736f489e2eb5906f7b202c1049c4ce143deea74e
 2022-02-02 09:03:03 +00:00
Brian Gough 9d08e3387e Merge pull request #5750 from overleaf/jpa-cache-req-ip 
[web] cache req.ip and bail out in case none is available

GitOrigin-RevId: 07084114676ffd13530c9ad4e0ff386fc2c5fa17
 2021-11-24 09:03:07 +00:00
Eric Mc Sween e2be63e9ed Merge pull request #5740 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: b304c87a3fe46c29189f665eb3daf22c23d6eb8f
 2021-11-11 09:03:09 +00:00
Eric Mc Sween 4d15360439 Merge pull request #5648 from overleaf/em-revert-gcp-logging-web 
Revert "Improve GCP logging for web"

GitOrigin-RevId: 92d446baf62108da1df92146eec12a2fe69d30ee
 2021-11-02 09:03:29 +00:00
Eric Mc Sween 5c4e116ad2 Merge pull request #5632 from overleaf/em-gcp-logging-web 
Improve GCP logging for web

GitOrigin-RevId: 1198fab2e821a55563058171cfa435605216e337
 2021-11-02 09:03:22 +00:00
Alexandre Bourdin 79ceacd09f Merge pull request #5051 from overleaf/ab-web-mono-analytics-id 
Analytics ID Support (v2)

GitOrigin-RevId: 707f62697f6566d8aad22e424684d97f7bc147df
 2021-09-13 08:03:14 +00:00
Alexandre Bourdin a3a04dddd9 Merge pull request #5050 from overleaf/revert-4639-ab-web-mono-analytics-id 
Revert "Analytics ID support"

GitOrigin-RevId: cc5da762ba1bafcbcea65ed0dd86342896b6d1eb
 2021-09-10 08:04:47 +00:00
Alexandre Bourdin 44a8883b6d Merge pull request #4639 from overleaf/ab-web-mono-analytics-id 
Analytics ID support

GitOrigin-RevId: 820a6c0f4d19f046f6c791ce4dc64dbc80748924
 2021-09-10 08:04:31 +00:00
Alexandre Bourdin 9468e5cb4f Merge pull request #4338 from overleaf/ab-session-manager 
Extract functions from AuthenticationController to SessionManager

GitOrigin-RevId: 86870ce03a762e1a837dcf493759e8851e759883
 2021-07-28 12:36:22 +00:00
Jakob Ackermann 5e773ce950 Merge pull request #4101 from overleaf/ae-settings-module 
Migrate from `settings-sharelatex` to `@overleaf/settings`

GitOrigin-RevId: 9a298ba26382180c1351683c5fddc9004418c1e6
 2021-07-08 02:08:28 +00:00
Jakob Ackermann 28fafffef3 Merge pull request #4209 from overleaf/jpa-service-worker-24h-cache 
[Server] lower the cache duration for the service worker to 24h

GitOrigin-RevId: b67b030722812a30d7c2fc98f9183538307f9a1a
 2021-06-17 02:09:19 +00:00
Jakob Ackermann 8faae673b4 Merge pull request #4000 from overleaf/jpa-skip-pug-compile 
[Server] optionally skip pre-compiling pug templates in production

GitOrigin-RevId: c50e6007dae3b0ab83a7edbce07a695a17e71404
 2021-05-07 02:13:13 +00:00
Alf Eaton 1be43911b4 Merge pull request #3942 from overleaf/prettier-trailing-comma 
Set Prettier's "trailingComma" setting to "es5"

GitOrigin-RevId: 9f14150511929a855b27467ad17be6ab262fe5d5
 2021-04-28 02:10:01 +00:00
Alf Eaton 1ebc8a79cb Merge pull request #3495 from overleaf/ae-prettier-2 
Upgrade Prettier to v2

GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33
 2021-04-15 02:05:22 +00:00
Alf Eaton a5637651b5 Add Content-Security-Policy header (#3783) 
* Add Content-Security-Policy header
* Add nonce attribute to script tags
* Use source-map for webpack devtool
* Add ng-csp attribute when CSP is enabled
* Allow overriding CSP settings with environment variables
* Hook into render and allow routes to disable the CSP header

GitOrigin-RevId: a873736a3514198165f1b2f1e18d002b65f20d30
 2021-03-26 03:04:55 +00:00
Christopher Hoskin 1e8598a8d9 Merge pull request #3331 from overleaf/csh-issue-3661-bump-agents 
Update metrics module

GitOrigin-RevId: bdef141035f277ce4863f14f8a6e166d710b1111
 2020-10-31 03:05:30 +00:00
Eric Mc Sween d708f6f0db Merge pull request #3319 from overleaf/em-enabled-services 
Use ENABLED_SERVICES variable to choose which routes to set up

GitOrigin-RevId: 6b1f8d593de23d72802c178d2e3cc89757257675
 2020-10-28 03:05:16 +00:00
Jakob Ackermann 435af75ef7 Merge pull request #3163 from overleaf/as-jpa-i18n-cleanup 
[misc] Translations cleanup

GitOrigin-RevId: 46bf1142bb9415eeebf638c120597996aaa55f8b
 2020-09-18 02:04:41 +00:00
Jakob Ackermann 674954f96f Merge pull request #3094 from overleaf/sk-restrict-admin-flag 
Check domain of emails on admin users

GitOrigin-RevId: 75de9cff30e3c628249fcd0ea3446a33d51d39b4
 2020-08-20 02:06:19 +00:00
Jakob Ackermann fa594e575b Merge pull request #3113 from overleaf/jpa-translations-mono-repo 
[misc] mono repo with translations

GitOrigin-RevId: 1ed86d211f6a2031aafc3e7462687af0e957f9fd
 2020-08-19 02:06:08 +00:00
Miguel Serrano 42c917d909 Merge pull request #3046 from overleaf/msm-cleanup-oerror-http 
Finish o-error/http cleanup

GitOrigin-RevId: 1f8cf7f1e0503d1071c51b41ac136f7fb7f38872
 2020-08-12 02:06:53 +00:00
Jakob Ackermann 1f6499b5ea Merge pull request #3053 from overleaf/jpa-spd-accepts 
[misc] reland 3004: unify detection of json requests and skip issuing of redirects

GitOrigin-RevId: fa43b3b4d23deb581496ed70ae8f28b805555d64
 2020-07-28 02:06:27 +00:00
Jakob Ackermann ae068781ca Merge pull request #2978 from overleaf/jpa-expose-hostname 
[misc] optionally expose the hostname in the X-Served-By response header

GitOrigin-RevId: f3ac14aeb75cef8c9ed1d8cb1d649dd7f909b99b
 2020-07-08 02:04:24 +00:00
Jakob Ackermann 153a9c5790 Merge pull request #2953 from overleaf/jpa-nocache 
[misc] Server: invoke the nocache middleware explicitly and add test

GitOrigin-RevId: 3238b07ebf5963ae95ef3f353e4745d283795fba
 2020-06-27 02:10:30 +00:00
Simon Detheridge 0099032963 Merge pull request #2732 from overleaf/ho-metrics-web-api 
add metrics route to web api

GitOrigin-RevId: 7a39228d864545e4423d2c0c38ab0f16d495cf86
 2020-04-09 03:21:27 +00:00
nate stemen 3b1a5c458e Merge pull request #2699 from overleaf/jpa-test-perf 
[perf] enable view caching for acceptance tests

GitOrigin-RevId: 696958a617392d20b594141aa316b5a80755ff38
 2020-03-31 03:18:54 +00:00
nate stemen c301d8bc25 Merge pull request #2666 from overleaf/em-max-json-request-size 
Separate max_doc_length from max JSON request size

GitOrigin-RevId: 4c725028111966bf04109080d80d4672273dd697
 2020-03-19 04:17:05 +00:00
Timothée Alby fbbb39b0c0 Merge pull request #2620 from overleaf/ta-body-parser-errors 
Convert Errors with Status Code To HTTP Errors

GitOrigin-RevId: 4c7abf4f9164c1a907fbf38c6e440409a616e047
 2020-03-10 04:14:38 +00:00
Brian Gough ac5d688d8c Merge pull request #2612 from overleaf/bg-precompile-web-views-only 
only precompile views for web, not web-api

GitOrigin-RevId: 292f4d5dd6f81b1928ccd543898dfa643f1e5be8
 2020-02-27 04:17:55 +00:00
Timothée Alby b94e1791e0 Merge pull request #2617 from overleaf/ho-open-site-for-admins 
allow site to be accessible to admins when closed

GitOrigin-RevId: 71bdf329ce2a4e41533b2a65f45190277ea72dbb
 2020-02-21 04:21:03 +00:00