jvoisin
93c9d43497
http/response: get rid of the X-XSS-Protection header
...
It's useless at best, dangerous at worst, and shouldn't be used anymore
anywhere. See the following resources for details:
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- https://chromestatus.com/feature/5021976655560704
- https://bugzilla.mozilla.org/show_bug.cgi?id=528661
- https://blogs.windows.com/windows-insider/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
2024-03-24 13:45:38 -07:00
Frédéric Guillot
e3b3c40c28
timezone: make sure the tests pass when the timezone database is not installed on the host
2024-03-24 13:25:02 -07:00
Frédéric Guillot
068790fc19
integration: fix rssbrige import
2024-03-24 12:42:29 -07:00
Frédéric Guillot
41d99c517f
Update GitHub PR template
2024-03-23 14:34:03 -07:00
Frédéric Guillot
3db3f9884f
cli: avoid misleading error message when creating an admin user
2024-03-23 14:32:55 -07:00
Frédéric Guillot
ad1d349a0c
rss: use Channel tags only if there is no Item tags
2024-03-23 13:46:48 -07:00
Jean Khawand
7ee4a731af
Update miniflux.1
2024-03-21 19:59:02 -07:00
Jean Khawand
3c822a45ac
Update miniflux.1
...
#2187 #2543
2024-03-21 19:59:02 -07:00
Frédéric Guillot
c2311e316c
Rename PROXY_* options to MEDIA_PROXY_*
2024-03-20 21:28:28 -07:00
jvoisin
ed20771194
Enable trusted-types
...
This commit adds a policy, and make use of it in the Content-Security-Policy.
I've tested it the best I could, both on a modern browser supporting
trusted-types (Chrome) and on one that doesn't (firefox).
Thanks to @lweichselbaum for giving me a hand to wrap this up!
2024-03-20 17:50:37 -07:00
jvoisin
beb8c80787
Replace a bunch of let
with const
...
According to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/const
> Many style guides (including MDN's) recommend using const over let whenever a
variable is not reassigned in its scope. This makes the intent clear that a
variable's type (or value, in the case of a primitive) can never change.
2024-03-20 17:36:01 -07:00
jvoisin
fc4bdf3ab0
Inline a one-liner function
...
No need to expose a symbol for this.
2024-03-20 17:21:30 -07:00
Frédéric Guillot
6bc819e198
man page: sort config options in alphabetical order
2024-03-19 22:22:24 -07:00
Frédéric Guillot
08640b27d5
Ensure enclosure URLs are always absolute
2024-03-19 21:57:46 -07:00
jvoisin
4be993e055
Minor refactoring of internal/reader/atom/atom_10_adapter.go
...
- Move the population of the feed's entries into a new function, to make
`BuildFeed` easier to understand/separate concerns/implementation details
- Use `sort+compact` instead of `compact+sort` to remove duplicates
- Change `if !a { a = } if !a {a = }` constructs into `if !a { a = ; if !a {a = }}`.
This reduce the number of comparisons, but also improves a tad the
control-flow readability.
2024-03-19 20:41:44 -07:00
jvoisin
9df12177eb
Minor idiomatic pass on internal/http/request/context.go
2024-03-19 20:21:23 -07:00
Jean Khawand
a78d1c79da
Add FILTER_ENTRY_MAX_AGE_DAYS
config option to limit fetching all feed items
2024-03-20 02:58:53 +00:00
Matt Behrens
1ea3953271
Add keyboard shortcuts for scrolling to top/bottom of the item list
2024-03-19 19:30:38 -07:00
dependabot[bot]
fe8b7a907e
Bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0
...
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc ) from 3.9.0 to 3.10.0.
- [Release notes](https://github.com/coreos/go-oidc/releases )
- [Commits](https://github.com/coreos/go-oidc/compare/v3.9.0...v3.10.0 )
---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-19 19:09:08 -07:00
Frédéric Guillot
a15cdb1655
Fix regression in AbsoluteProxifyURL()
...
Regression introduced in commit 66b8483791
PR #2499
2024-03-18 20:48:20 -07:00
Frédéric Guillot
fa9697b972
Remove trailing space in SiteURL and FeedURL
2024-03-18 17:51:06 -07:00
jvoisin
8e28e41b02
Use struct embedding to reduce code duplication
2024-03-18 16:23:44 -07:00
jvoisin
e2ee74428a
Minor concatenation-related simplifications in internal/storage/
...
Use plain strings concatenation instead of
building an array and then joining it.
2024-03-18 16:20:55 -07:00
jvoisin
863a5b3648
Simplify removeDuplicates
...
Use a sort+compact construct instead of doing it by hand with a hashmap. The
time complexity is now O(nlogn+n) instead of O(n), and space complexity around
O(logn) instead of O(n+uniq(n)), but it shouldn't matter anyway, since
removeDuplicates is only called to deduplicate tags.
2024-03-18 16:13:32 -07:00
jvoisin
91f5522ce0
Minor simplification of internal/reader/media/media.go
...
- Simplify a switch-case by moving a common condition above it.
- Remove a superfluous error-check: `strconv.ParseInt` returns `0` when passed
an empty string.
2024-03-18 16:09:32 -07:00
Frédéric Guillot
8212f16aa2
atom: avoid debug message when the date is empty
2024-03-17 15:29:50 -07:00
Frédéric Guillot
b1e73fafdf
Enable go-critic linter and fix various issues detected
2024-03-17 13:52:34 -07:00
Frédéric Guillot
f6404290ba
Replace Optional{Int,Int64,Float64} with a generic function OptionalNumber()
2024-03-17 12:25:55 -07:00
jvoisin
c29ca0e313
Minor simplifications of the rewriter
...
- Online some one-line functions
- Transform a free-standing function into a method
- Massively simplify `removeClickbait`
- Use a proper constant instead of a magic number in `applyFuncOnTextContent`
2024-03-17 12:15:46 -07:00
jvoisin
02a074ed26
Compile block/keep regex only once per feed
...
No need to compile them once for matching on the url,
once per tag, once per title, once per author, … one time is enough.
It also simplify error handling, since while regexp compilation can fail,
matching can't.
2024-03-17 12:08:03 -07:00
Romain de Laage
00dabc1d3c
feat: Media player: Conrol playback speed
...
fix #1845
2024-03-17 11:53:30 -07:00
Frédéric Guillot
b68ada396a
Rewrite API integration tests without build tags
2024-03-16 21:29:07 -07:00
Frédéric Guillot
e299e821a6
Update GitHub PR template
2024-03-15 20:59:17 -07:00
Frédéric Guillot
0f17dfc7d6
Fix regressions introduced by PR #2476
...
'Toast' messages are broken and v hotkey opens in the same tab
Commit d25c032171
2024-03-15 20:55:32 -07:00
Frédéric Guillot
7c80d6b86d
Fix download button loading label
2024-03-15 20:40:14 -07:00
Frédéric Guillot
f6f63b5282
Avoid warnings in ui package
...
Remove unused variables and improve JSON decoding in
saveEnclosureProgression()
2024-03-15 19:49:39 -07:00
Frédéric Guillot
309fdbb9fc
Fix force refresh
2024-03-15 19:42:09 -07:00
Frédéric Guillot
e2d862f2f6
Display an error message on edit feed page when the feed URL is not unique
2024-03-15 19:07:54 -07:00
Frédéric Guillot
4834e934f2
Remove some duplicated code in RSS parser
2024-03-15 18:40:06 -07:00
Frédéric Guillot
dd4fb660c1
Refactor Atom parser to use an adapter
2024-03-15 17:27:16 -07:00
jvoisin
2ba893bc79
Bump the number of simultaneous workers
...
We're in 2024, I'm pretty sure we can afford to have 16 simultaneous open http
connections at the same time, instead of only 5.
2024-03-15 14:05:58 -07:00
Frédéric Guillot
7a307f8e74
Fix regression: Add to Home Screen button is unreadable
...
Regression introduced in commit ea58bac548
2024-03-14 17:37:50 -07:00
jvoisin
7310e13499
More trusted-types compatibility
2024-03-14 17:10:40 -07:00
dependabot[bot]
bf6d286735
Bump github.com/go-webauthn/webauthn from 0.10.1 to 0.10.2
...
Bumps [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn ) from 0.10.1 to 0.10.2.
- [Release notes](https://github.com/go-webauthn/webauthn/releases )
- [Commits](https://github.com/go-webauthn/webauthn/compare/v0.10.1...v0.10.2 )
---
updated-dependencies:
- dependency-name: github.com/go-webauthn/webauthn
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 17:03:54 -07:00
Frédéric Guillot
ca919c2ff8
Fix JavaScript error on the login page
2024-03-13 21:47:23 -07:00
Frédéric Guillot
5948786b15
Add support for RSS <media:category> element
2024-03-13 21:35:39 -07:00
jvoisin
f4746a7306
Fix and simplify shaarli's integration
...
- The jwt token was declared as using HS256 as algorithm, but was using HS512.
- No need to base64-encode then remove the padding when we can simply encode
without padding.
- Factorize the header+payload concatenation as data
Odds are that this integration was broken from the start (HS512 vs HS256), so
I'm not sure if it's better to add tests or to simply get rid of it.
2024-03-13 21:34:57 -07:00
Frédéric Guillot
648b9a8f6f
Refactor RSS Parser to use an adapter
2024-03-13 21:25:09 -07:00
jvoisin
66b8483791
Minor simplification of internal/proxy/proxy.go
...
- re-use ProxifiedUrl to implement AbsoluteProxifyURL, reducing the copy-pasta
- reduce the internal indentation of ProxifiedUrl by inverting some conditions
2024-03-13 19:42:01 -07:00
jvoisin
e0ee28c013
More progress towards trusted-types
...
Create a new function `addIcon` and use it to add icons, instead of
operating on raw html.
2024-03-13 19:35:20 -07:00