A new "shareCode" field is generated for each entry, and allows
unlogged users to access the entry through the /shared endpoint.
This feature is particularly useful to share articles from miniflux
to third-party users without having them to visit the original source.
The image proxy is disabled and special cache headers are proposed in
the shared page to avoid denial of service.
This adds the oauth2 provider `oidc`. It needs an additional argument, the OIDC discovery endpoint to figure out where the auth and token URLs are.
Configuration is similar to setting up the Google Authentication with these changes:
* `OAUTH2_PROVIDER = oidc`
* `OAUTH2_OIDC_DISCOVERY_ENDPOINT = https://auth.exampe.org/discovery`
This change lets Miniflux use the same secure TLS configuration options when using Let's Encrypt / Autocert as when using a manually specified certificate. It raises the server’s SSL Labs score from a B to an A+ with LetsEncrypt.
Auth Proxy allows to authenticate a user using an HTTP header provided
by an external authentication service. This provides a way to
authenticate users in miniflux using authentication schemes not
supported by miniflux itself (LDAP, non-Google OAuth2 providers, etc.)
and to implement SSO for multiple applications behind single
authentication service.
Auth Proxy header is checked for the '/' endpoint only, as the rest are
protected by the miniflux user/app sessions.
Closes#534
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
While this is widely documented for SEO reason, it also helps for
accessibility. Notably, if you are using tools like Vimium to browse
using only the keyboard, these hints help to select the links. It's
all the more useful when the text is not in English.
Hosted miniflux don't keep read entries for long. If I leave my PC at
home on an unread entry, read everything pending at work and get back
to home later, when I click "next", I get a bare 404 error. I have to
go back to /unread myself. I think it would be more user friendly (but
maybe a bit suprising) to go directly to /unread in this case.
- Keep the Dockerfile standard and avoid external dependencies
- Use build args instead of Sed
- Bump Alpine Linux to version 3.11
- Always use the latest version of Golang
- Make sure query strings parameters are encoded
- As opposed to the standard library, do not append equal sign
for query parameters with empty value
- Strip URL fragments like Web browsers