southfox/miniflux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
1198 commits 1 branch 0 tags 34 MiB
Commit graph

95 commits

Author SHA1 Message Date
Frédéric Guillot
b46b5dfb2a Use r.RemoteAddr to check /metrics endpoint network access 
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.

The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
 2023-03-11 20:53:12 -08:00
Romain de Laage
2c2700a31d Proxy support for several media types 
closes #615
closes #635
 2023-02-25 15:57:59 -08:00
Frédéric Guillot
cecab91298 Fix some linter issues 2022-08-08 22:06:38 -07:00
Frédéric Guillot
9fa086e471 Fix flaky test 2022-05-25 20:34:37 -07:00
Frédéric Guillot
897d8644c5 Fix incorrect conversion between integer types 2022-01-19 21:23:56 -08:00
Gergan Penkov
4b6e46d9ab
Add Google Reader API implementation (experimental) 
Co-authored-by: Sebastian Kempken <sebastian@kempken.io>
Co-authored-by: Gergan Penkov <gergan@gmail.com>
Co-authored-by: Dave Marquard <dave@marquard.org>
Co-authored-by: Moritz Fago <4459068+MoritzFago@users.noreply.github.com>
 2022-01-02 19:45:12 -08:00
Frank Steinborn
2dcabc840c Fix minor typo 2021-10-17 16:58:42 -07:00
Frédéric Guillot
612f9cdbc8 Remove RequestURI() hack 
I can't remember why this change was done.

Let's use only the standard lib.

But it seems to break URL like this one: https://www.deimeke.net/dirk/blog/index.php?/feeds/index.rss2
 2021-09-11 11:08:15 -07:00
Frédéric Guillot
dd3f496d06 Avoid extra HTTP request for fetching custom stylesheet 
Use inline CSS with a nonce and move CSP headers to a meta tag.
 2021-05-31 14:29:33 -07:00
Frédéric Guillot
6e2e2d1665 Setup golangci-lint Github Action 2021-03-22 21:34:48 -07:00
Darius
9242350f0e
Add per feed cookies option 2021-03-22 20:27:58 -07:00
Frédéric Guillot
ec3c604a83 Add option to allow self-signed or invalid certificates 2021-02-21 13:58:52 -08:00
Frédéric Guillot
a352aff93b Remove deprecated io/ioutil package 
Miniflux now requires at least Go 1.16 and io/util is deprecated.

https://golang.org/doc/go1.16#ioutil
 2021-02-16 21:25:21 -08:00
Frédéric Guillot
091308787b Add header "Referrer-Policy: no-referrer" 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
 2021-02-14 11:33:31 -08:00
y0ast
05fd83bd6f add support for ipv6 with zone index 2021-02-07 15:57:40 -08:00
Frédéric Guillot
864dd9f219 Allow images with data URLs 
Only URLs with a mime-type image/* are allowed
 2021-02-06 14:46:01 -08:00
Frédéric Guillot
b6ddaae82a ETag value is not set correctly in HTTP client (regression) 
Bug introduced after refactoring.

See commit 16b7b3bc3e.
 2021-02-05 20:36:05 -08:00
Frédéric Guillot
2cf9bde1af Show correct User Agent in input placeholders 2020-12-16 21:30:22 -08:00
Benjamin Congdon
eeeea74bf1 Update Miniflux man page with UserAgent setting 2020-11-29 16:55:45 -08:00
Benjamin Congdon
52a626d7b9 Add support for setting a global default User-Agent 2020-11-29 16:55:45 -08:00
Frédéric Guillot
246a48359c Do not follow redirects when trying known feed URLs 
Some websites redirects unknown URLs to the home page.
As result, the list of known URLs is returned to the subscription list.
We don't want the user to choose between invalid feed URLs.
 2020-11-06 17:46:54 -08:00
Frédéric Guillot
2f3708d40c Do not use charset.NewReader if the body is a valid UTF-8 document 2020-10-30 23:00:05 -07:00
Lee Tang
46c13b5185
Restore the ability to use a proxy for all HTTP requests 
The default transport was changed in commit 0d66f2c and the proxy feature was forgotten.

- https://golang.org/src/net/http/transport.go#L43
- https://golang.org/pkg/net/http/#ProxyFromEnvironment
 2020-10-30 19:03:41 -07:00
Frédéric Guillot
16b7b3bc3e http client: remove dependency on global config options 2020-09-27 14:37:46 -07:00
Frédéric Guillot
0d66f2c6d3 Tweak default HTTP client transport timeout values 
Reducing these values avoid going over the max number of file descriptors when refreshing lot of feeds
 2020-09-27 13:20:48 -07:00
Frédéric Guillot
04c4890124 API: Add the possibility to filter entries by a list of statuses 2020-09-12 21:35:18 -07:00
Kebin Liu
cf7712acea
Add HTTP proxy option for subscriptions 2020-09-09 23:28:54 -07:00
Frédéric Guillot
c1e3783272 Revert "Set SameSite cookie attribute to Strict" 
This reverts commit 5ac55518ab.

Google Authentication doesn't work when Cookies are using strict mode.
 2020-08-10 18:51:40 -07:00
Frédéric Guillot
5ac55518ab Set SameSite cookie attribute to Strict 2020-08-05 21:31:32 -07:00
Frédéric Guillot
6c6ca69141 Add feed option to ignore HTTP cache 2020-06-05 22:04:52 -07:00
Savely Krasovsky
454eb590ce
Remove child-src CSP policy (deprecated) 2020-03-31 19:50:25 -07:00
Frédéric Guillot
7a397c3d13 Change default theme to "system_serif" 2020-03-19 20:53:53 -07:00
Frédéric Guillot
3debf75eb9 Normalize URL query string before executing HTTP requests 
- Make sure query strings parameters are encoded
- As opposed to the standard library, do not append equal sign
for query parameters with empty value
- Strip URL fragments like Web browsers
 2019-12-26 15:56:59 -08:00
Frédéric Guillot
afe1faf214 Add theme variants 
- Use CSS variables instead of inherence
- Rename default theme to "Light - Serif"
- Rename Black theme to "Dark - Serif"
- Rename "Sans-Serif" theme to "Light - Sans Serif"
- Add "System" theme that use system preferences: Dark or Light
- Add Serif and Sans-Serif variants for each color theme
 2019-09-21 20:04:42 -07:00
Frédéric Guillot
ca48f7612a Ignore invalid content type 2019-09-18 22:32:29 -07:00
Peter De Wachter
937492f6f5 Do not buffer responses in the image proxy 
The image proxy buffered the whole image before sending it to the
browser. If the image is large and/or hosted on a slow server, this
caused a long delay before the user's browser could display anything.
 2019-09-10 20:43:44 -07:00
Frédéric Guillot
bb720c87c1 Make HTTP Client timeout and max body size configurable 2019-06-02 07:29:56 -07:00
Frédéric Guillot
04b6eb509c Rename session cookies 2019-01-21 20:26:46 -08:00
Peter De Wachter
15505ee4a2 Make UTF-8 the default encoding for XML feeds 
Consider the feed http://planet.haskell.org/atom.xml
- This is a UTF-8 encoded XML file
- No encoding declaration in the XML header
- No Unicode byte order mark
- Served with HTTP Content-Type "text/xml" (no charset parameter)

Miniflux lets charset.NewReader handle this. The charset package
implements the HTML5 character encoding algorithm, which, in this
situation, defaults to windows-1252 encoding if there are no UTF-8
characters in the first 1000 bytes. So for this feed, we get the wrong
encoding.

I inserted an explicit "utf8.Valid()" check, which fixes this problem.
 2019-01-02 21:05:05 -08:00
Frédéric Guillot
6ae935309a Ignore JSON feeds from EnsureUnicode() 2018-12-12 21:37:39 -08:00
Frédéric Guillot
82e08d0f69 Update XML encoding regex to take single quotes into consideration 2018-12-12 21:13:06 -08:00
Frédéric Guillot
f3bff76aa1 Make sure slice is not out of range when reading XML prolog 2018-11-24 12:17:00 -08:00
Frédéric Guillot
9f85f67031 Make sure the remote address is populated even when using unix socket 2018-11-11 16:42:30 -08:00
Frédéric Guillot
1ff9950a55 Remove charset=utf-8 from JSON responses 
See: https://www.iana.org/assignments/media-types/application/json
 2018-11-03 12:03:06 -07:00
Frédéric Guillot
ae1dc1a91e Handle more encoding conversion edge cases 2018-10-29 23:00:03 -07:00
Frédéric Guillot
5870f04260 Simplify feed parser and format detection 
- Avoid doing multiple buffer copies
- Move parser and format detection logic to its own package
 2018-10-14 11:46:41 -07:00
Frédéric Guillot
9dc38a0803 Add missing package descriptions for GoDoc 2018-10-08 17:32:17 -07:00
Frédéric Guillot
11dfcdd3d6 Fix typo in license header 2018-10-08 15:50:15 -07:00
Frédéric Guillot
1f58b37a5e Refactor HTTP response builder 2018-10-08 15:31:58 -07:00
Frédéric Guillot
9d08139f43 Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00