gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-30 19:19:03 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
10,634 Commits 41 Branches 349 Tags
Commit Graph

10634 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Elian Doran
467852191d
Merge pull request #966 from pano9000/fix_csrf-electron-httpOnly 
fix(csrf): add exception for electron for httpOnly cookie
 2025-01-17 18:36:02 +02:00
Panagiotis Papadopoulos
9382c278b3 fix(csrf): add exception for electron for httpOnly cookie 
it does not seem to like having httpOnly set in electron
 2025-01-17 17:26:52 +01:00
Panagiotis Papadopoulos
0e33395c47 chore(deps): remove now unused ts-node 2025-01-17 08:09:42 +01:00
Panagiotis Papadopoulos
00bdcfa803 chore(mermaid-elk): replace loader-register with tsx 
unnecessary "cross-env" also removed, as it wasn't even
used to set any env variables
 2025-01-17 08:05:42 +01:00
Panagiotis Papadopoulos
331dae4eb0 chore: delete unused loader-register file 2025-01-17 08:02:26 +01:00
Adorian Doran
faa4a5fcd8 client: update the markup for the "Available MIME types" check boxes 2025-01-17 01:36:54 +02:00
Adorian Doran
e8f6f68987 style(next): disable text selection for check boxes and radio buttons 2025-01-17 01:24:34 +02:00
Adorian Doran
07dd8995b6 style(next): overhaul the check / uncheck animation for radio buttons 2025-01-17 01:22:09 +02:00
Adorian Doran
4c84bc724d style(next): refactor 2025-01-17 01:06:25 +02:00
Adorian Doran
2773d560b9 style(next): enforce left padding for radios and check boxes 2025-01-17 01:00:19 +02:00
Adorian Doran
a2a9bee7eb style(next): rename some variables 2025-01-17 00:58:11 +02:00
Panagiotis Papadopoulos
748e30b63c chore(scripts): use tsx for webpack 2025-01-16 23:52:51 +01:00
Adorian Doran
398591fb1f style(next): restyle check boxes 2025-01-17 00:51:26 +02:00
Panagiotis Papadopoulos
76a0bffcc3 chore(scripts): remove unnecessary cross-env 2025-01-16 23:08:57 +01:00
Adorian Doran
fe539b1647 style(next): tweak the colors of the radio buttons 2025-01-16 23:39:18 +02:00
Caleb Norton
b8f15d2fe3
Fix parent share link 2025-01-16 15:28:30 -06:00
Elian Doran
b2e1a3e97a
Merge pull request #961 from pano9000/fix-csrf-settings 
fix(csrf): set more secure csrf related settings
 2025-01-16 23:03:43 +02:00
Panagiotis Papadopoulos
5f605b3a91 fix(csrf): set more secure cookieOptions settings 
- `sameSite` - previous setting inherited from csurf was to simply not set it at all, which makes all browser nag in their dev console output.
They will default to "Lax" for these type of cookies in the future.
We can even use "strict" here though for our use case:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

- `httpOnly`: should be enabled for the csrf cookie as well
for the session cookie it already is enabled.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#httponly
 2025-01-16 21:40:12 +01:00
Panagiotis Papadopoulos
ec19ccd7a7 fix(csrf): stop leaking the CSRF token in the server logs 
As per OWASP:
"A CSRF token must not be leaked in the server logs or in the URL.", see:
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#transmissing-csrf-tokens-in-synchronized-patterns
 2025-01-16 21:16:33 +01:00
Elian Doran
283a12b0d5
Merge pull request #960 from pano9000/fix_csrf-csrf_existing_cookie 
fix(csrf): fix handling of existing _csrf cookies
 2025-01-16 21:53:09 +02:00
Panagiotis Papadopoulos
139bf3dcdf fix(csrf): use generateCsrfToken with more "user friendly" settings 
fixes the case, where existing TriliumNext users, will get
a "Invalid CSRF Token" Message, when they have an older
_csrf token in their cookies from a previous installation/visit.
the settings now will handle these cases in the background automatically.

also fixes #950
 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
6dd8ab31d5 refactor(csrf): export generateToken utility 2025-01-16 20:14:23 +01:00
Panagiotis Papadopoulos
e3d89ce2a5 refactor(csrf): move csrf to own file 2025-01-16 20:14:23 +01:00
Adorian Doran
15dbaf441d style(next): restyle radio buttons 2025-01-16 18:51:35 +02:00
Elian Doran
edc6b983ac
Merge remote-tracking branch 'origin/master' into develop 2025-01-16 18:36:35 +02:00
Elian Doran
d684440c1f
fix(client): undefined entity in some cases 2025-01-16 18:36:29 +02:00
Elian Doran
1e182f5820
chore(client/ts): port mermaid 2025-01-16 18:20:23 +02:00
Elian Doran
5ca876ca62
fix(mobile): force grouping in editing toolbar 2025-01-16 16:41:52 +02:00
Elian Doran
187ef60350
feat(mobile): disable overscroll for toolbar 2025-01-16 16:32:47 +02:00
Elian Doran
706b011b23
feat(mobile): enforce classic editor 2025-01-16 16:29:51 +02:00
Elian Doran
6f2538a070
feat(mobile): hide editing toolbar on non-text note 2025-01-16 16:14:37 +02:00
Elian Doran
6caddc8004
fix(mobile): position of editing toolbar on tablet mode 2025-01-16 16:09:11 +02:00
Elian Doran
0cab891d2e
chore(client/ts): port classic_editor_toolbar 2025-01-16 15:51:58 +02:00
Elian Doran
1d6e3af9aa
fix(mobile): position of editing toolbar 2025-01-16 15:48:56 +02:00
Elian Doran
c8b745bc6a
Merge pull request #952 from TriliumNext/renovate/node-22.x 
chore(deps): update dependency @types/node to v22.10.7
 2025-01-16 10:49:07 +02:00
Elian Doran
d1be673763
Merge pull request #953 from TriliumNext/renovate/better-sqlite3-11.x-lockfile 
fix(deps): update dependency better-sqlite3 to v11.8.0
 2025-01-16 10:45:59 +02:00
Elian Doran
2fbfc9d668
Merge pull request #946 from TriliumNext/renovate/electron-34.x 
chore(deps): update dependency electron to v34
 2025-01-16 10:43:33 +02:00
Nriver
5ea3e67dc3 remove unused param 2025-01-16 14:18:01 +08:00
Nriver
4b7445be8e fix compatibility for old encrypted data 2025-01-16 14:01:59 +08:00
renovate[bot]
a9570965f1
fix(deps): update dependency fs-extra to v11.3.0 2025-01-16 00:57:03 +00:00
renovate[bot]
b77f8aeb43
fix(deps): update dependency better-sqlite3 to v11.8.0 2025-01-16 00:56:43 +00:00
renovate[bot]
01b88c52ef
chore(deps): update dependency @types/node to v22.10.7 2025-01-16 00:56:32 +00:00
Elian Doran
4c451753bc
chore(build): remove redundant npx 2025-01-15 19:11:26 +02:00
Elian Doran
7076c4cbd6
chore(deps): update better-sqlite3 to 11.8.0 2025-01-15 19:11:05 +02:00
Nriver
9d32cd36ee Fix default ivLength in dump-db tool 2025-01-15 10:16:04 +08:00
renovate[bot]
0eab68e8d1
chore(deps): update dependency electron to v34 2025-01-15 02:07:18 +00:00
Adorian Doran
edd39ad0db style(next): fix the quick search box 2025-01-15 02:59:55 +02:00
Adorian Doran
c2dbf0a463 style(next): fix the note title text box 2025-01-15 02:44:28 +02:00
Adorian Doran
896d7a383b style(next): tweak combo boxes 2025-01-15 02:31:49 +02:00
Adorian Doran
a184d5bb26 client: use combo box-like dropdown buttons in the "Basic Properties" widget 2025-01-15 02:14:56 +02:00