mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-03-08 17:36:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,817 Commits 3 Branches 84 Tags
722c0cb8b255e700282e080fde4aec241e7ccfa3
Commit Graph

396 Commits

Author SHA1 Message Date
Alexandre Alapetite
e6fd34bdda CSRF token, update HTTP Referrer policy to same-origin 
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer
https://github.com/FreshRSS/FreshRSS/issues/570
https://github.com/FreshRSS/FreshRSS/issues/955
https://github.com/FreshRSS/FreshRSS/issues/1198
https://github.com/FreshRSS/FreshRSS/issues/565
https://github.com/FreshRSS/FreshRSS/issues/554
 2016-08-13 17:49:31 +02:00
Alexandre Alapetite
40f1873de7 OPML compatibility PHP 5.3 
https://github.com/FreshRSS/FreshRSS/issues/1202
https://github.com/FreshRSS/FreshRSS/pull/1206
 2016-08-12 18:43:32 +02:00
Alexandre Alapetite
2c92860310 Minor quotes 2016-08-11 23:13:28 +02:00
Alexandre Alapetite
29d7918588 Support for OPML 2.0 category attribute 
https://github.com/FreshRSS/FreshRSS/issues/1202
 2016-08-11 22:44:42 +02:00
Alexandre Alapetite
6266b86998 Apache Etag issue 
A -gzip suffix seems to be added and not removed somewhere in the Apache
+ PHP7 stack, which caused the caching to fail (the 304 Not Modified
responses were not working anymore).
Related to https://bz.apache.org/bugzilla/show_bug.cgi?id=39727
 2016-08-07 20:33:34 +02:00
Alexandre Alapetite
17c3e616e8 Merge pull request #1187 from Alkarex/remove_persona 
Remove Mozilla Persona login
 2016-08-01 18:07:03 +02:00
Alexandre Alapetite
c1548e732d Remove Mozilla Persona login 
https://github.com/FreshRSS/FreshRSS/issues/1052
 2016-07-31 14:58:19 +02:00
Alexandre Alapetite
fe18d12551 Update MySQL to utf8mb4 (full unicode) 🔥 
* Requires MySQL 5.5.3+ (drop support for MySQL 5.0)
* Requires PHP 5.3.3+ (drop support for PHP 5.3.0)
https://github.com/FreshRSS/FreshRSS/issues/789#issuecomment-73878076
 2016-07-30 18:45:34 +02:00
Alexandre Alapetite
0d937741f9 Merge branch 'FreshRSS/dev' into dev 2016-05-01 00:08:02 +02:00
Alexandre Alapetite
8ae96d000a SimplePie trim 
https://github.com/FreshRSS/FreshRSS/issues/1142
 2016-04-30 23:53:23 +02:00
Alexandre Alapetite
ae6ade25d5 Merge branch 'http2_headers' into dev 2016-04-23 22:03:07 +02:00
Alexandre Alapetite
f3696784ea Favicon array bug 
Case problem and isset check
 2016-04-23 21:35:09 +02:00
Alexandre Alapetite
b042d3a772 HTTP2 optimization 
Fast flush HTTP headers, push promise CSS.
Requires PHP 5.3+ due to anonymous function.
Do not load syles, scripts, and notifications for Ajax requests.
https://github.com/FreshRSS/FreshRSS/issues/1089
 2016-04-23 19:10:32 +02:00
Alexandre Alapetite
ba9f4461d8 Secure cookie HTTPS 2016-03-08 19:00:04 +01:00
Alexandre Alapetite
9d1f35d4b8 OPML bug import not using title 
Fix https://github.com/FreshRSS/FreshRSS/issues/1048
 2016-03-06 17:04:21 +01:00
Alexis Degrugillier
e265c94319 Fix url ending 2016-03-06 14:26:20 +01:00
Alexandre Alapetite
9e2e5fd594 SimplePie force HTTPS simplifie code 
https://github.com/FreshRSS/FreshRSS/issues/1083
https://github.com/FreshRSS/FreshRSS/pull/1087
 2016-03-01 19:48:52 +01:00
Alexandre Alapetite
c1de11f17d SimplePie force HTTPS bug with sub-domains 
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-03-01 19:14:26 +01:00
Alexandre Alapetite
0eef625b6d SimplePie force HTTPS for enclosures 
https://github.com/FreshRSS/FreshRSS/issues/1083
https://github.com/FreshRSS/FreshRSS/pull/1087
 2016-02-29 20:38:21 +01:00
Alexandre Alapetite
1e644b6470 Merge pull request #1087 from Alkarex/HTTPS_Everywhere 
Force HTTPS for selected embed providers
 2016-02-29 17:47:05 +01:00
Alexandre Alapetite
685c0ad2f8 SimplePie HTTPS updated comments 
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-02-29 17:20:23 +01:00
Alexandre Alapetite
d344da59fd HTTPS search tree: simplify code 
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-02-29 17:09:44 +01:00
Alexandre Alapetite
9711f02db7 SimplePie Force HTTPS custom list domains 
Load from data/force-https.default.txt and data/force-https.txt
Efficient tree structure to search the domains
https://github.com/FreshRSS/FreshRSS/pull/1087
 2016-02-28 21:34:54 +01:00
Alexandre Alapetite
3b2f9533c3 Merge pull request #1078 from Alkarex/CSP-no-inline 
Content-Security-Policy
 2016-02-28 12:13:19 +01:00
Alexandre Alapetite
bd47d14a53 json_decode fallback bug 2 2016-02-24 21:20:37 +01:00
Alexandre Alapetite
9adbd2ba9b json_decode fallback debug 
https://github.com/FreshRSS/FreshRSS/issues/1092
 2016-02-24 21:16:21 +01:00
Alexandre Alapetite
9d4a445758 Work in progress HTTPS 2016-02-24 21:08:24 +01:00
Alexandre Alapetite
1f7647f4df Merge branch 'HTTPS_Everywhere' of https://github.com/Alkarex/FreshRSS into HTTPS_Everywhere 2016-02-22 20:18:53 +01:00
Alexandre Alapetite
0f870e800b Avoid prototol-relative URLs 
Protocol-relative URLs do not seem to work well with API / mobile apps
 2016-02-22 20:18:11 +01:00
Alexandre Alapetite
74ef8d9b15 SimplePie force HTTPS, another approach 
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-02-22 08:51:02 +01:00
Alexandre Alapetite
4a9a7404bc Syntax error 2016-02-21 22:45:54 +01:00
Alexandre Alapetite
bd0facbb73 HTTPS SimplePie experiment 
Syntax bug
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-02-21 22:42:30 +01:00
Alexandre Alapetite
83e58d3759 Experiment with forcing HTTPS for selected embed providers 
YouTube, DailyMotion, Tumblr
https://github.com/FreshRSS/FreshRSS/issues/1083
 2016-02-21 22:19:07 +01:00
Alexandre Alapetite
5a80127140 Filter out img sizes 
https://github.com/FreshRSS/FreshRSS/issues/1077
https://github.com/FreshRSS/FreshRSS/issues/1081
 2016-02-21 00:36:30 +01:00
Alexandre Alapetite
86e113ba80 Filter-out img srcset for the time being 
https://github.com/FreshRSS/FreshRSS/issues/1077
 2016-02-17 00:19:49 +01:00
Alexandre Alapetite
e4a459a6ed CSP no inline javascript draft 
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-16 23:53:39 +01:00
Alexandre Alapetite
dfd0b9e935 Note about PHP 5.2 
https://github.com/FreshRSS/FreshRSS/issues/1055
 2016-01-26 19:34:23 +01:00
Alexandre Alapetite
af94273913 More PHP 5.2 install compatibility 
https://github.com/FreshRSS/FreshRSS/issues/1055
 2016-01-25 21:05:35 +01:00
Alexandre Alapetite
d4a2f6e313 Compatibility PHP 5.2 with array_replace_recursive 
https://github.com/FreshRSS/FreshRSS/issues/1055
https://github.com/FreshRSS/FreshRSS/pull/926
https://github.com/FreshRSS/FreshRSS/issues/923
 2016-01-24 10:18:45 +01:00
Alexandre Alapetite
bfae186e36 Use HTTP_X_FORWARDED_ 
https://github.com/FreshRSS/FreshRSS/issues/975
 2015-11-03 20:23:30 +01:00
Alexandre Alapetite
189e790f32 Minz cookie session httpOnly 
https://github.com/FreshRSS/FreshRSS/issues/924
https://github.com/FreshRSS/FreshRSS/pull/936/files#r35948311
 2015-07-31 11:26:57 +02:00
Alexandre Alapetite
760ec5f223 Whitespace 2015-07-31 00:17:32 +02:00
Alexandre Alapetite
59daed3d4e Minz slight change in session cookie path 
https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403
 2015-07-31 00:12:55 +02:00
Alexandre Alapetite
f7190c34e1 Minz session cookie path bug 
https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403
 2015-07-30 23:42:28 +02:00
Marien Fressinaud
6dbe33c51e Don't hide errors in configuration 
Fix https://github.com/FreshRSS/FreshRSS/issues/920
 2015-07-29 07:59:05 +02:00
Marien Fressinaud
c1a44a8761 Load configuration by recursion 
- Remove Minz_Configuration::$data_default
- Default values are loaded first in $data
- $data values are replaced by values from config file

Fix https://github.com/FreshRSS/FreshRSS/issues/923
 2015-07-27 14:46:41 +02:00
Marien Fressinaud
339e32424f Add a simple test to detect if server is public 
If the server is not accessible by an external server, pubsubhubbub should be
disable.

See https://github.com/FreshRSS/FreshRSS/issues/865
 2015-07-23 12:38:22 +02:00
Marien Fressinaud
1e65fd687e Use filter_var in guessBaseUrl 
See https://github.com/FreshRSS/FreshRSS/issues/906
See https://github.com/FreshRSS/FreshRSS/pull/915/files#r35304704
 2015-07-23 11:38:56 +02:00
Marien Fressinaud
6db0941196 Fix unexpected behaviour in getBaseUrl 
- getBaseUrl() returns info from configuration only and always append
  the suffix
- add a guessBaseUrl() to extract base_url from $_SERVER info
- fix Url::display() to take this change in consideration

Fix https://github.com/FreshRSS/FreshRSS/issues/906
Use https://github.com/FreshRSS/FreshRSS/pull/910
 2015-07-23 10:05:32 +02:00
Marien Fressinaud
2e544d2c1a Merge branch 'baseUrl' of https://github.com/Alkarex/FreshRSS into 906-fix-getBaseUrl 2015-07-23 09:37:29 +02:00