iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,735 Commits 7 Branches 89 Tags
dca012f0b72b094dcdb5b5136cb05a279164086f
Commit Graph

58 Commits

Author SHA1 Message Date
Adam Williams
dca012f0b7 Use SameSite=strict cookies consistently (#1450) 2017-10-20 15:31:46 +01:00
Phansa
3189ce7f8a Welcome to 2017 
Welcome to 2017

temp

temp2
 2017-03-12 20:34:26 -04:00
Alexey Sokolov
6fbab7b44c Add CIDR support to TrustedProxy setting 
Fix #1219
 2016-12-25 13:00:02 +00:00
Latchezar Tzvetkoff
a9a7f17910 Allow modules to override CSRF protection. 
Useful for Web APIs and all other kinds of things.

API changes:
	- Added public CHTTPSock::GetURI() method
	- Added public CModule::ValidateWebRequestCSRFCheck() method
	- Made CWebSock::GetCSRFCheck() method public so it can be accessed
	  from CModule
	- Added public CWebSock::ValidateCSRFCheck() method

Other changes:
	- Added a Sample Web API module (modules/samplewebapi.cpp) and a
	  simple web form with no CSRF check.

Implements feature request #1180.
 2016-10-05 09:29:40 +01:00
Falk Seidel
8f73840e74 Welcome to 2016 
🎆  Happy 2016 🎆
 2016-01-01 20:11:21 +01:00
Alexey Sokolov
a8cd5625bc Merge branch '1.6.x' 2015-12-30 16:13:58 +00:00
Alexey Sokolov
901ead89d5 Fix 404 when accessing web UI with the prefix, but without ending / 
Thanks, txtsd
 2015-12-30 16:13:19 +00:00
Alexey Sokolov
d185d6f22d clang-format: switch tabs to spaces 
I like tabs, but I have to admit that spaces make source code more
consistent, because every editor/viewer tends to render tabs differently :(
 2015-12-07 00:53:30 +00:00
Alexey Sokolov
3861b6a583 Fix several comments broken by clang-format 2015-12-07 00:53:01 +00:00
Alexey Sokolov
33b0627d75 Add clang-format configuration. 
For now, it uses tabs like before, to make the diff easier to read/check.
One of following commits will switch it to spaces.
 2015-12-07 00:53:01 +00:00
RealRancor
41f83e8de4 Set HttpOnly for session cookie 2015-09-11 16:51:07 +02:00
J-P Nurmi
21ed56f46a Prefer EndsWith(s) over Right(n) == s 2015-08-14 13:52:12 +02:00
J-P Nurmi
4995e7517e Prefer StartsWith(s) over Left(n) == s 2015-08-14 13:51:44 +02:00
J-P Nurmi
d39b20b505 Fix sources to include their respective header 2015-07-14 19:05:23 +02:00
Alexey Sokolov
f909dc568a Merge branch '1.6.x' 2015-07-07 20:08:01 +01:00
Pavel Djundik
3bc7b820ac Don't print local ip address on 404 page, fixes #944 
(cherry picked from commit 01279a4efa)
 2015-07-07 20:07:02 +01:00
Alexey Sokolov
144f7984e4 Don't require CSRF token for POSTs if the request uses HTTP Basic auth. 
See #946
 2015-04-16 20:57:29 +01:00
Alexey Sokolov
7719213ea6 Merge branch '1.6.x' 2015-04-16 20:32:58 +01:00
Alexey Sokolov
7c64eba693 Last commit broke async auth, e.g. via imapauth. Fix it. 
See #946
 2015-04-16 20:31:31 +01:00
Alexey Sokolov
0b205db494 Merge branch '1.6.x' 2015-04-16 01:24:43 +01:00
Alexey Sokolov
eedcd4c4de Fix rare conflict of HTTP-Basic auth and cookies. 
Fix #946
 2015-04-16 01:21:57 +01:00
Alexey Sokolov
e61ee6096f Merge pull request #907 from jpnurmi/weffc++ 
Use member initialization lists [-Weffc++] (#270)
 2015-03-01 12:58:50 -08:00
J-P Nurmi
1d09b41540 Last batch of C++11 range-based for loops (#816) 2015-03-01 21:36:28 +01:00
J-P Nurmi
1d2650d450 Use member initialization lists [-Weffc++] (#270) 2015-03-01 15:00:10 +01:00
J-P Nurmi
5a338d91cb CHTTPSock: C++11 range-based for loops 2015-02-26 09:31:35 +01:00
J-P Nurmi
00b1a7eedf Use CString::StartsWith() 
Replace the use of deprecated CString::Equals(str,bool,int) by
CString::StartsWith(str,cs) which is more pleasant to read.
 2015-02-18 00:42:25 +01:00
Falk Seidel
2e29d49a53 Welcome to 2015 2014-12-31 11:28:38 +01:00
Alexey Sokolov
a0ec20b110 Fix HTTP basic auth. 
It looks like it was broken since we implemented cookies...
 2014-12-30 21:35:39 +00:00
J-P Nurmi
b822ea8e16 Fix #725: CHTTPSock memory leak - missing deflateEnd() call 2014-10-29 00:19:40 +01:00
J-P Nurmi
ef4caae6d1 const correctness fixes 2014-10-03 09:14:12 +02:00
Alexey Sokolov
2a656f539d If web requests starts not with URI prefix, redirect to root of the prefix 
Before it shown the right result even with wrong path (without prefix),
but it worked only with ZNC directly, not via reverse proxy.

Now it won't work with ZNC directly too.
 2014-06-10 21:55:38 +01:00
uu1101
f6a881eeb2 Redirect to URIPrefix for paths outside the prefix 2014-02-16 12:45:10 +01:00
uu1101
c0974d9910 Don't support relative redirects 2014-02-16 12:45:10 +01:00
uu1101
d796fc8312 Add prefix on redirects and strip it on requests 2014-02-16 12:45:09 +01:00
uu1101
88c85b0396 Add URIPrefix listener option 2014-02-16 12:45:09 +01:00
Falk Seidel
f19b4caa43 Welcome to 2014 - year 10 with ZNC 2013-12-31 10:10:55 +01:00
Alexey Sokolov
3e56f093f2 X-Forwarded-For: verify the whole chain, from the end 2013-11-14 22:37:36 +04:00
Alexey Sokolov
ccbc469168 Merge commit 'refs/pull/349/head' of github.com:znc/znc 2013-11-14 08:27:50 +04:00
Martin Nowack
eda4426085 Request secure cookie transmission for HTTPS 
If cookies are not marked as secure, they can be sent
back by the client on unencrypted channels, disclosing
information. With this fix, clients are requested to
send cookies back on a secure channel in case HTTPS is
used.
 2013-08-01 15:14:54 +02:00
Alexey Sokolov
b2dcad5fd4 Change ZNC license to Apache 2.0 
The following people agreed with the change, in alphabetical order:
(people who approved in several ways are listed only once)
By email:
- Adam (from Anope)
- Austin Morton
- Brian Campbell
- Christian Walde
- Daniel Holbert
- Daniel Wallace
- Falk Seidel
- Heiko Hund
- Ingmar Runge
- Jim Hull
- Kyle Fuller
- Lee Aylward
- Martin Martimeo
- Matt Harper
- Michael J Edgar
- Michael Ziegler
- Nick Bebout
- Paul Driver
- Perry Nguyen
- Philippe (cycomate)
- Reuben Morais
- Roland Hieber
- Sebastian Ramacher
- Stefan Rado
- Stéphan Kochen
- Thomas Ward
- Toon Schoenmakers
- Veit Wahlich
- Wulf C. Krueger

By IRC:
- CNU
- Jonas Gorski
- Joshua M. Clulow
- Prozac/SHiZNO
- SilverLeo
- Uli Schlachter

At https://github.com/znc/znc/issues/311 :
- Alexey Sokolov
- Elizabeth Myers
- flakes
- Jens-Andre Koch
- Jyzee
- KindOne/ineedalifetoday
- Lee Williams
- Mantas Mikulėnas
- md-5
- Reed Loden

At the last few pull requests' comments:
- Allan Odgaard
- Jacob Baines
- Lluís Batlle i Rossell
- ravomavain
- protomouse

The following commits' authors didn't respond:
Trivial changes:
- f70f1086fd
- 4ca8b50e45

The changes which are not presented in master anymore:
- 5512ed2ea0
- 960a4498f7
- 0f739de2c0
- 7f53cc810b

Fix #311
Fix #218
 2013-06-14 00:43:34 +04:00
Alexey Sokolov
99895c77df Rewrite printing timestamps in znc -D 
Previous commit doing it was 0f739de2c0
 2013-06-04 23:13:17 +04:00
Alexey Sokolov
6569508522 Merge commit 'refs/pull/306/head' of github.com:znc/znc 2013-05-12 08:59:01 +04:00
Siyo
7ee853afaa Fixed redundant removal of trailing spaces 2013-05-10 15:02:21 +02:00
Siyo
3d5ba6af3e Whitelisted X-Forwarded-For header support 2013-05-10 14:19:58 +02:00
Ingmar Runge
b0101a6df1 Get rid of empty CHTTPSock::WriteFileGzipped method if there's no zlib. It's still in the header, but this does not have any negative side effects. 2013-03-10 00:28:19 +01:00
Ingmar Runge
ea94795646 HTTPSock: Gzip compression for static files (text/* mime types + files 
with .js extension) and dynamic HTML responses (if gzip is available and
the compression method is supported by the requesting HTTP client).
 2013-03-08 09:49:45 +01:00
KindOne
2db7307ac3 Remove unneeded headers. 2013-03-08 01:47:57 +07:00
Un1matr1x
3a34593359 The same procedure as last year, Miss sophie? 
Same procedure as every year, James.
 2012-12-31 12:44:31 +01:00
Kyle Fuller
67299ebfa8 Fix a bunch of conversion warnings #197 2012-08-14 19:31:14 +07:00
Alexey Sokolov
62c9ac1a0b using in headers is evil :( 2012-07-26 20:46:11 +07:00