ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,084 Commits 4 Branches 0 Tags
Commit Graph

21 Commits

Author SHA1 Message Date
soxa
1afadbdf3b
enhance: referral notifications with source (#1862) 
* wip: referral notification shows source of referral

* simpler approach for source info gathering

* fix territory representation; fix fragment field

* cleanup; fix UI

* better margin approach

* hotfix: null check

* add support for comments

* use Union to represent ReferralSource; clarify with switch statements

* cleanup: compact switch statement on Referral resolver

* wip use refereeLanding

* add comments; cleanup

* hotfix: backwards compatibility for Earnings calculation

* small copy and semantics changes

---------

Co-authored-by: Keyan <34140557+huumn@users.noreply.github.com>
Co-authored-by: k00b <k00b@stacker.news>
 2025-02-11 20:02:04 -06:00
ekzyis
4340a82a62
Allow video uploads (#1399) 
* Allow video uploads

* fix video preview

---------

Co-authored-by: k00b <k00b@stacker.news>
 2024-09-13 09:26:08 -05:00
Keyan
15b038cd78
refactor embeds to be reused (#1368) 
* refactor embeds to be reused

* adjust the meaning of settings for embeds

* add wavlake embed (close #1359)

* add spotify embed (closes #1360)

* fix 'format' appearing in srcSet

* add nostr embed

* refine nostr embed

* Update components/media-or-link.js

Co-authored-by: ekzyis <ek@stacker.news>

* Update pages/settings/index.js

Co-authored-by: ekzyis <ek@stacker.news>

* ek suggestions

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-09-07 12:07:10 -05:00
k00b
5a00f7b825 allow video in CSP 2024-09-04 09:58:05 -05:00
ekzyis
a7066a34cd
Use default-src 'self' a.stacker.news (#1349) 
This should fix CSP errors in Firefox because scripts fetched via <link rel="prefetch"> don't use script-src.
 2024-09-02 12:58:14 -05:00
ekzyis
17da24ce24
Add a.stacker.news to script-src (#1339) 2024-08-28 09:33:26 -05:00
ekzyis
ccbc28322e
Add wasm-unsafe-eval to CSP for LNC (#1313) 2024-08-18 17:20:46 -05:00
Keyan
3bada4b5da
new referral scheme (#1255) 
* capture/store data for new referral scheme

* simplify signup/forever referral rules

* no self-referrals and other fixes

* better post/comment distinction and support /items/1/related
 2024-07-07 11:12:02 -05:00
Tom
4fe920d12b
Handle Peertube Embeds (#1223) 
* Handle peertube embeds

* Permit full screen for Rumble and PeerTube

* Use sandbox='allow-scripts' for iframes

* Restore frame-src domains

* Use endsWith

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-06-20 11:28:25 -05:00
Tom
52f57f8ac5
Embed Rumble Video (#1191) 
* Render Rumble video in preview and posts

* Display Rumble video

* Remove workspace

* Add util function

* Use searchParam for id

* Update check for Rumble

* Update youtube match strings

* fix hostname conditions

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
 2024-05-28 08:18:32 -05:00
ekzyis
98a27caaa9
Allow http: and ws: in dev CSP (#1126) 
* Allow HTTP in dev build

* Also allow ws://
 2024-05-03 14:17:10 -05:00
ekzyis
0434045f22 Refactor dev CSP logic 
always uses string concatentation now
 2024-03-29 15:35:25 +01:00
ekzyis
b7893634ac Fix CSP commented out in middleware 2024-03-29 15:27:51 +01:00
keyan
9820055aee refine hiding bottom navbar when virtual keyboard opens 2024-03-28 18:18:44 -05:00
keyan
f2ba61e64b enhance navigation 2024-03-26 18:36:31 -05:00
Keyan
23ee62fb21
add sndev shell script and enhance docker compose local dev 
* add hot reloading worker:dev script

* refine docker config

* sndev bash script and docker reliability stuff

* make posix shell

* restart: always -> unless-stopped

* proper check for postgres health

* add db seed to sndev

* refinements after fresh builds

* begin adding regtest network

* add changes to .env.sample

* reorganize docker and add static certs/macroon to lnd

* copy wallet and macaroon dbs for deterministic wallets/macaroons

* fix perms of shared directories

* allow debian useradd with duplicate id

* add auto-mining

* make bitcoin health check dependent on blockheight

* open channel between ln nodes

* improve channel opens

* add sndev payinvoice

* add sndev withdraw

* ascii art

* add sndev status

* sndev passthrough to docker and containers

* add sndev psql command

* remove script logging

* small script cleanup

* smaller db seed

* pin opensearch version

Co-authored-by: ekzyis <ek@stacker.news>

* pin opensearch dashboard

Co-authored-by: ekzyis <ek@stacker.news>

* add sndev prisma

* add help for all commands

* set -e

* s3 and image proxy with broken name resolution

* finally fully working image uploads

* use a better diff algo

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-03-13 09:04:09 -05:00
keyan
2d20d1a8aa new email welcome gif 2024-03-04 21:00:28 -06:00
ekzyis
30bc3b612a
Fix comment (unsafe-eval isn't used in prod) (#825) 2024-02-14 08:45:00 -06:00
ekzyis
bff9342272
Allow blob: scheme (#817) 2024-02-13 16:11:34 -06:00
ekzyis
fc18a917e3
Add Content Security Policy headers (#805) 
* Basic CSP with unsafe-inline, unsafe-eval

* Allow 'self' for img-src and connect-src

Apparently, there is a bug for Chrome on iOS if connect-src does not allow 'self'.

See known issues at https://caniuse.com/contentsecuritypolicy

* Use nonces for strict CSP

* More CSP comments

* Add frame-ancestors directive

* Add more useful headers

* Add HSTS header

* Allow youtube and twitter embeds

For some reason, www.youtube.com is enough. It also works for youtube.com and youtube-nocookie.com.

For twitter embeds from twitter.com or x.com, platform.twitter.com is enough.

* Allow CDN and media domain in CSP

* Only allow unsafe-eval in dev build

* Ignore _next/webpack-hmr in middleware
 2024-02-13 13:10:06 -06:00
keyan
41226245c5 referrals 2022-12-19 16:27:52 -06:00