ekzyis
/
stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,583 Commits 4 Branches 0 Tags 72 MiB
Commit Graph

20 Commits

Author SHA1 Message Date
ekzyis 4340a82a62
Allow video uploads (#1399) 
* Allow video uploads

* fix video preview

---------

Co-authored-by: k00b <k00b@stacker.news>
 2024-09-13 09:26:08 -05:00
Keyan 15b038cd78
refactor embeds to be reused (#1368) 
* refactor embeds to be reused

* adjust the meaning of settings for embeds

* add wavlake embed (close #1359)

* add spotify embed (closes #1360)

* fix 'format' appearing in srcSet

* add nostr embed

* refine nostr embed

* Update components/media-or-link.js

Co-authored-by: ekzyis <ek@stacker.news>

* Update pages/settings/index.js

Co-authored-by: ekzyis <ek@stacker.news>

* ek suggestions

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-09-07 12:07:10 -05:00
k00b 5a00f7b825 allow video in CSP 2024-09-04 09:58:05 -05:00
ekzyis a7066a34cd
Use default-src 'self' a.stacker.news (#1349) 
This should fix CSP errors in Firefox because scripts fetched via <link rel="prefetch"> don't use script-src.
 2024-09-02 12:58:14 -05:00
ekzyis 17da24ce24
Add a.stacker.news to script-src (#1339) 2024-08-28 09:33:26 -05:00
ekzyis ccbc28322e
Add wasm-unsafe-eval to CSP for LNC (#1313) 2024-08-18 17:20:46 -05:00
Keyan 3bada4b5da
new referral scheme (#1255) 
* capture/store data for new referral scheme

* simplify signup/forever referral rules

* no self-referrals and other fixes

* better post/comment distinction and support /items/1/related
 2024-07-07 11:12:02 -05:00
Tom 4fe920d12b
Handle Peertube Embeds (#1223) 
* Handle peertube embeds

* Permit full screen for Rumble and PeerTube

* Use sandbox='allow-scripts' for iframes

* Restore frame-src domains

* Use endsWith

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-06-20 11:28:25 -05:00
Tom 52f57f8ac5
Embed Rumble Video (#1191) 
* Render Rumble video in preview and posts

* Display Rumble video

* Remove workspace

* Add util function

* Use searchParam for id

* Update check for Rumble

* Update youtube match strings

* fix hostname conditions

---------

Co-authored-by: keyan <keyan.kousha+huumn@gmail.com>
 2024-05-28 08:18:32 -05:00
ekzyis 98a27caaa9
Allow http: and ws: in dev CSP (#1126) 
* Allow HTTP in dev build

* Also allow ws://
 2024-05-03 14:17:10 -05:00
ekzyis 0434045f22 Refactor dev CSP logic 
always uses string concatentation now
 2024-03-29 15:35:25 +01:00
ekzyis b7893634ac Fix CSP commented out in middleware 2024-03-29 15:27:51 +01:00
keyan 9820055aee refine hiding bottom navbar when virtual keyboard opens 2024-03-28 18:18:44 -05:00
keyan f2ba61e64b enhance navigation 2024-03-26 18:36:31 -05:00
Keyan 23ee62fb21
add sndev shell script and enhance docker compose local dev 
* add hot reloading worker:dev script

* refine docker config

* sndev bash script and docker reliability stuff

* make posix shell

* restart: always -> unless-stopped

* proper check for postgres health

* add db seed to sndev

* refinements after fresh builds

* begin adding regtest network

* add changes to .env.sample

* reorganize docker and add static certs/macroon to lnd

* copy wallet and macaroon dbs for deterministic wallets/macaroons

* fix perms of shared directories

* allow debian useradd with duplicate id

* add auto-mining

* make bitcoin health check dependent on blockheight

* open channel between ln nodes

* improve channel opens

* add sndev payinvoice

* add sndev withdraw

* ascii art

* add sndev status

* sndev passthrough to docker and containers

* add sndev psql command

* remove script logging

* small script cleanup

* smaller db seed

* pin opensearch version

Co-authored-by: ekzyis <ek@stacker.news>

* pin opensearch dashboard

Co-authored-by: ekzyis <ek@stacker.news>

* add sndev prisma

* add help for all commands

* set -e

* s3 and image proxy with broken name resolution

* finally fully working image uploads

* use a better diff algo

---------

Co-authored-by: ekzyis <ek@stacker.news>
 2024-03-13 09:04:09 -05:00
keyan 2d20d1a8aa new email welcome gif 2024-03-04 21:00:28 -06:00
ekzyis 30bc3b612a
Fix comment (unsafe-eval isn't used in prod) (#825) 2024-02-14 08:45:00 -06:00
ekzyis bff9342272
Allow blob: scheme (#817) 2024-02-13 16:11:34 -06:00
ekzyis fc18a917e3
Add Content Security Policy headers (#805) 
* Basic CSP with unsafe-inline, unsafe-eval

* Allow 'self' for img-src and connect-src

Apparently, there is a bug for Chrome on iOS if connect-src does not allow 'self'.

See known issues at https://caniuse.com/contentsecuritypolicy

* Use nonces for strict CSP

* More CSP comments

* Add frame-ancestors directive

* Add more useful headers

* Add HSTS header

* Allow youtube and twitter embeds

For some reason, www.youtube.com is enough. It also works for youtube.com and youtube-nocookie.com.

For twitter embeds from twitter.com or x.com, platform.twitter.com is enough.

* Allow CDN and media domain in CSP

* Only allow unsafe-eval in dev build

* Ignore _next/webpack-hmr in middleware
 2024-02-13 13:10:06 -06:00
keyan 41226245c5 referrals 2022-12-19 16:27:52 -06:00