Don't stop the polling thread and attempt cleanup
when the thread is no longer alive; just avoid
logging warnings and other noise.
Demote a couple warning logs to info since
they are neither critical nor actionable.
Change-Id: Ibe8e8491723f1beeaea03a6e935d606b01e275f0
This reverts commit 1d9a9e834a. This
commit meant that if you hit CSP violations, then 'make run' hides those
problems and you need a full 'docker' (or similar) setup to see the
problem, where it's much more painful to debug it.
See commit 6e0d1ad707 (document signing:
whitelist CSP frame-src for doc sign endpoint URL, 2018-12-05) for a
real-world example where this happened.
Change-Id: Idc14496463f6decd0ad64c3b31758b4f532d66e6
Reviewed-on: https://gerrit.libreoffice.org/65549
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Miklos Vajna <vmiklos@collabora.com>
If document signing is enabled in loolwsd.xml, then explicitly whitelist
iframe creation towards the doc sign endpoint server, to avoid
> Refused to frame '...' because it violates the following Content Security Policy directive: "frame-src 'self' blob:".
Note that this happened only in non-debug builds, as we currently don't
send eny Content Security Policy headers in debug builds.
Change-Id: Iee2a0644d67d5803ab3f5c636b8e960fa619792f
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.
The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).
Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
Beforehand, any host could embed the iframe as the Referer was always allowed.
Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.
X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.
Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
If the document-container has an explicit style attribute, then this
breaks Calc (only Writer was tested before). This restores the correct
Writer/Calc/Impress behavior when the setting is false and keeps correct
behavior with Writer when the setting is true.
Change-Id: I310660e88af4407e521529ec41b5dcb604108bd9
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.
JS can dynamically query if the menu item should be there, similar to
the about dialog.
Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
These are copy-constructed from a const reference but are only used as
const reference; make them a const reference.
Change-Id: Id193905b65224c2db4aab88999a92e60d3af3fdf
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.
auth required pam_unix.so
account required pam_unix.so
Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
The form.get function is something like this:
const std::string& get(const std::string& abc) { return abc; }
passing a string literal implicitly gets converted to temporary
std::string whose reference is then returned and used. This causes
crash, atleast for me, on building online with GCC 7
Change-Id: I09d0aeea57a3dbeeefd1bb28ff645723714aa6b4
Reviewed-on: https://gerrit.libreoffice.org/46727
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 75c2147b7f)
Reviewed-on: https://gerrit.libreoffice.org/46730
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
