Commit Graph

1529 Commits

Author SHA1 Message Date
a10eb6420b More generic changes from 2to3 2019-01-26 16:19:26 +01:00
9875fd8537 Attempt to fix localhtmlvalidate
It was already broken and didn't work properly, but update to py3 and at
least make it run. More changes are necessary to actually make it happy
again.
2019-01-26 16:19:26 +01:00
e0fcc082ee Remove indexer for old archives
We have been using the new archives for many years now, so remove this
instead of trying to port it to python3.
2019-01-26 16:19:26 +01:00
07d83eae42 Update script shebangs to use python3 2019-01-26 16:19:26 +01:00
b7f0398c15 Fix unicode for hashlib operations 2019-01-26 16:19:26 +01:00
c6c0bf1948 Update print and input syntax for python 3 2019-01-26 16:19:26 +01:00
edad84b1d0 Fix base64 encodings 2019-01-26 16:19:26 +01:00
9b42500478 Import latest auth.py from pgeu as sample 2019-01-26 16:19:26 +01:00
a156829375 Generic unicode updates 2019-01-26 16:19:26 +01:00
7547b6f766 Update syntax for relative imports 2019-01-26 16:19:26 +01:00
142f0805c2 Update to new style exception catching 2019-01-26 16:19:26 +01:00
fdca701a76 Added "PostgreSQL for DBA volume 1..." to "Books" 2019-01-24 12:09:02 -05:00
5b5c251024 Fix accidentally reversed check 2019-01-17 22:20:37 +01:00
9f07717197 Fix silly typo 2019-01-17 21:30:01 +01:00
f91181fb13 Add a githook and a config file to run pep8 pre-commit 2019-01-17 21:26:41 +01:00
00ab822ea8 Fix deprecated comparison structs 2019-01-17 21:19:57 +01:00
e3ec36b50c Remove multi-statement lines, per pep8 2019-01-17 20:52:17 +01:00
833ef98757 Fix import order, per pep8 2019-01-17 20:49:33 +01:00
0883ac6423 Fix whitespace and indentation, per pep8 2019-01-17 20:47:43 +01:00
87237f6536 Tabs, meet your new overlords: spaces
In a quest to reach pep8, use spaces to indent rather than tabs.
2019-01-17 15:35:39 +01:00
b2ed494655 Redirect the user upon successful bug report submission
Previously the result page was rendered directly and if the user hit the
refresh button the bug woulb be duplicated. Instead redirect to a
results page (with the bug number) which can be freely refreshed.
2019-01-17 10:29:06 +01:00
240d21bf3d Create and track a mapping between bug ids and messageids
Not used yet (though a prototype redirect view is present) since we need
to populate it with data from the past, but with this we start
collecting the mapping for future bugs.
2019-01-17 10:29:06 +01:00
41f38d6105 Seems GA also needs data: urls sometimes 2019-01-17 10:29:06 +01:00
11367b14a3 Ensure font size for <h5> blocks are smaller than <h4>
<h5> was not explicitly set prior.
2019-01-11 16:16:11 -05:00
79253866e3 Add further indentation to variable lists to distinguish groups.
This was an regression introduced by the new styles that affects
readability of nested variables lists (e.g. on the message protocol
page). This brings the look more in line with the previous documentation
styles and should help with readability.
2019-01-09 10:31:46 -05:00
df278a084b Retain documentation version when navigating paginated links.
The old code always raised an exception as the variable being checked
was not defined at that point. Now, it checks the variable that one
expects to be set.
2019-01-06 16:32:02 -05:00
1d78793add Remove inline script from debian/ubuntu download page 2019-01-05 13:15:58 +01:00
9045e0bc22 Remove legacy onfocus event handler
This one goes back 10+ years and nobody really knows what it's for. And
it does create issues for the content security policy, so let's just get
rid of it.
2019-01-03 14:57:58 +01:00
b2771a29bb Allow framing google.com on account signup page
This is used for the recaptcha. Also enable this for oauth signups,
previously missed.
2018-12-29 11:49:57 +01:00
97da9cb69c Allow data: url for image and fonts
Turns out data: is not included in "*" for images, so just add it. For
fonts, data: is used by google fonts.
2018-12-29 11:25:43 +01:00
0e8feb6afe Allow google analytics to do "connect" as well
Based on CSP reports collected
2018-12-29 11:18:05 +01:00
ceb90c9d72 Fix unicode in error message about ssh keys
Caused an exception when somebody tried to upload an SSH key where the
*key type* contains non-ascii (this would normally be things like
"ssh-rsa", and there are definitely no legit key types outside the ascii
range, but we still shouldn't crash)
2018-12-26 12:45:17 +01:00
25860344de Remove inline styles from feature matrix generator.
This moves the HTML code generated for the filters into the Django
template, instead of the JavaScript portion.
2018-12-22 11:35:31 -05:00
d0a0571e14 Don't try to validate organisation ownership for new orgs 2018-12-22 17:06:48 +01:00
9308f141fc Allow unsafe inline style on docs
Our new docs build seems to put this in there, and only older docs were
tested it seems.
2018-12-22 16:28:42 +01:00
c1c40208ca Another try at fixing google analytics vs CSP 2018-12-22 16:24:10 +01:00
3606b102b0 Allow all of google-analytics in CSP
It needs a tleast both www.google-analytics and ssl.google-analytics..
2018-12-22 16:22:35 +01:00
0d1832dc0d Stopgap fix for lack fo permissions check on organistions 2018-12-22 16:07:45 +01:00
d36ea4a985 Enable setting of security http headers
The following security policy headers are set:

X-XSS-Protection: 1; mode=block -- always set

X-Frame-Options: DENY is set for all pages except for the documentation
  pages, primarily because pgadmin4 loads them in an iframe which would
  break.

Content-Security-Policy: <x>-src
  Is set to allow the default of self only, then allowing scripts for
  google analytics and fonts for google fonts. Images are allowed from everywhere.
  frame-ancestors 'none' is set by the same rules as X-Frame-Options

This also adds a decorator for @script_sources to have a single view
allow extra sources, and this is used for recaptcha. A generic decorator
is also made for other types of exclusions, though we don't have any at
this point.

If the setting SECURITY_POLICY_REPORT_ONLY is set to True then the policy
will be report-only and not enforced (for testing), otherwise enforcing
mode is enabled.

The setting SECURITY_POLICY_REPORT_URI sets where to send security
policy reports, if any.
2018-12-21 21:46:28 +01:00
48db40f71e Get rid of all inline styles
Some of these should be replaced with proper responsive tables for
example at some point, but this is a quick-fix.
2018-12-21 14:14:24 +01:00
5f8d3f44bc Remove unexpected inline stylesheet in very old presskit 2018-12-21 14:14:24 +01:00
6b04237918 Include base stylesheet via link instead of style
Instead of using <style> with import, set an explicit link like we do
for other stylesheets. This will make it possible to turn on a content
security policy for CSS.
2018-12-21 14:14:24 +01:00
d258d66481 Move admin custom css over to separate css file instead of inline 2018-12-21 14:14:24 +01:00
b5e5c2970a Move google analytics and scrolling code into main.js
This moves the remaining inline javascript out of the base templates
2018-12-21 14:14:03 +01:00
436fcf837a Move scripts from admin changeform to their own JS file
Could be made more efficient by combining some files, but tihs is just
the /admin/ interface so not used very often.
2018-12-20 17:18:11 +01:00
da3c529790 Use autofocus html attribute instead of javascript 2018-12-20 17:18:11 +01:00
c622ecd02a Move javascript for forms into separate JS file
In passing also clean up a few things that can be passed directly in the
template instead, and simplify things now that we have jquery all the
time.
2018-12-20 17:18:11 +01:00
a33bc4630b Move debian/ubuntu downloads javascript into main.js 2018-12-20 17:18:11 +01:00
6ee5d9c58d Move featurematrix javascript into a separate script file 2018-12-20 17:18:11 +01:00
3158ae77e9 Remove unused templates 2018-12-20 17:18:11 +01:00