* CORS/CSP fix
* deprecate ALLOWED_IFRAME_ORIGINS
* Revert "deprecate ALLOWED_IFRAME_ORIGINS"
This reverts commit 9792f06691.
* Reapply "deprecate ALLOWED_IFRAME_ORIGINS"
This reverts commit 683ee93036.
* Add helmet config and deprecate previous ALLOWED_IFRAME_ORIGINS
* add build to docker compose for local builds
* set server to listen on 0.0.0.0 and control with cors
* Remove hsts from helmet and apply new pin status check limits
* add back allowed_iframe_origins env as a fallback for allowed_origins
* update readme for allowed_iframe_origins
* feat: Add ALLOWED_IFRAME_ORIGINS configuration and update security headers (#47)
- Introduced ALLOWED_IFRAME_ORIGINS environment variable to specify trusted origins for iframe embedding.
- Updated security headers middleware to conditionally allow specified origins in Content Security Policy.
- Enhanced documentation in README.md to explain the new configuration and its security implications.
Fixes#35
* feat: Update .env.example and .gitignore for improved configuration management
- Enhanced .env.example with detailed comments for environment variables, including upload settings, security options, and notification configurations.
- Updated .gitignore to include additional editor and OS-specific files, ensuring a cleaner repository.
- Modified package.json to add a predev script for Node.js version validation and adjusted the dev script for nodemon.
- Improved server.js shutdown handling to prevent multiple shutdowns and ensure graceful exits.
- Refactored config/index.js to log loaded environment variables and ensure the upload directory exists based on environment settings.
- Cleaned up fileUtils.js by removing unused functions and improving logging for directory creation.
This commit enhances clarity and maintainability of configuration settings and improves application shutdown behavior.
* feat: Update Docker configuration and documentation for upload handling
- Explicitly set the upload directory environment variable in docker-compose.yml to ensure clarity in file storage.
- Simplified the Dockerfile by removing the creation of the local_uploads directory, as it is now managed by the host system.
- Enhanced README.md to reflect changes in upload directory management and provide clearer instructions for users.
- Removed outdated development configuration files to streamline the development setup.
This commit improves the clarity and usability of the Docker setup for file uploads.
* feat: Add Local Development Guide and update README for clarity
- Introduced a comprehensive LOCAL_DEVELOPMENT.md file with setup instructions, testing guidelines, and troubleshooting tips for local development.
- Updated README.md to include a link to the new Local Development Guide and revised sections for clarity regarding upload directory management.
- Enhanced the Quick Start section to direct users to the dedicated local development documentation.
This commit improves the onboarding experience for developers and provides clear instructions for local setup.
* feat: Implement BASE_URL configuration for asset management and API requests
- Added BASE_URL configuration to README.md, emphasizing the need for a trailing slash when deploying under a subpath.
- Updated index.html and login.html to utilize BASE_URL for linking stylesheets, icons, and API requests, ensuring correct asset loading.
- Enhanced app.js to replace placeholders with the actual BASE_URL during HTML rendering.
- Implemented a validation check in config/index.js to ensure BASE_URL is a valid URL and ends with a trailing slash.
This commit improves the flexibility of the application for different deployment scenarios and enhances asset management.
Fixes#34, Fixes#39, Fixes#38
* Update app.js, borked some of the css n such
* resolved BASE_URL breaking frontend
* fix: Update BASE_URL handling and security headers
- Ensured BASE_URL has a trailing slash in app.js to prevent asset loading issues.
- Refactored index.html and login.html to remove leading slashes from API paths for correct concatenation with BASE_URL.
- Enhanced security headers middleware to include 'connect-src' directive in Content Security Policy.
This commit addresses issues with asset management and improves security configurations.
- Introduce BASE_URL environment variable for flexible application URL configuration
- Update .env.example, docker-compose, and README with new configuration option
- Implement BASE_URL validation in config module
- Modify server logging to use configurable base URL
- Provide default base URL generation when not explicitly set
- Introduce AUTO_UPLOAD environment variable to enable automatic file uploads
- Update .env.example with new configuration options
- Modify docker-compose.yml to use new image and comment out default settings
- Update README.md to document AUTO_UPLOAD feature
- Implement client-side auto upload logic in index.html
- Add server-side logging for auto upload status
chore: Refactor notification message template and size unit handling
- Add file size formatting to notifications with auto-scaling units (B, KB, MB, GB, TB)
- Add APPRISE_SIZE_UNIT environment variable for fixed size units
- Update default notification message to include file size: "New file uploaded: {filename} ({size})"
- Fix filename reference in notifications to use safeFilename
- Fix async/await handling in upload chunk handler
- Add size formatting documentation to README
- Update environment variable documentation
Example notification: "New file uploaded: example.pdf (2.54MB)"
