The HTTP Node now uses auto for ecdhCurve for SSL connections. This fixes the SSL
handshake error while connecting to some Zulip instances. Setting the ecdhCurve to auto
is the recommended method for Node > 8.5, more info here -
https://github.com/nodejs/node/issues/16196Fixes: #594.
This commit adds proxy details to request module paramters from
the proxyRules so that the request module can use these rules while
sending a request. In case of no system proxy, set environment
variable NO_PROXY to handle all links.
Fixes: #534.
captureExceptions are used to report expected exceptions from domain-util.js and
config-util.js.
All files that include logger-util automatically includes sentry for those files
and report unexpected exceptions to sentry.
This commit moves all the configuration(.json) files into a config folder
if the config folder doesn't already exist. It also updates the places
where these files are being accessed with the new address.
This will help us zip the folder easily in the future.
This PR helps to validate custom/self-signed certificates for servers
by saving the certificate file in certificates folder in user's appData folder.
We now use this certificate with the request while validating the server
when adding the organization. This validation of certificate is done by the request module itself.
Fixes: #126.
Now using the `escape-html` module so that we can decode
the realm description properly and escape the html at the
same time. The encodeURIComponent function doesn't
provide this kind of flexibility. We need to decode the
real description properly since we show the same in the
tooltip and setting page.
This commit fixes a security bug which was caused by
using innerHTML and not doing proper HTML escaping.
Ideally, we should be doing proper HTML escaping for
any data we get from the server to avoid XSS attack.
We already handle realm icon and url very well, the
realm description was not handled previously but this commit
now fixes this in a right way.
This fixes an issue where if server send non 404 error code such
as 403 forbidden we marked them as Zulip server even though they are
not, now it checks for 400 error range.
Some Zulip Servers use absolute URL for server icon whereas others use relative URL.
I have added an extra check to handle both the cases. Improves #308.
App used to throw an error because it assumes that the certificate is invalid or not signed properly.
The solution of this problem is same as self-signed certificate fix which is we simply show a warning dialog asking user if they trust the certificate.
