diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/context.go | 6 | ||||
-rw-r--r-- | api/file.go | 2 | ||||
-rw-r--r-- | api/team.go | 7 | ||||
-rw-r--r-- | api/templates/email_change_body.html | 4 | ||||
-rw-r--r-- | api/templates/find_teams_body.html | 4 | ||||
-rw-r--r-- | api/templates/invite_body.html | 4 | ||||
-rw-r--r-- | api/templates/password_change_body.html | 4 | ||||
-rw-r--r-- | api/templates/post_body.html | 4 | ||||
-rw-r--r-- | api/templates/reset_body.html | 4 | ||||
-rw-r--r-- | api/templates/signup_team_body.html | 4 | ||||
-rw-r--r-- | api/templates/verify_body.html | 4 | ||||
-rw-r--r-- | api/templates/welcome_body.html | 4 |
12 files changed, 25 insertions, 26 deletions
diff --git a/api/context.go b/api/context.go index ac9dffcbc..16da0a6eb 100644 --- a/api/context.go +++ b/api/context.go @@ -101,6 +101,12 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId) w.Header().Set(model.HEADER_VERSION_ID, utils.Cfg.ServiceSettings.Version) + // Instruct the browser not to display us in an iframe for anti-clickjacking + if !h.isApi { + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("Content-Security-Policy", "frame-ancestors none") + } + sessionId := "" // attempt to parse the session token from the header diff --git a/api/file.go b/api/file.go index 889c9dd1b..3ef50fbbd 100644 --- a/api/file.go +++ b/api/file.go @@ -33,7 +33,7 @@ func InitFile(r *mux.Router) { sr := r.PathPrefix("/files").Subrouter() sr.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST") - sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+\\.[A-Za-z0-9]{3,}}", ApiAppHandler(getFile)).Methods("GET") + sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandler(getFile)).Methods("GET") sr.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("POST") } diff --git a/api/team.go b/api/team.go index 1145e6e81..c9fe42ecc 100644 --- a/api/team.go +++ b/api/team.go @@ -35,25 +35,18 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { m := model.MapFromJson(r.Body) email := strings.ToLower(strings.TrimSpace(m["email"])) - displayName := strings.TrimSpace(m["display_name"]) if len(email) == 0 { c.SetInvalidParam("signupTeam", "email") return } - if len(displayName) == 0 { - c.SetInvalidParam("signupTeam", "display_name") - return - } - subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL()) bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL()) bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink props := make(map[string]string) props["email"] = email - props["display_name"] = displayName props["time"] = fmt.Sprintf("%v", model.GetMillis()) data := model.MapToJson(props) diff --git a/api/templates/email_change_body.html b/api/templates/email_change_body.html index f8f3845e7..439fffd5b 100644 --- a/api/templates/email_change_body.html +++ b/api/templates/email_change_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/find_teams_body.html b/api/templates/find_teams_body.html index 6eaaf56e0..a73ed0ad4 100644 --- a/api/templates/find_teams_body.html +++ b/api/templates/find_teams_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -40,7 +40,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/invite_body.html b/api/templates/invite_body.html index 46189fae5..ad0658e3d 100644 --- a/api/templates/invite_body.html +++ b/api/templates/invite_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/password_change_body.html b/api/templates/password_change_body.html index 515c0a7d9..1d4a6e1c8 100644 --- a/api/templates/password_change_body.html +++ b/api/templates/password_change_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/post_body.html b/api/templates/post_body.html index c0f4375d8..0aa913db5 100644 --- a/api/templates/post_body.html +++ b/api/templates/post_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/reset_body.html b/api/templates/reset_body.html index af9f6b4e8..4c2fec1e7 100644 --- a/api/templates/reset_body.html +++ b/api/templates/reset_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/signup_team_body.html b/api/templates/signup_team_body.html index 5a5ae4d47..5e60a042b 100644 --- a/api/templates/signup_team_body.html +++ b/api/templates/signup_team_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -38,7 +38,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/verify_body.html b/api/templates/verify_body.html index 67ded9c20..1a68c16f5 100644 --- a/api/templates/verify_body.html +++ b/api/templates/verify_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -35,7 +35,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> diff --git a/api/templates/welcome_body.html b/api/templates/welcome_body.html index 7107bc2e0..cc4d95fb1 100644 --- a/api/templates/welcome_body.html +++ b/api/templates/welcome_body.html @@ -8,7 +8,7 @@ <td style="border: 1px solid #ddd;"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> - <td style="padding: 20px 30px 10px; text-align:left;"> + <td style="padding: 20px 20px 10px; text-align:left;"> <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> @@ -32,7 +32,7 @@ </td> </tr> <tr> - <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;"> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt=""> </p> |