Don't stop the polling thread and attempt cleanup
when the thread is no longer alive; just avoid
logging warnings and other noise.
Demote a couple warning logs to info since
they are neither critical nor actionable.
Change-Id: Ibe8e8491723f1beeaea03a6e935d606b01e275f0
This reverts commit 1d9a9e834a. This
commit meant that if you hit CSP violations, then 'make run' hides those
problems and you need a full 'docker' (or similar) setup to see the
problem, where it's much more painful to debug it.
See commit 6e0d1ad707 (document signing:
whitelist CSP frame-src for doc sign endpoint URL, 2018-12-05) for a
real-world example where this happened.
Change-Id: Idc14496463f6decd0ad64c3b31758b4f532d66e6
Reviewed-on: https://gerrit.libreoffice.org/65549
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Miklos Vajna <vmiklos@collabora.com>
If document signing is enabled in loolwsd.xml, then explicitly whitelist
iframe creation towards the doc sign endpoint server, to avoid
> Refused to frame '...' because it violates the following Content Security Policy directive: "frame-src 'self' blob:".
Note that this happened only in non-debug builds, as we currently don't
send eny Content Security Policy headers in debug builds.
Change-Id: Iee2a0644d67d5803ab3f5c636b8e960fa619792f
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.
The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).
Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
not the whole URL with all parameters
Change-Id: I42e3a6a4c05410284afea51bb13ac3f692b243ef
Reviewed-on: https://gerrit.libreoffice.org/64147
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Beforehand, any host could embed the iframe as the Referer was always allowed.
Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.
X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.
Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
If the document-container has an explicit style attribute, then this
breaks Calc (only Writer was tested before). This restores the correct
Writer/Calc/Impress behavior when the setting is false and keeps correct
behavior with Writer when the setting is true.
Change-Id: I310660e88af4407e521529ec41b5dcb604108bd9
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.
JS can dynamically query if the menu item should be there, similar to
the about dialog.
Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531
rational: setup is easier in case, when user does not use ssl in loolwsd config
Reviewed-on: https://gerrit.libreoffice.org/61076
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
And few other smaller tweaks around different branding with support key
enabled.
Change-Id: I9a751374c9384d9535a208c9bd912e2041fd5879
Reviewed-on: https://gerrit.libreoffice.org/54753
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
moreover:
* noCache is always true in debug mode
* when noCache is true we return an explicit "Cache-Control: no-cache" line
Change-Id: I157a410df0a90f9ab151b899e44566b95cbd9929
Reviewed-on: https://gerrit.libreoffice.org/54517
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Also disable PAM by default.
Change-Id: Id1197f0d049ce56f698952b87d2c4760412eb8ec
Reviewed-on: https://gerrit.libreoffice.org/53727
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
These are copy-constructed from a const reference but are only used as
const reference; make them a const reference.
Change-Id: Id193905b65224c2db4aab88999a92e60d3af3fdf
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.
auth required pam_unix.so
account required pam_unix.so
Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
The form.get function is something like this:
const std::string& get(const std::string& abc) { return abc; }
passing a string literal implicitly gets converted to temporary
std::string whose reference is then returned and used. This causes
crash, atleast for me, on building online with GCC 7
Change-Id: I09d0aeea57a3dbeeefd1bb28ff645723714aa6b4
Reviewed-on: https://gerrit.libreoffice.org/46727
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 75c2147b7f774afccf55bb93f7fae79efb615361)
Reviewed-on: https://gerrit.libreoffice.org/46730
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
