Mirrors
/
matrix-public-archive
mirror of https://github.com/matrix-org/matrix-public-archive.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
152 Commits 34 Branches 1 Tag 2.5 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Michael[tm] Smith 6b493ff807
Only assign `vmContext.global.crypto` if not already global (#143) 
Fixes https://github.com/matrix-org/matrix-public-archive/issues/141

Node.js v19 has `crypto` set on the global already, so this change causes `vmContext.global.crypto` to be assigned only if `vmContext.global.crypto` isn’t already defined.

Otherwise, without this change, the room directory fails to render in Node.js v19+, and instead _"TypeError: Cannot set property crypto of `#<Object>` which has only a getter"_ gets thrown.
 2022-11-18 12:27:50 -06:00
Eric Eastwood fa4720af04
Increase perceived performance by scrolling to the right spot before Hydrogen loads (#128) 2022-11-09 18:57:33 -06:00
Eric Eastwood a0089b0fe4
Add `Content-Security-Policy` (CSP) (#81) 
Add `Content-Security-Policy` (CSP) that restricts the page to just what it is expected to do.

This helps limit the damage that can be done by any XSS attack.

Fix https://github.com/matrix-org/internal-config/issues/1341
 2022-10-19 12:07:39 -05:00
Eric Eastwood 2581f88495
Fix XSS when blatting `window.matrixPublicArchiveContext` to the page (#79) 
Fix https://github.com/matrix-org/internal-config/issues/1335
 2022-10-13 14:36:04 -05:00
Eric Eastwood 02b86a8405
Render pipeline separation of concerns (#64) 
Follow-up to https://github.com/matrix-org/matrix-public-archive/pull/36

Render pipeline separation of concerns:

 1. Run in `child_process`
 2. Hydrogen render
 
It's now just a generic `child_process` runner that runs the Hydrogen render in it. This eliminates the windy path of the 1-4 steps that was only held together by the file names themselves.
 2022-09-02 20:49:06 -05:00