DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-21 00:07:42 -07:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
4408 commits 89 branches 265 tags 290 MiB
Commit graph

47 commits

Author SHA1 Message Date
snipe 00b051b8c7
Added a few more comments 2020-06-23 00:26:09 -07:00
snipe 05b3a9ad7e
Config variable for HSTS 2020-06-22 23:17:27 -07:00
snipe 4fb880384f
Changed comment 2020-06-22 22:37:14 -07:00
snipe 43042ad841
Consolidated ReferrerPolicy into new SecurityHeaders file 2020-06-22 22:35:59 -07:00
snipe a716382ac4
Removed CSP middleware (it’s added in the general header) 2020-06-22 22:33:37 -07:00
snipe 36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00
snipe d7873f257d Fixed CSP for importer 2020-04-06 14:18:45 -07:00
snipe e7c1418314 Fixed possible typo in CSP 2020-04-01 19:47:42 -07:00
snipe bfb910f375 Set the serialization 2019-05-22 00:51:43 -07:00
Daniel Meltzer f7dbda4ed3 Disable broken tests (#5073) 
* Work towards a functional travis.  Step 1: Disable broken unit tests.

* Fix functional tests

This updates the login information and model factories to work with
changes to source.

* Importer name/full name fixes.

Fix a bug where "name" was used ambigously and mapping "item name" to
"name" would confuse the importer into thinking it should also be a user
name.  Now we default to "full name" for the users name, and "item name"
for the item name.  These are still both configurable through the custom
mapping.

Also update sample csvs and remove an outdated sample.

* Max length of supplier notes is 191, not 255, as per default laravel string length.  Might make sense to change this to a text field in the future to match other places.

* Use sqlite/different db setup for unit tests.

* Fix assets api test.

* Fix Components API test.

* increase travis memory limit for functional tests.

* Use travis config for api tests as well.

* Fix memory limit file.

* Disable ApiComponentsAssetsCest until it's fixed.
 2018-02-22 21:46:58 -08:00
snipe e08911ab8f Removed nonce for now 
There is a dependency in a package where we can’t edit the script tags to add the nonce
 2017-11-02 10:57:05 -07:00
snipe aab635154a Default to turning CSP off until we can fix vue/CSP issues 2017-10-02 13:29:14 -07:00
snipe efd71f8bfe For #3998 - Disable CSP if debug=true 
To avoid all the nonce hell from debugbar
 2017-09-29 04:53:09 -07:00
snipe 46d87849f4 Added content security middleware 2017-09-28 19:45:15 -07:00
snipe b60febeea2 Removed space in XSS header because safari was getting angry 2017-09-28 18:45:54 -07:00
snipe 9b84a0d516 *eyeroll* 2017-09-28 17:34:47 -07:00
snipe 1775995f26 Is this space necessary? Getting weird results from netsparker 2017-09-28 17:25:04 -07:00
snipe 26a7701cda Added referrer-policy header 2017-09-28 17:12:58 -07:00
snipe a34085f1d9 Added mode=block to XSSProtect header 2017-09-28 16:28:27 -07:00
snipe 51ceaedfaf Small phpcbf cleanup 2016-12-29 14:02:18 -08:00
snipe aab0933856 Use url() helper over URL::to 2016-12-15 16:41:36 -08:00
snipe 863e200430 Hopefully fixes tons of PEBKAC where users have the wrong app.url 2016-12-14 08:20:05 -08:00
snipe 5bca1ed2b6 Allow supression of debug warning for demo 2016-12-01 00:48:43 -08:00
snipe dbb2b62223 Fixed cranky Codacy result 2016-11-29 01:44:24 -08:00
snipe 2603488bd6 Removed settings middlware 
(Already handled via AppServiceProvider)
 2016-11-29 01:19:52 -08:00
snipe 0d6b160b61 Fix mail test script 2016-11-29 01:19:05 -08:00
snipe 16a24b7fb8 Use getSettings() to check for locale to take advantage of cached value 2016-11-29 00:21:58 -08:00
snipe ba23952852 Add red banner if app is in production mode and debugging is turned on 2016-11-29 00:08:20 -08:00
snipe 4c08331c9d Get settings in middleware, makr available in views 2016-11-28 22:53:16 -08:00
Daniel Meltzer f4fc783026 Check for setup to have completed before running the 2fa middleware. Otherwise new installs fail (#2885) 2016-11-06 18:08:13 +01:00
snipe 38b188f6ff Fixes #2448 - redirect to intended page 2016-10-29 07:32:48 -07:00
snipe 408aab112b Removed unneeded else 2016-10-29 06:06:32 -07:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842) 
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
 2016-10-29 05:50:55 -07:00
Daniel Meltzer a418dece80 Better checking for empty values when updating. (#2811) 
* Better checking for empty values when updating.  There's a lot of conditionals in here that we may want to look at cleaning up over time

* Fix typo.  No manfacturers here.

* Fix model update/import.  Also hardcode the status id of unset assets to the first existing one instead of an id that may not exist... Still not ideal, but better.

* Let requests to .env through the middleware.  We check to see if this is readable during setup as a warning, and as it stands it triggers an infinite loop trying to hit the file.
 2016-10-25 19:51:13 -07:00
snipe 64cd4fb1c9 Allow X-Frame-Options to be disabled via env if necessary 2016-08-29 22:57:29 -07:00
snipe 4ed8ff5576 Formatting fixes for coding standards 2016-06-22 12:27:41 -07:00
snipe 973513a078 Remove unecessary log use statement 2016-06-15 21:18:40 -07:00
snipe 416cd96c94 Removed debugging loggin in middleware 2016-06-15 21:08:19 -07:00
snipe 27427dd26b Additional comments to clarify permissions middleware 2016-06-15 20:57:16 -07:00
snipe 6a277a5391 Added inheritance back into users/groups 2016-06-15 20:45:45 -07:00
snipe 049e13e365 Switch to gate for permission check 2016-06-02 02:48:52 -07:00
snipe 415b60a293 Added check for setup in Setting model 2016-05-14 16:09:00 -07:00
snipe 9a8e4a55e7 Check for DB table 2016-05-14 15:05:28 -07:00
snipe 1a14abed05 Check that the table exists 
Should probably find a way to handle this that doesn't require a DB call
 2016-05-14 15:05:20 -07:00
snipe 90d4a8b2e3 Cleanup namespaces a bit 2016-03-25 19:26:22 -07:00
snipe 753a7333f1 If the settings table is empty, set a default 2016-03-25 05:39:08 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00