leap_platform.git/puppet/modules, branch version/0.9.x [leap_platform] Couchdb service should not require on soledad 2017-01-08T19:59:21+00:00 varac varacanero@zeromail.org 2016-12-30T17:44:27+00:00 95ebed1696b9fc16f07d65387b7d0fe92e336047 - Resolves: #8693 
- Resolves: #8693
bugfix: couchdb nodes should not require soledad. closes #8693 2017-01-08T19:59:09+00:00 elijah elijah@riseup.net 2016-12-20T18:12:39+00:00 21b4bd1fd1e875716b09572006d309221772a43c 






Set X-XSS-Protection HTTP response header to '1'.
2016-10-24T15:31:41+00:00

Micah Anderson
micah@riseup.net

2016-10-24T15:31:41+00:00

4db1e7c4454ea05c524be4cc385ede1bab2e1be4

This HTTP response header enables the Cross-site scripting (XSS) filter
built into some modern web browsers. This header is usually enabled by
default anyway, so the role of this header is to re-enable the filter
if it was disabled maliciously, or by accident.





This HTTP response header enables the Cross-site scripting (XSS) filter
built into some modern web browsers. This header is usually enabled by
default anyway, so the role of this header is to re-enable the filter
if it was disabled maliciously, or by accident.







Set X-Content-Type-Options nosniff.
2016-10-24T15:29:59+00:00

Micah Anderson
micah@riseup.net

2016-10-24T15:29:59+00:00

53ddc64b6aa98653b35b23c334df605ed26ea60b

Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.

When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.





Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.

When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.







Merge branch 'twisted_backports' into develop
2016-10-20T14:32:06+00:00

varac
varacanero@zeromail.org

2016-10-20T14:32:06+00:00

312689623bee05b631ad3df34f20f1ad067ab4b3












Setup couch for soledad before starting soledad
2016-10-18T19:31:32+00:00

varac
varacanero@zeromail.org

2016-10-12T16:41:35+00:00

0b279d8a66293bdf5fe20a77b557055a95a66a46

When the soledad couch user is not present, soledad-server
refuses to start, so we need to ensure that couch is setup correctly
before starting soledad-server.

see https://leap.se/code/issues/8535





When the soledad couch user is not present, soledad-server
refuses to start, so we need to ensure that couch is setup correctly
before starting soledad-server.

see https://leap.se/code/issues/8535







Lint site_couchdb::setup
2016-10-18T19:31:32+00:00

varac
varacanero@zeromail.org

2016-10-12T14:10:30+00:00

73ca4fe4b3bad52b1d4c6c950d06b16e2db014ae












[feat] Use twisted 16.2 from jessie-backports
2016-10-18T19:30:58+00:00

varac
varacanero@zeromail.org

2016-09-28T09:06:05+00:00

c752039fdf59e5c8a18c5dc7c611bd996e323eec

New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.

- Resolves: #8418





New soledad packages now depend on Twisted 16.2.0 (see
https://leap.se/code/issues/8412), so we need to pin twisted to get
installed from jessie-backports.

- Resolves: #8418







lint site_mx class
2016-10-18T19:30:58+00:00

varac
varacanero@zeromail.org

2016-09-28T09:01:19+00:00

291d5718607a2df22ca58a0c110bee75452a085c












[bugfix] static sites: only enable hidden service by default if one domain is configured
2016-09-13T20:42:36+00:00

elijah
elijah@riseup.net

2016-09-02T19:35:09+00:00

a063280eab5e8749c74381aabbe641c30887e9f6

The problem is that we have a single onion address per server, so if more
than one domain is configured we need to make sure they don't both try to
use the same onion address.





The problem is that we have a single onion address per server, so if more
than one domain is configured we need to make sure they don't both try to
use the same onion address.