Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.22.0 2023-09-10T13:36:14+00:00 2023-09-10T13:36:14+00:00 Balazs Keresztury belidzs@users.noreply.github.com 2023-09-10T13:36:14+00:00 urn:sha1:f470724c6ef307919dfdbcd9b71f8d821f1f10fa 2023-07-30T10:59:18+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-07-30T10:59:18+00:00 urn:sha1:e7689459f25663e00b4f5814a3608872ff36b582 * Rework trusted proxies Fix https://github.com/FreshRSS/FreshRSS/issues/5502 Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226 New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip. Current working setups should not observe any significant change. * Minor whitespace * Safer trusted sources during install Rework of https://github.com/FreshRSS/FreshRSS/pull/5358 https://github.com/FreshRSS/FreshRSS/issues/5357 * Minor readme 2023-07-16T12:50:42+00:00 otaconix stefanhetzwaantje@gmail.com 2023-07-16T12:50:42+00:00 urn:sha1:a066be93b0dbb70ead9b7ab758c332b764b98400 * Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516) The mod_auth_oidc needs an additional directive (`OIDCXForwardedHeaders`) in case FreshRSS is running behind a reverse proxy, so it knows what host, protocol and port were used to access it. This information is then used in the `redirect_uri` when directing the user agent (browser) to the identity provider for authentication. Please note that, if you are running FreshRSS behind a reverse proxy that handles TLS, you may need to update your identity provider's configuration so it accepts `https://...` as a `redirect_uri`. * Add link to mod_auth_openidc's documentation for the OIDCXForwardedHeaders Apache configuration directive * Minor spelling --------- Co-authored-by: Stefan Zwanenburg <stefan@zwanenburg.info> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> 2023-06-30T10:58:20+00:00 otaconix stefanhetzwaantje@gmail.com 2023-06-30T10:58:20+00:00 urn:sha1:fc579bd2bc5406abcaa9f8dfffe4232a2e256116 * Allow choosing the OIDC remote user claim and scopes to request from the identity provider * Added comment to explain how checking whether an environment variable is set is done * Use apostrophe's instead of single quotes for verb contractions in docs * Move variables used for checking presence of environment variables inside IfDefine block 2023-06-12T08:22:46+00:00 Aaron Schif aaronschif@gmail.com 2023-06-12T08:22:46+00:00 urn:sha1:58b254f9cb923d5d0dfe53df4bca8a0f00bbcf0b * Add OIDC * Update documentation. * Update apache conf adding IfModule * Use IfDefine for OIDC in apache conf * Fix non-oidc support * Fix typing * Use IfDefine to enable OIDC * Add OIDC support to all dockerfiles * Re add apache Require option * Fixes and documentation * A few more fixes * A bit more doc * Change type of environment variable * Update readme * Correct apache config for OIDC support. * Fix README formatting * Update oidc control path * Fix oidc endpoint being cached * A bit more review * Simplify ExpiresActive * Add session refresh and improve caching * Allow more different setups * A bit more documentation * A bit more readme --------- Co-authored-by: Aaron Schif <aschif@netdevgroup.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: maTh <math-home@web.de> 2023-06-12T06:22:02+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-06-12T06:22:02+00:00 urn:sha1:2f5ef39cf2e0bad6d3a30b02e42d10700d0546a3 * Remove core extensions Google Groups and Tumblr * Google Groups seems to have remove support for RSS/ATOM https://github.com/FreshRSS/FreshRSS/pull/2838 (see e.g. https://www.theregister.com/2021/08/16/google_groups_rss/ ) * Tumblr seems to have fixed their RSS/ATOM post-GDPR https://github.com/FreshRSS/FreshRSS/pull/1924 So for both of thems, the extensions have become irrelevant. * Cleaning 2023-05-07T19:35:08+00:00 maTh math-home@web.de 2023-05-07T19:35:08+00:00 urn:sha1:54c8de86c73ce831df7912428b4f9fd849d67aca * docs: language table added * Update 05_Configuration.md * Update 05_Configuration.md * french docs * Unicode quote and a few fixes (Same search&replace aslo applied to a few other files) --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> 2023-02-28T07:11:27+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-02-28T07:11:27+00:00 urn:sha1:4f957dfc4c38c418e5b46a2dc8d34a9bdabb31db #fix https://github.com/FreshRSS/FreshRSS/issues/4949 2023-02-06T14:42:53+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-02-06T14:42:53+00:00 urn:sha1:e899e4edd97c296a29b2a8da2c2e3b598622c36e * More robust application of access permissions We were in particular missing directory traversal `+X` in our current recommendations. Extracted to own shell script so it can easily be invoked. Update access permissions in Docker to account to be more robust. #fix https://github.com/FreshRSS/FreshRSS/discussions/5037 * Minor simplification * Restrict mkdir permissions Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770. 2023-01-28T22:15:28+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-01-28T22:15:28+00:00 urn:sha1:2303b29e68d16fbf0a173ab2b4b0ac736041905c Follow up of https://github.com/FreshRSS/FreshRSS/pull/5001