| Age | Commit message (Collapse) | Author |
|---|
|
* API: add remote user in Apache logs
fix https://github.com/FreshRSS/FreshRSS/discussions/8385
Example:
```
2026-01-01T18:38:28.645486326Z 0.0.0.0 - alex [01/Jan/2026:19:38:28 +0100] "GET /api/greader.php/reader/api/0/subscription/list?output=json HTTP/1.1" 200 9798 "-" "curl/8.14.1"
```
* Fallback mod_rewrite
* Log remote user with same priority as FreshRSS_http_Util::httpAuthUser()
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7552
I cannot find any distribution still supporting Apache 2.2
|
|
Start using `Cache-Control: immutable` for some resources served with a timestamp.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#immutable
The `<If>` directive requires Apache 2.4+
|
|
https://github.com/FreshRSS/FreshRSS/pull/6303#issuecomment-2768907702
Was already implemented conditionally
https://github.com/FreshRSS/FreshRSS/pull/1198
|
|
* Referrer-Policy: same-origin
* same-origin for our own images
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Update .htaccess
Add check for Apache mod_filter to ensure "AddOutputFilterByType" works.
* Explicit enabling mod_filter in our Docker images
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix access to manifest
fix https://github.com/FreshRSS/FreshRSS/issues/7157
* Casing
|
|
https://github.com/FreshRSS/FreshRSS/discussions/7145
|
|
* Rework Apache deny access outside p
The deny rules introduced by
https://github.com/FreshRSS/FreshRSS/pull/6881
gave problems for API access.
See also
https://github.com/FreshRSS/FreshRSS/discussions/6879
* Fix scope of deny logic
* Fix scope of deny logic
* Allow .txt
For e.g. `robots.txt`
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6890
Fix regression from https://github.com/FreshRSS/FreshRSS/pull/6881
|
|
* Apache protect more non-public folders
* Also protect root
* Do the same for /p/
* Simplify Require all denied
In case of Apache 2.2, it will just make an error 500 instead of 403
* .htaccess.dist
* Simplify
* Better comment
|
|
* Fix Apache IfVersion
fix https://github.com/FreshRSS/FreshRSS/issues/5803
* Minor changelog
|
|
And avoid crash in Apache 2.2 anyway
fix https://github.com/FreshRSS/FreshRSS/issues/5790
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* Update mime type font/woff
https://www.rfc-editor.org/rfc/rfc8081
`application/font-woff*` is deprecated for `font/woff*`
* Order
|
|
* Update .htaccess
* Explicit MIME type for .js
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Configuring_server_MIME_types
https://www.iana.org/assignments/media-types/media-types.xhtml
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Related to https://github.com/FreshRSS/FreshRSS/issues/4073
In our Docker configuration, `.htaccess` files are included only once at startup. The one for themes was missing.
|
|
* Set-Cookie SameSite
* https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
* https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
* https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
* https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Set to Lax instead of Strict to allow linking to allow linking to FreshRSS sub-pages without having to log-in again
|
|
* Add more glyphs for opensans font
* Update .htaccess to support woff2 file format
* Fixed browser support for new font face
* Fixed Origine theme css and .htaccess
* Deleted unneeded fonts
* Added stylefiles for OpenSans font
* Fixed all themes with new font css
* Avoid additional CSS file
* htaccess cache control public
* Font casing bug
* Remove TTF font
Too big, low need https://caniuse.com/#search=woff
* Changelog 1032
https://github.com/FreshRSS/FreshRSS/pull/1032
https://github.com/FreshRSS/FreshRSS/pull/1028
|
|
And moved .htaccess rules in the folder there are used
https://github.com/FreshRSS/FreshRSS/issues/1114
|
|
./p./i/
Avec la nouvelle structure ./p/i/ , la racine ./p/ est sensée être
publique, du coup pas de problème pour le favicon.ico par exemple.
|
|
Implémente https://github.com/marienfressinaud/FreshRSS/issues/333
/public/ est renommé /p/
/public/index.php est déplacé dans /p/i/index.php
Le cookie de session est limité à /p/i/
|
Alexandre Alapetite
maTh
Dezponia
maTh
Pavel Pletenev
