Commit graph

959 commits

Author SHA1 Message Date
Pierre de La Morinerie
76335511c8 omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Pierre de La Morinerie
56c846900b champs: improve validation message of numeric fields
Replaces

> Champs value doit être un nombre

by

> La valeur du champ doit être un nombre entier (sans chiffres après
> la virgule)
2019-07-11 15:12:48 +02:00
Paul Chavard
3cb39c2840 Refactor message attachements to use active_storage 2019-07-10 15:35:29 +02:00
Pierre de La Morinerie
055fc63c45 profile: improve email success message wording 2019-07-10 11:31:09 +02:00
simon lehericey
ea79b9a595 typo: use ’ 2019-07-09 11:55:17 +02:00
simon lehericey
d36f6ebcd7 [fix #1709] A user can change its email 2019-07-09 11:55:17 +02:00
simon lehericey
0f9fdf3f75 Activate device email change confirmation 2019-07-09 11:55:17 +02:00
simon lehericey
d68d2be798 Profil: accessible to all roles 2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d Add ActionText 2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb Landing: voir les démarches -> comment trouver ma démarche 2019-07-03 12:59:09 +02:00
simon lehericey
c7e10fc43f Manager: remove repasser_en_instruction 2019-07-02 18:40:20 +02:00
simon lehericey
b79220e711 UI 2019-07-02 18:35:47 +02:00
Paul Chavard
fb0ef15e3c Export dossiers v2 2019-07-02 14:20:29 +02:00
clemkeirua
dfefb827d9 missing connect-src 2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf enable static + activate csp in production 2019-07-02 09:40:38 +02:00
clemkeirua
0cfd3e3c1f disable csp 2019-07-01 12:10:08 +02:00
clemkeirua
eaf850c1e9 enable csp 2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911 fix csp rule for crisp websocket 2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973 enable crisp websockets and css 2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4 add duplicate rules as fallback 2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0 add missing elements 2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
eb592f8ddf Add manager controller for bill signatures 2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
f355f849a6 Add BillSignature Model 2019-06-17 16:16:28 +02:00
Nicolas Bouilleaud
dace9a53d3 Add Universign timestamp API query 2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e more generic elements to the security policy 2019-06-17 09:51:27 +02:00
pedong
abcd58c35d [fix #3710] date with letter
Co-Authored-By: simon lehericey <mail@simon.lehericey.net>
2019-06-12 17:48:12 +02:00
Chaïb Martinez
eccd456325 Add crisp
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-06-05 17:41:47 +02:00
Paul Chavard
ff44b7a600 Refactor purge pj to be more generic 2019-05-29 15:54:51 +02:00
Pierre de La Morinerie
d410e31344 active_storage: document the virus scan hooks 2019-05-28 11:39:22 +02:00
Paul Chavard
6a3413018a Refresh attachments with virus scan result 2019-05-21 14:21:55 +02:00
Paul Chavard
cc4eba2b36 Less mokey patching 2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e more whitelist for the common domains we use 2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1 Use active storage load hook to extend blob 2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595 Put devtools behind feature flags 2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e use constant for localhost 2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6 changement de l'URI de report-uri 2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
abfeb1c2db locales: remove unused carrierwave localisation
- It was broken since the renaming of `extension_white_list` to
  `extension_whitelist` (f0ed61cce8)
- The localisation is already included in the `carrierwave-i18n` gem
- The localisation included in the gem is better than ours (it mentions
  which extensions are allowed).
2019-05-15 14:39:40 +02:00
Pierre de La Morinerie
d431eeeb93 carrierwave: fix typo
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Paul Chavard
9725f2a418 Enable new champs editor for all 2019-05-14 16:18:29 +02:00
Paul Chavard
3446782cd0 Remove deprecated editor 2019-05-14 16:18:29 +02:00
Paul Chavard
dba8d65137 Track dossier operations with author and subject 2019-05-14 14:31:03 +02:00
Chaïb Martinez
3004f96cf5 Add video and webinar URLs to admin pages
Fix #3850

Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c update on the security policy headers 2019-05-09 14:55:21 +02:00
Nicolas Bouilleaud
3ff0c83485 Add multi-admin UI
refs #1626
2019-05-06 16:19:08 +02:00
clemkeirua
2ae02a132b Report-Only for tests 2019-05-06 10:07:51 +02:00
clemkeirua
64b858ef19 handle Gon + add report-uri URL 2019-05-06 10:07:51 +02:00
clemkeirua
8582b08a98 add security policy 2019-05-06 10:07:51 +02:00
Paul Chavard
f113d108c9 Save virus scan status to blob metadata 2019-05-02 15:58:09 +02:00
Paul Chavard
d72cead7ff Remove unnecessary uglify options
New options :
terserOptions:
   { output: { ecma: 5, comments: false, ascii_only: true },
     parse: { ecma: 8 },
     compress: { ecma: 5, warnings: false, comparisons: false },
     mangle: { safari10: true } } }
2019-05-02 14:10:48 +02:00
Paul Chavard
2f633b5d23 Load leaflet from a separate chunk 2019-05-02 14:10:48 +02:00