Paul Chavard
18e91e7ca3
Extend old export format till mid-November
2019-10-31 17:11:46 +01:00
Paul Chavard
73d4ecf35d
Add a DS_PROXY_URL env variable
2019-10-30 16:15:38 +01:00
Paul Chavard
6a3d725134
Revert "Revert "Decommission ActiveStorage proxy service and use openstack service""
...
This reverts commit 71227be37f
.
2019-10-30 12:11:45 +01:00
simon lehericey
71227be37f
Revert "Decommission ActiveStorage proxy service and use openstack service"
...
This reverts commit 0ff6c793ae
.
2019-10-29 10:30:40 +01:00
Paul Chavard
0ff6c793ae
Decommission ActiveStorage proxy service and use openstack service
...
We are making these changes in order to always use DS_Proxy. Before this change DS_Proxy was not used to write files when ActiveStorage was used directly and not through “direct upload”.
2019-10-23 17:58:00 +02:00
clemkeirua
4a6893d88b
migrate sendinblue API to v3
2019-10-22 10:06:53 +02:00
clemkeirua
43424e4f4e
merge with the work of paul, using 3 links
2019-10-22 09:51:14 +02:00
simon lehericey
f31c184b56
[ fix #1537 ] Remove simple_form gem
2019-10-08 11:08:35 +02:00
clemkeirua
d3063c0b63
remove download_as_zip feature flag
2019-10-03 10:48:24 +02:00
Paul Chavard
5a7e415474
Put graphql behind a feature flag
2019-09-24 10:47:21 +02:00
Paul Chavard
91ad9bd7d3
Configure GraphQL::RailsLogger
2019-09-24 10:47:21 +02:00
Paul Chavard
d24e0e72a7
Correctly create new flipper flags
2019-09-12 10:46:13 +02:00
Paul Chavard
65e227c44b
Migrate to flipper
2019-09-10 16:10:14 +02:00
Chaïb Martinez
dd6c6bfe7a
mailers: add a NO_REPLY address to transactional emails
2019-09-10 13:37:28 +02:00
Paul Chavard
7ffb98e616
Remove carrierwave uploaders
2019-09-10 10:49:12 +02:00
Chaïb Martinez
f2386a5800
Add crips help domaine to defaut policy src
...
[fix #4234 ]
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-08-27 10:30:10 +02:00
simon lehericey
86d968bb8e
Use rack_attack_enabled?
...
We cannot enable rack attack during the tests as it interferes with features spec.
So we add a flag to enable it during the runtime.
2019-08-20 13:29:29 +02:00
simon lehericey
0f0fecdb25
RackAttack: use remote ip and test it !
2019-08-20 13:29:29 +02:00
pedong
fc8cebd78d
add Gem rack_attack for prevent attack brute-force
2019-08-20 13:29:29 +02:00
Nicolas Bouilleaud
7c7947adeb
Rename gestionnaire to instructeur in a comment
...
About an (unused for now) env var.
2019-08-13 10:27:49 +02:00
simon lehericey
3fde2a6f70
Rename gestionnaire in code to instructeur
2019-08-12 13:47:01 +02:00
maatinito
3703a71ea3
#3928 Added constants to define password min length & complexity
2019-08-01 17:12:14 +02:00
Pierre de La Morinerie
95e24392f9
models: remove old pieces justificatives
2019-07-30 16:11:17 +02:00
pedong
9438f962c5
add alert for account is locked
2019-07-29 17:48:44 +02:00
pedong
8d03a6747c
add lockable to User, Gestionnaire, administration, Administrateur
2019-07-29 17:48:44 +02:00
clemkeirua
99421545ab
replaced api-carto endpoint
2019-07-23 16:21:15 +02:00
Pierre de La Morinerie
76335511c8
omniauth: protect against CSRF
...
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2019-07-15 18:16:00 +02:00
Paul Chavard
3cb39c2840
Refactor message attachements to use active_storage
2019-07-10 15:35:29 +02:00
simon lehericey
0f9fdf3f75
Activate device email change confirmation
2019-07-09 11:55:17 +02:00
Mathieu Magnin
b34f8fbe3d
Add ActionText
2019-07-03 13:15:49 +02:00
simon lehericey
4b154983fb
Landing: voir les démarches -> comment trouver ma démarche
2019-07-03 12:59:09 +02:00
clemkeirua
dfefb827d9
missing connect-src
2019-07-02 10:50:10 +02:00
clemkeirua
d6f2de2fbf
enable static + activate csp in production
2019-07-02 09:40:38 +02:00
clemkeirua
eaf850c1e9
enable csp
2019-06-27 11:10:29 +02:00
clemkeirua
f19b5f8911
fix csp rule for crisp websocket
2019-06-26 12:37:55 +02:00
clemkeirua
7064f7e973
enable crisp websockets and css
2019-06-25 17:39:08 +02:00
clemkeirua
d3c6021ef4
add duplicate rules as fallback
2019-06-20 11:34:24 +02:00
clemkeirua
dc6c2e6bc0
add missing elements
2019-06-17 17:05:08 +02:00
Nicolas Bouilleaud
dace9a53d3
Add Universign timestamp API query
2019-06-17 16:16:28 +02:00
clemkeirua
765b10026e
more generic elements to the security policy
2019-06-17 09:51:27 +02:00
Pierre de La Morinerie
d410e31344
active_storage: document the virus scan hooks
2019-05-28 11:39:22 +02:00
Paul Chavard
cc4eba2b36
Less mokey patching
2019-05-21 14:21:42 +02:00
clemkeirua
5cbbbb8d3e
more whitelist for the common domains we use
2019-05-20 09:52:44 +02:00
Paul Chavard
42235e81b1
Use active storage load hook to extend blob
2019-05-16 20:43:01 +02:00
Paul Chavard
348b15f595
Put devtools behind feature flags
2019-05-15 18:10:25 +02:00
clemkeirua
6fe4031b2e
use constant for localhost
2019-05-15 16:33:27 +02:00
clemkeirua
b670b60ac6
changement de l'URI de report-uri
2019-05-15 15:32:00 +02:00
Pierre de La Morinerie
d431eeeb93
carrierwave: fix typo
...
Turns out the `openstack_identity_api_version` has not actually been
filled out for a while, because of a typo.
2019-05-15 14:03:15 +02:00
Chaïb Martinez
3004f96cf5
Add video and webinar URLs to admin pages
...
Fix #3850
Signed-off-by: Chaïb Martinez <chaibax@gmail.com>
2019-05-13 17:47:02 +02:00
clemkeirua
675cc5150c
update on the security policy headers
2019-05-09 14:55:21 +02:00