mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
5,751 Commits 35 Branches 172 Tags
Commit Graph

124 Commits

Author SHA1 Message Date
Luke Towers
d0ec0d94f2 Limit trustedHosts verification to backend password resets by default for better compatibility 2021-03-11 20:56:28 -06:00
Luke Towers
1e8cfb47af Manual comb through and rebrand following up the bulk patch rebrand 2021-03-10 15:25:57 -06:00
Luke Towers
cfa763b714 Initial rebrand commit generated from the 1.0 rebrand branch patch file 2021-03-10 15:02:53 -06:00
Ben Thomson
555ab61f23
Add app.trustedHosts config and force host checks on password reset (#5423) 
Add app.trustedHosts config and force host checks on backend password reset.

Related: f29865ae3d
 2021-01-04 12:35:47 -06:00
Ayumi
df4c2cf86e
Default session.same_site to Lax (#5293) 2020-10-12 12:10:17 -06:00
Jukka
d4ac1595ad
Update auth.php (#5289) 
typo fix
 2020-09-29 11:56:51 -06:00
Luke Towers
444069da00 Finished implement imageWidth & imageHeight filters 2020-08-21 13:39:45 -06:00
Luke Towers
ca386e2dd1 tweak to default config for resized disk 2020-08-14 15:46:06 -06:00
Luke Towers
b4dd25534e Merge branch 'develop' into wip/image-resizing 2020-08-09 04:26:48 -06:00
Luke Towers
f56d1eebe8 Further work on the new resizing functionality 2020-08-06 18:18:28 -06:00
Luke Towers
1aab58d1e4 Merge branch 'develop' into wip/laravel-6 2020-07-19 01:35:37 -06:00
Luke Towers
5a5208bd0b Document caveat with uploaded file URL generation when installing October in a subfolder 
Fixes #5204
 2020-07-19 01:08:01 -06:00
Ben Thomson
4fb4e318f1
Add "develop.allowDeepSymlinks" configuration option. 
Refs: https://github.com/octobercms/library/pull/491
 2020-07-14 12:25:35 +08:00
Luke Towers
e7b6917ad5
Update config/app.php 2020-06-22 21:58:08 -06:00
Ben Thomson
0317ecec3c
Add app.loadDiscoveredPackages config item 
Refs: https://github.com/octobercms/library/pull/492
 2020-06-23 10:40:36 +08:00
Ben Thomson
8c61985114 Merge branch 'develop' into wip/laravel-6 2020-03-16 17:13:42 +08:00
Marc Jauvin
6c391b5e82
Add config for throttling login attempts into Backend (#4974) 2020-03-11 10:57:19 +08:00
Samuel Georges
f7ef665af3 Set default logging to single, remove dusk config 2020-02-27 20:07:41 +11:00
Ben Thomson
3591f38cd4 Add predis client as default in config 2020-02-27 16:39:25 +08:00
Ben Thomson
a5db9e3257 Add new supported filesystems to config 2020-02-26 16:56:40 +08:00
Ben Thomson
65c3a88179
[Laravel 6] Add support for Laravel Dusk tests (#4919) 2020-02-03 12:21:04 +08:00
Luke Towers
f700e236d1
Merge branch 'develop' into wip/laravel-6 2020-01-27 12:06:45 -06:00
Luke Towers
a04494e63d Add warning message to app.locale config 2020-01-27 12:04:52 -06:00
Ben Thomson
6aeb079f8b Add support for Postmark mail transport configuration 2020-01-23 12:28:17 +08:00
Ben Thomson
12f5c1794e
Use default October log path for system logs 2020-01-21 08:29:48 +08:00
Ben Thomson
86351cec7f Revert "Add Composer scripts" 
This reverts commit a1cfc2aa58c2fa88c186a4306381fdcf1cd4f269.
 2020-01-20 16:14:00 +08:00
Ben Thomson
a1cfc2aa58 Add Composer scripts 2020-01-20 16:08:15 +08:00
Ben Thomson
b2d2d34c10
Fix code quality errors 2020-01-20 12:40:10 +08:00
Ben Thomson
5d3d4ad0b2
Merge branch 'develop' into wip/laravel-5.9 2020-01-18 21:00:40 +08:00
Samuel Georges
e3b42b2f10 Make cms.backendForceSecure an explicit setting 
This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads

Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy
 2020-01-18 18:05:26 +11:00
Samuel Georges
160ae441ff Shorten default string length 
- Introduce varcharmax config item, this default eventually should be increased to 255, when MySQL 5.6 support is dropped
- Config item can be kept to retain legacy support
- Only apply to mysql driver, previously was impacting other drivers
- Source true config values, previously was sourcing hard coded "mysql" connection values
 2019-12-29 11:43:27 +11:00
Samuel Georges
bbed527ecc Supply engine as default config 
This is currently supplied by the blueprint. This commit is a proactive step to move to config instead. Consider removing from this from blueprints in later years:

$table->engine = 'InnoDB';
 2019-12-29 10:14:49 +11:00
Ayumi
56eab50260 Documented session.http_only (#4743) 
Credit to @ayumi-cloud
 2019-12-14 11:14:23 -06:00
Ben Thomson
7e3136564f
Merge branch 'develop' into wip/laravel-5.9 2019-11-21 23:18:25 +08:00
Samuel Georges
8da798a5cd Remove XSRF cookie 
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
 2019-11-04 09:06:05 +11:00
Luke Towers
76db3355e6 Merge branch 'develop' of https://github.com/octobercms/october into develop 2019-10-30 08:09:07 -06:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Jan Boech
cc9b48975d Typo in "Automatically run migrations on login" (#4727) 
Credit to @najbo.
 2019-10-30 16:57:47 +08:00
Ben Thomson
6099312c0d
Disable CSRF in unit tests 2019-10-07 14:13:02 +08:00
Burak Özdemir
64d02b77cc Added Mailgun endpoint to services config (#4667) 
Fixes #3846. Credit to @ozdemirburak.
 2019-10-06 19:27:10 -06:00
morph85
811b431474 Added support for SparkPost mail configuration (#4151) 
Credit to @morph85
 2019-09-25 10:28:17 -06:00
Luke Towers
02d894f52b Fix use of Storage::url() for local disks that haven't been configured correctly. Fixes #4581 2019-09-02 12:33:36 -06:00
Ben Thomson
a67ccfe993
Allow decompiled Backend JS assets (#4549) 
This change will allow the individual JS assets that are compiled into a full compilation file to be loaded individually instead, allowing the developer to see their changes immediately. It introduces a new configuration variable, `cms.decompileBackendAssets`, that controls this functionality. By default, it is false and not tied to the debug value, requiring it to be explicitly enabled.
 2019-08-16 16:19:16 +08:00
Samuell
c21c22e1ba Add option to disable UpdateManager after backend login (#4266) 
Credit to @Samuell1. Fixes #3471.
 2019-07-19 14:50:42 -06:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Ayumi Hamasaki
884042952f Block off SW running in backend and reduce lookups (#4385) 
Credit to @ayumihamsaki. Related #4384
 2019-06-25 17:15:11 +03:00
Luke Towers
37db70ab83 Config changes from 5.6 2019-06-12 02:26:21 -06:00
Luke Towers
15e3bd131a
Merge pull request #4358 from octobercms/wip/file-improvements 
Use temporaryUrls for protected files if the storage driver supports them. Related: octobercms/library#406
 2019-06-02 20:49:12 -06:00
Samuel Georges
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource 
Database layer for the CMS objects
 2019-06-01 14:28:34 +10:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00