CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity
12,291 Commits 304 Branches 182 Tags
0279ca7d94de9f0d455fd4fd58793dd3150281a2
Commit Graph

66 Commits

Author SHA1 Message Date
Raphael Michel
95511b0330 Remove X-XSS-Protection, no longer supported by any browser 2024-06-29 19:25:34 +02:00
Martin Gross
d67f5c650c Event-specific fonts and Web-Embedded Fonts (Z#23130701) (#3893) 2024-03-26 09:55:08 +01:00
Raphael Michel
eac88b5ef7 Widget: Fix language on first iframe request 2024-01-26 11:44:02 +01:00
Raphael Michel
9e95f3be1b Wallet detection: Extend CSP header for google pay 2023-07-28 16:49:11 +02:00
Martin Gross
8a903f21ae Stripe/Middleware: Move CSP to signal (#3465) 2023-07-17 11:15:12 +02:00
Martin Gross
41cded095c PProv: Implement detection of wallets such as Google Pay and Apple Pay (#3444) 
Co-authored-by: Richard Schreiber <schreiber@rami.io>
 2023-07-11 11:51:43 +02:00
Raphael Michel
bd32b33ba9 Bump Django to 4.1.* (#2989) 2023-06-05 09:56:31 +02:00
Raphael Michel
59d46ddded Revert "First steps into pytz deprecation" 
This reverts commit e4e7d50659.
 2023-02-01 13:15:18 +01:00
Raphael Michel
e4e7d50659 First steps into pytz deprecation 2023-02-01 13:12:24 +01:00
Raphael Michel
f7f29e8a55 Do not read language from session any more (deprecated since Django 3.0) 2023-01-12 15:00:37 +01:00
Raphael Michel
5d82305e18 CSP: Deduplicate identical values 2022-12-19 14:53:32 +01:00
Raphael Michel
c8983ca863 CSP: Do not set nonce if unsafe-inline is set 2022-12-19 14:52:58 +01:00
Raphael Michel
2a8faf1d12 Force organizer page to allowed languages 2022-04-29 14:43:38 +02:00
Richard Schreiber
72455209bb CSP: Strip keys with empty values from header (#2322) 2021-11-16 09:24:19 +01:00
Raphael Michel
b7f5631ad0 _merge_csp: Avoid duplicate values 2021-06-20 10:12:47 +02:00
Raphael Michel
44245b4053 Restrict locales to allowed ones on organizer pages 2021-05-04 22:09:25 +02:00
Raphael Michel
8e79eb570e Customer accounts & Memberships (#2024) 2021-05-04 16:56:06 +02:00
Raphael Michel
a93287207b pretix Community Edition moves to AGPLv3-based license (#2023) 2021-04-12 10:33:47 +02:00
Raphael Michel
8ed41a1276 Add csp_additional_header config option 2020-12-21 19:16:09 +01:00
Raphael Michel
04bfa63a5e Add region setting to supplement localization (#1875) 2020-12-14 13:15:38 +01:00
Raphael Michel
fb92676aee Fix test suite failures 2020-11-01 15:43:57 +01:00
Raphael Michel
b841878dcb Ensure to return a 404 if an appending slash is missing 2020-10-30 14:40:55 +01:00
Raphael Michel
19fa2fb016 CSP: Remove child-src, as it is redundant with frame-src and will get deprecated again 2020-07-21 10:59:13 +02:00
Raphael Michel
d975a68641 Allow to turn off CSP reporting 2020-06-15 15:12:09 +02:00
Raphael Michel
7e9c9beace Allow to use a custom domain per event (#1617) 
* Drop support for maindomain_urls/subdomain_urls in plugins

* Allow to use a custom domain per event

* Fix bug when manually saving domains

* Fix custom domains in debugging

* Fix middleware

* Fix middleware again, update docs
 2020-03-23 13:03:14 +01:00
Raphael Michel
27538d220e Fix #1416 -- Add canonical geodata field (#1458) 
* Fix #1416 -- Add canonical geodata field for events and subevents

* Add optional geocoding through OpenCageData

* Fix markup everywhere

* Add Leaflet map to geo coordinates

* Fix tests, add credits

* Fix spelling
 2019-10-21 13:07:35 +02:00
Raphael Michel
6d1dea7922 Upgrade to Django 2.2 and modern DRF and py.test (#1246) 
* Upgrade django and stuff

* Update to Django 2.2 and recent versions of similar packages

* Provide explicit orderings to all models used in paginated queries

* Resolve naive datetime warnings in test suite

* Deal with deprecation warnings

* Fix sqlparse version
 2019-04-07 14:09:49 +01:00
Raphael Michel
c202286470 Fix #212 -- Different priorization of locale sources between backend and frontend 2019-02-18 15:12:05 +01:00
Martin Gross
518298f71c Add media-src CSP to middleware (#1121) 2018-12-12 08:59:22 +01:00
Raphael Michel
afd766999c Upgrade to Django 2.1 (#710) 
* Upgrade to Django 2.0

* more models

* i18n foo

* Update setup.py

* Fix Sentry exception PRETIXEU-JC

* Enforce slug uniqueness

* Import sorting

* Upgrade to Django 2.1

* Travis config

* Try to fix PostgreSQL failure

* Smaller test matrix

* staticfiles→static

* Include request in all authenticate() calls
 2018-08-06 12:48:46 +02:00
Raphael Michel
fb96787697 Fix #765 -- Include P3P header 2018-06-25 12:53:45 +02:00
Raphael Michel
d44eb67dec Allow http: forms during testing 2018-02-14 11:50:10 +01:00
Raphael Michel
e78a176e9f CSP: Remove nonce 
The nonce wasn't relied on because it broke Safari and having it in
there forbids unsafe-inline, which breaks charts.
 2018-01-31 18:45:25 +01:00
Raphael Michel
84d1d758c1 Re-add option to set user timezone 2017-10-13 15:55:58 +02:00
Raphael Michel
784f6e703c CSP: Exclude PDF editor (just doesn't work in FF) 2017-09-28 18:44:12 +02:00
Raphael Michel
29b157f287 CSP: Add reporting endpoint 2017-09-28 18:43:45 +02:00
Raphael Michel
ab9dd32902 Add font-src to default CSP header 2017-09-25 10:19:36 +02:00
Raphael Michel
557a05135e Allow connect-src to media domain 2017-08-28 09:19:42 +02:00
Raphael Michel
f9fcc16f54 Do not rely on CSP nonce support (breaks safari) 2017-08-23 13:36:35 +02:00
Raphael Michel
9a9bb92f91 [SECURITY] Support custom media URLs in CSP middleware 2017-08-21 15:14:45 +02:00
Raphael Michel
7c91bc2f37 Respect primary browser language 2017-07-20 11:31:34 +02:00
Raphael Michel
b2d4bea1d0 Refs #314 -- Read-only REST API (#513) 
* initial commit

* API auth

* Hierarchical URLs

* Add session auth

* Strong hierarchy

* Add filters

* Add i18n fields, questions

* More viewsets and serializers

* Ticket download

* Add OrderPosition serializer

* View-level permissions

* More tests

* More tests

* Add basic API docs

* Add REST API to docs frontpage

* Tests for order endpoints

* Add invoice tests

* Voucher and waitinglist tests

* Doc draft

* order docs

* Docs on all viewsets

* Disable DRF docs, style sphinx, style browsable API

* Fix tests

* deprecated imports

* Test foo

* Attendee names

* Fix migration problems

* Remove browsable API, plugin integration

* Doc fixes
 2017-06-19 11:16:04 +02:00
Raphael Michel
6f7281b0f5 Add organizer domain 2017-06-05 18:07:18 +02:00
Raphael Michel
ecd90da554 Fix syntax fuckup 2017-03-07 23:37:37 +01:00
Raphael Michel
2302dbade6 Even slightly more CSP refactoring 2017-03-07 22:30:15 +01:00
Raphael Michel
cbf735487f Improved merging of CSP headers 2017-03-07 21:48:59 +01:00
Raphael Michel
3e318d0dcf Django 1.10: User.is_authenticated is now a property 2016-09-27 10:25:20 +02:00
Raphael Michel
965428e422 Django 1.10: New-style middlewares 2016-09-27 10:00:03 +02:00
Raphael Michel
852e3cced7 SecurityMiddleware: Add child-src 2016-09-17 23:18:51 +02:00
Raphael Michel
2138faecf9 SecurityMiddleware: Increase CSP parser tolerance 2016-09-17 23:09:33 +02:00