pretix_original

mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00

Author	SHA1	Message	Date
Raphael Michel	19fa2fb016	CSP: Remove child-src, as it is redundant with frame-src and will get deprecated again	2020-07-21 10:59:13 +02:00
Raphael Michel	d975a68641	Allow to turn off CSP reporting	2020-06-15 15:12:09 +02:00
Raphael Michel	7e9c9beace	Allow to use a custom domain per event (#1617 ) * Drop support for maindomain_urls/subdomain_urls in plugins * Allow to use a custom domain per event * Fix bug when manually saving domains * Fix custom domains in debugging * Fix middleware * Fix middleware again, update docs	2020-03-23 13:03:14 +01:00
Raphael Michel	27538d220e	Fix #1416 -- Add canonical geodata field (#1458 ) * Fix #1416 -- Add canonical geodata field for events and subevents * Add optional geocoding through OpenCageData * Fix markup everywhere * Add Leaflet map to geo coordinates * Fix tests, add credits * Fix spelling	2019-10-21 13:07:35 +02:00
Raphael Michel	6d1dea7922	Upgrade to Django 2.2 and modern DRF and py.test (#1246 ) * Upgrade django and stuff * Update to Django 2.2 and recent versions of similar packages * Provide explicit orderings to all models used in paginated queries * Resolve naive datetime warnings in test suite * Deal with deprecation warnings * Fix sqlparse version	2019-04-07 14:09:49 +01:00
Raphael Michel	c202286470	Fix #212 -- Different priorization of locale sources between backend and frontend	2019-02-18 15:12:05 +01:00
Martin Gross	518298f71c	Add media-src CSP to middleware (#1121 )	2018-12-12 08:59:22 +01:00
Raphael Michel	afd766999c	Upgrade to Django 2.1 (#710 ) * Upgrade to Django 2.0 * more models * i18n foo * Update setup.py * Fix Sentry exception PRETIXEU-JC * Enforce slug uniqueness * Import sorting * Upgrade to Django 2.1 * Travis config * Try to fix PostgreSQL failure * Smaller test matrix * staticfiles→static * Include request in all authenticate() calls	2018-08-06 12:48:46 +02:00
Raphael Michel	fb96787697	Fix #765 -- Include P3P header	2018-06-25 12:53:45 +02:00
Raphael Michel	d44eb67dec	Allow http: forms during testing	2018-02-14 11:50:10 +01:00
Raphael Michel	e78a176e9f	CSP: Remove nonce The nonce wasn't relied on because it broke Safari and having it in there forbids unsafe-inline, which breaks charts.	2018-01-31 18:45:25 +01:00
Raphael Michel	84d1d758c1	Re-add option to set user timezone	2017-10-13 15:55:58 +02:00
Raphael Michel	784f6e703c	CSP: Exclude PDF editor (just doesn't work in FF)	2017-09-28 18:44:12 +02:00
Raphael Michel	29b157f287	CSP: Add reporting endpoint	2017-09-28 18:43:45 +02:00
Raphael Michel	ab9dd32902	Add font-src to default CSP header	2017-09-25 10:19:36 +02:00
Raphael Michel	557a05135e	Allow connect-src to media domain	2017-08-28 09:19:42 +02:00
Raphael Michel	f9fcc16f54	Do not rely on CSP nonce support (breaks safari)	2017-08-23 13:36:35 +02:00
Raphael Michel	9a9bb92f91	[SECURITY] Support custom media URLs in CSP middleware	2017-08-21 15:14:45 +02:00
Raphael Michel	7c91bc2f37	Respect primary browser language	2017-07-20 11:31:34 +02:00
Raphael Michel	b2d4bea1d0	Refs #314 -- Read-only REST API (#513 ) * initial commit * API auth * Hierarchical URLs * Add session auth * Strong hierarchy * Add filters * Add i18n fields, questions * More viewsets and serializers * Ticket download * Add OrderPosition serializer * View-level permissions * More tests * More tests * Add basic API docs * Add REST API to docs frontpage * Tests for order endpoints * Add invoice tests * Voucher and waitinglist tests * Doc draft * order docs * Docs on all viewsets * Disable DRF docs, style sphinx, style browsable API * Fix tests * deprecated imports * Test foo * Attendee names * Fix migration problems * Remove browsable API, plugin integration * Doc fixes	2017-06-19 11:16:04 +02:00
Raphael Michel	6f7281b0f5	Add organizer domain	2017-06-05 18:07:18 +02:00
Raphael Michel	ecd90da554	Fix syntax fuckup	2017-03-07 23:37:37 +01:00
Raphael Michel	2302dbade6	Even slightly more CSP refactoring	2017-03-07 22:30:15 +01:00
Raphael Michel	cbf735487f	Improved merging of CSP headers	2017-03-07 21:48:59 +01:00
Raphael Michel	3e318d0dcf	Django 1.10: User.is_authenticated is now a property	2016-09-27 10:25:20 +02:00
Raphael Michel	965428e422	Django 1.10: New-style middlewares	2016-09-27 10:00:03 +02:00
Raphael Michel	852e3cced7	SecurityMiddleware: Add child-src	2016-09-17 23:18:51 +02:00
Raphael Michel	2138faecf9	SecurityMiddleware: Increase CSP parser tolerance	2016-09-17 23:09:33 +02:00
Raphael Michel	84d264d626	Stripe: Optional support for Stripe checkout	2016-09-09 10:20:30 +02:00
Raphael Michel	99604036c2	Fixed broken Django error pages due to CSP headers	2016-07-29 20:53:51 +02:00
Raphael Michel	525705a912	Fixed problems with middleware order	2016-07-20 19:33:26 +02:00
Raphael Michel	bda0075613	Fixed problems with PayPal and CSP	2016-05-02 09:48:56 +02:00
Raphael Michel	10e31bdf32	Stripe apparently needs frame and image transport	2016-04-10 17:36:20 +02:00
Raphael Michel	02fb27fa5d	Externalize more resources, implement Content-Security-Policy headers	2016-04-10 17:30:24 +02:00
Raphael Michel	79ad8b40ed	Added python3.5-style type annotations to pretix.base	2015-11-04 23:39:59 +01:00
Raphael Michel	0b4cae07c4	Splitted URL configuration for main and subdomains	2015-10-21 18:16:17 +02:00
Raphael Michel	8f6b92fbf3	Added tests and test configuration for pretix/base	2015-08-25 17:18:33 +02:00
Raphael Michel	22b4d514d6	Fixed #83 -- Added an informal German translation	2015-08-16 14:25:14 +02:00
Raphael Michel	e828d711bd	Used isort to order all import statements	2015-07-19 20:46:34 +02:00
Raphael Michel	e073243039	Control: Prefer user locale over event locale	2015-05-27 23:30:32 +02:00
Raphael Michel	7a3051c22d	Presale: Add a language switch to the UI	2015-05-08 21:59:08 +02:00
Raphael Michel	cd0e1cb520	Wider usage of the settings framework (#17 )	2015-04-01 11:54:56 +02:00
Raphael Michel	b8bb71d8a3	Reduce functional complexity (McCabe max 18 → max 12)	2015-03-13 01:04:53 +01:00
Raphael Michel	077413f41c	Restructure our python module. A lot.	2015-02-14 17:55:13 +01:00

44 Commits