451 Commits

Author	SHA1	Message	Date
Elias Schneider	881d3df24e	remove SetAllowedFormAction and explicitly set csp header	2026-04-19 15:30:23 +02:00
Kyle Mendell	d620bc6818	Merge branch 'main' into feat/add_form_post	2026-03-26 12:48:00 -05:00
Chotow	0551502586	feat: add TRUSTED_PLATFORM environment variable for gin (#1372)	2026-03-26 12:44:31 -05:00
Kyle Mendell	5251cd9799	chore: ignore linter on app image bootstrap	2026-03-26 12:44:03 -05:00
taoso	dc6558522e	fix: allow one-char username on signup (#1378)	2026-03-26 12:36:54 -05:00
taoso	724c41cb7a	fix: empty background restore after reboot (#1379)	2026-03-26 12:33:30 -05:00
dependabot[bot]	2701754e73	chore(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 in /backend in the go_modules group across 1 directory (#1391) ... Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-03-26 12:31:40 -05:00
John	b5424d49f3	Merge branch 'main' into feat/add_form_post	2026-03-26 14:28:13 +01:00
Owen Voke	3700bd942d	feat: add token_endpoint_auth_methods_supported to .well-known (#1388)	2026-03-23 12:51:32 -05:00
Alessandro (Ale) Segala	2b5401dd2f	fix: show a warning when SQLite DB is stored on NFS/SMB/FUSE (#1381)	2026-03-23 12:50:54 -05:00
Chotow	95e9af4bbf	fix: avoid fmt.Sprintf on custom GeoLiteDBUrl without %s placeholder (#1384)	2026-03-18 12:41:14 +00:00
John	5c3bd875ac	Merge branch 'main' into feat/add_form_post	2026-03-17 11:39:40 +01:00
Kyle Mendell	0c039cc88c	fix: derive LDAP admin access from group membership (#1374)	2026-03-11 21:13:04 -05:00
Alessandro (Ale) Segala	119454bf24	Merge branch 'main' into feat/add_form_post	2026-03-10 09:38:48 +08:00
John	43b66437ce	Removed whitespace	2026-03-09 21:18:46 +01:00
John van der Wulp	1d1a792043	Chagned CSP to allow only values via SetAllowedFormAction	2026-03-09 10:03:18 +01:00
taoso	192f71a13c	feat: allow clearing background image (#1290) ... Co-authored-by: Kyle Mendell <kmendell@ofkm.us> Co-authored-by: Kyle Mendell <ksm@ofkm.us>	2026-03-08 14:45:04 -05:00
taoso	f90f21b620	feat: allow use of svg, png, and ico images types for favicon (#1289) ... Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Kyle Mendell <kmendell@ofkm.us>	2026-03-08 19:25:49 +00:00
Alessandro (Ale) Segala	d71966f996	refactor: separate querying LDAP and updating DB during sync (#1371)	2026-03-08 14:03:58 -05:00
Alessandro (Ale) Segala	832b7fbff4	fix: better error messages when there's another instance of Pocket ID running (#1370)	2026-03-08 15:37:38 +01:00
Alessandro (Ale) Segala	2f56d16f98	fix: various fixes in background jobs (#1362) ... Co-authored-by: Elias Schneider <login@eliasschneider.com>	2026-03-07 17:07:26 +00:00
Elias Schneider	e7bd66d1a7	tests: fix wrong seed data	2026-03-07 17:51:44 +01:00
Ken Watanabe	34890235ba	Merge commit from fork	2026-03-07 16:59:25 +01:00
John van der Wulp	108866b470	Changed error message (its a static message)	2026-03-06 09:01:52 +01:00
John van der Wulp	5f9b94742d	Accept query parameter on backend.	2026-03-06 08:53:47 +01:00
John van der Wulp	45887686a7	validate the Redirect_URI	2026-03-05 22:26:39 +01:00
John van der Wulp	b42087dbfc	Simplyfied ValidateResponseMode	2026-03-05 22:25:36 +01:00
John van der Wulp	3d491e0fe0	There is no query...	2026-03-05 16:46:11 +01:00
John van der Wulp	503bd8de74	Add validation for responsemode and test	2026-03-05 16:33:10 +01:00
John van der Wulp	74f49b0ff6	Simplified csp logic	2026-03-05 16:32:23 +01:00
John van der Wulp	1ea5eec7d2	add support for response_mode=form_post	2026-03-04 13:21:44 +01:00
Alessandro (Ale) Segala	27ca713cd4	fix: one-time-access-token route should get user ID from URL only (#1358)	2026-03-03 18:53:36 -08:00
taoso	8fecc22888	feat: allow first name and display name to be optional (#1288) ... Co-authored-by: Kyle Mendell <kmendell@ofkm.us>	2026-03-03 21:37:39 +00:00
github-actions[bot]	45bcdb4b1d	chore: update AAGUIDs (#1354) ... Co-authored-by: stonith404 <58886915+stonith404@users.noreply.github.com>	2026-03-03 15:22:26 -06:00
Alessandro (Ale) Segala	89349dc1ad	fix: handle IPv6 addresses in callback URLs (#1355)	2026-03-03 10:52:42 +01:00
Alessandro (Ale) Segala	6159e0bf96	perf: frontend performance optimizations (#1344)	2026-03-01 13:04:38 -08:00
Alessandro (Ale) Segala	4d22c2dbcf	fix: federated client credentials not working if sub ≠ client_id (#1342) ... Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-03-01 18:48:20 +01:00
Elias Schneider	3a339e3319	fix: improve wildcard matching by using go-urlpattern (#1332)	2026-02-28 13:08:35 +00:00
Elias Schneider	0c41872cd4	fix: disallow API key renewal and creation with API key authentication (#1334)	2026-02-23 20:34:25 +01:00
Kyle Mendell	a90c8abe51	chore(deps): upgrade to node 24 and go 1.26.0 (#1328) ... Co-authored-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: Elias Schneider <login@eliasschneider.com>	2026-02-23 19:50:44 +01:00
Kyle Mendell	ae269371da	feat: current version api endpoint (#1310)	2026-02-22 10:39:19 -08:00
James Ward	27caaf2cac	feat: add JWT ID for generated tokens (#1322)	2026-02-22 16:23:14 +00:00
Elias Schneider	0678699d0c	chore: upgrade dependencies	2026-02-22 17:14:57 +01:00
Alessandro (Ale) Segala	eb0456a395	fix: token endpoint must not accept params as query string args (#1321)	2026-02-17 22:31:09 -06:00
github-actions[bot]	97f2e4eec2	chore: update AAGUIDs (#1316) ... Co-authored-by: stonith404 <58886915+stonith404@users.noreply.github.com>	2026-02-16 09:54:02 -06:00
Kyle Mendell	60825c5743	chore: run formatter	2026-02-10 15:21:09 -06:00
Cheng Gu	310b81c277	feat: manageability of uncompressed geolite db file (#1234)	2026-02-10 21:17:06 +00:00
Yegor Pomortsev	6eebecd85a	fix: decode URL-encoded client ID and secret in Basic auth (#1263)	2026-01-24 20:52:17 +00:00
Elias Schneider	aab7e364e8	fix: increase rate limit for frontend and api requests	2026-01-24 20:29:50 +01:00
Elias Schneider	56afebc242	feat: add support for HTTP/2	2026-01-24 18:24:34 +01:00