- 02 7月, 2021 1 次提交
-
-
由 Joe Previte 提交于
This can be used to escape any special characters in a string with HTML before sending from the server back to the client. This is important to prevent a cross-site scripting attack.
-
- 01 7月, 2021 1 次提交
-
-
由 Joe Previte 提交于
Previously, we used argon2 to verify the hash with the password. If the hash didn't start with a $, then it would enter the catch block. Now we check the hash before trying to verify it and we also throw an Error if the verify fails. This makes the isHashMatch function more robust.
-
- 30 6月, 2021 1 次提交
-
-
由 Asher 提交于
This way it can be used by the tests when spawning code-server on a random port to look for the address.
-
- 10 6月, 2021 1 次提交
-
-
由 Max Schmitt 提交于
-
- 09 6月, 2021 9 次提交
-
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
There was a case with the hashed-password which had multiple equal signs in the value and it wasn't being parsed correctly. This uses a new function and adds a few tests.
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
This uses argon2 instead of bcrypt. Note: this means the hash functions are now async which means we have to refactor a lot of other code around auth.
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
-
- 14 5月, 2021 2 次提交
-
-
由 Joe Previte 提交于
-
由 Joe Previte 提交于
-
- 24 4月, 2021 1 次提交
-
-
由 Joe Previte 提交于
-
- 17 3月, 2021 1 次提交
-
-
由 Asher 提交于
Remove the Mac directory copy instead of refactoring it since we've had this for a long time now and I think it's safe to assume that users running code-server on Mac don't have the old directory anymore.
-
- 22 1月, 2021 1 次提交
-
-
由 Joe Previte 提交于
-
- 04 11月, 2020 1 次提交
-
-
由 Asher 提交于
That allows its use in entry.ts as well.
-
- 31 10月, 2020 4 次提交
-
-
由 Anmol Sethi 提交于
Required for access under iPad.
-
由 Anmol Sethi 提交于
-
由 Anmol Sethi 提交于
Now we add a subject alt name, set extendedKeyUsage and use the correct certificate extension. The above allow it to be properly trusted by iOS. See https://support.apple.com/en-us/HT210176 *.cert isn't a real extension for certificates, *.crt is correct for it to be recognized by e.g. keychain or when importing as a profile into iOS. Updates #1566 I've been able to successfully connect from my iPad Pro now to my code-server instance with a self signed certificate! Next commit will be docs.
-
由 Anmol Sethi 提交于
Closes #1778
-
- 10 10月, 2020 1 次提交
-
-
由 Asher 提交于
-
- 14 8月, 2020 2 次提交
- 19 5月, 2020 1 次提交
-
-
由 Asher 提交于
Fixes #1659 Fixes #1642
-
- 14 5月, 2020 1 次提交
-
-
由 Anmol Sethi 提交于
-
- 13 5月, 2020 2 次提交
-
-
由 Anmol Sethi 提交于
-
由 Anmol Sethi 提交于
-
- 27 4月, 2020 1 次提交
-
-
由 Anmol Sethi 提交于
Closes #1502
-
- 17 3月, 2020 1 次提交
-
-
由 Will O'Beirne 提交于
-
- 20 2月, 2020 1 次提交
-
-
由 Asher 提交于
I temporarily removed this during the refactor so it needed to be added back. This time I bundled it with the nbin loader code since it's all related (will also make it easier to remove).
-
- 15 2月, 2020 1 次提交
-
-
由 Anmol Sethi 提交于
-
- 06 2月, 2020 1 次提交
-
-
由 Asher 提交于
-
- 05 2月, 2020 1 次提交
-
-
由 Asher 提交于
-
- 08 11月, 2019 1 次提交
-
-
由 Asher 提交于
Fixes issues with unexpected characters breaking things when setting the cookie (like semicolons). This change as-is does not affect the security of code-server itself (we've just replaced the static password with a static hash) but if we were to add a salt in the future it would let us invalidate keys by rehashing with a new salt which could be handy.
-
- 25 10月, 2019 1 次提交
-
-
由 Asher 提交于
Fixes #1062.
-
- 05 10月, 2019 1 次提交
-
-
由 Asher 提交于
-
- 05 9月, 2019 1 次提交
-
-
由 Asher 提交于
-