Age | Commit message (Collapse) | Author |
|
|
|
* Add the hetzner logo to the sponsors on the main page.
|
|
Remove an old sponsor, a never used high resolution rss image and an old
new icon.
|
|
|
|
Update to the latest version 3 release which does not break backwards
compatibility yet.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
|
|
Create a simple tag for outputting the d3js <script> html so updating
will be easier and the version has be changed in one file.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
|
|
Add the content security policy for <form> posts to only allow posts to
the origin form which it's served. This disallows posting forms to a
third party if a browser supports this directive.
|
|
|
|
|
|
|
|
Close: #188
|
|
|
|
Update the ipxe image for the new CA root Let's Encrypt image.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
not foo is preferred over len(foo) == 0.
|
|
Only querying the required fields makes the code smaller and 20% faster
on Sqlite.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
The modify_attributes was used for IE to set attributes on DOM elements,
since Archweb no longer supports IE and this can be done easily with
plain JavaScript. Also drop non-standard HTML attributes since they
aren't worth keeping.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
|
|
Kartenzia no longer sponsors a dedicated server.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
|
|
|
|
|
|
|
|
The archweb website contains no <base> elements so this can be
disallowed. Also set frame-ancestors is set to the same value as
X-Frame-Options.
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
|
|
This reverts commit adaa6d64c4466cff986e695d9d69d51a4d05ca59.
old is undefined and therefore the code is broken.
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
|
|
The dash-pkg-notify view was removed in 710ec0a9de9a and since then
never used.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
This class was last used on the very old download page and since then
never used.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
The media="projection" property is read by browsers but does not match
anything remove it so our site is valid HTML.
Closes: #184
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
|
|
Remove setting focus on the username since this already works without
Javascript.
|
|
Include more tests for exception handling cases, refactor this later
using pytest fixture's so there is no need for massive code duplication.
|
|
|
|
Microsoft Edge has no x/y in the Clientrect structure so use top/left
instead which works on all browsers.
|
|
|
|
In 2013 floatformat was very slow in the mirror status page, these days
floatformat is not that much slower.
|
|
|
|
|
|
jQuery upgrade
|
|
CSP dissalows inline CSS styles so move the CSS to a separate file.
|
|
archweb.js supplies no functions required in the news add/edit/delete
view.
|
|
Remove inline style and add new CSS rule for it.
|
|
Remove inline styles to hide itemprop's and use a global css class for
it.
|
|
Replace the usage of inline styles with a global css rule.
|
|
Remove the usage of an inline style for hiding #news-preview and hide it
in our global css. Also move the newspreview function to it's sole user
to reduce our global JS size.
|
|
Add django-csp as dependency to be able to set CSP inside django's
settings and allow setting a CSP_NONCE for inline <script>'s in
templates. Since archweb heavily uses this pattern it's the best
compromise.
|
|
|
|
Use a self written typeahead inmplemenation which gets rid of the
jQuery requirement. This saves upgrading issues and reduces the amount
of data to be loaded for the homepage by half.
|
|
Use sks-keyservers instead of mit
|