Skip to content

Various Changes #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Gunni wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Various Changes #1

Gunni wants to merge 9 commits into from

Conversation

@Gunni
Copy link
Owner

@Gunni Gunni commented Jan 20, 2025

No description provided.

@Gunni Gunni mentioned this pull request Jan 22, 2025
Closed
Add target="_blank" to keepass link
0ec3c84 
Accidentally clicking the link made me navigate to it, clicking back is
not possible so i lost a password that way...
Remove Feature-Policy header
330d8fe 
This header seems to be stuck in feature hell, and developers refuse to
add a default-for-all kind of flag, so you need to define every scope
you want to disable.

See https://www.permissionspolicy.com/ to see just how lengthy the
header becomes.

Bug: w3c/webappsec-permissions-policy#189
polarina
polarina requested changes Mar 19, 2025
View reviewed changes
go.mod
github.com/golang/gddo v0.0.0-20190419222130-af0f2af80721
github.com/google/go-cmp v0.3.0 // indirect
github.com/lib/pq v1.1.1
github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f
Copy link
Collaborator

@polarina polarina Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is only one caller that uses this library, to parse HTTP Accept headers. It is also responsible for everything in go.sum going bloated.

db/migrate.sh
@@ -1,9 +1,11 @@
#!/bin/bash
#!/bin/bash -x
Copy link
Collaborator

@polarina polarina Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps change set -oeu pipefail to set -oeux pipefail?

pass.go
if helpers.HTTPAcceptCheck("application/json", r.Header) {
rw.Header().Set("Content-Security-Policy", contentSecurityPolicyJSON)
} else {
rw.Header().Set("Content-Security-Policy", contentSecurityPolicyHTML)
Copy link
Collaborator

@polarina polarina Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We got two policies, one for JSON and another for HTML, yet only one uniformally applied override? How about we use only one for the default as well?

pass.go
if err := rv.sv.db.ping(); err != nil {
log.Printf("db.Ping() returned %v\n", err)
rv.w.WriteHeader(http.StatusInternalServerError)
if len(rv.path) == 1 {
Copy link
Collaborator

@polarina polarina Mar 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reduce indentation.

if len(rv.path) != 1 {
	return
}

And move this and the switch into a new helper function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@polarina polarina polarina requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gunni @polarina