Bump version to 3.4.10

Enable base URL detection by default with npm start, remove FXA_CLIENT_ID
Properly derive base URL as configured in file upload logic
2025-12-06 14:10:53 +03:00 · 2021-05-07 13:09:37 +02:00 · 2021-05-07 13:07:26 +02:00 · 2021-05-07 13:07:17 +02:00 · 2021-05-07 12:40:16 +02:00 · 2021-05-07 12:38:24 +02:00
13 changed files with 784 additions and 485 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1,2 @@
-public/locales/* linguist-documentation
-docs/* linguist-documentation
+public/locales/*/*.ftl linguist-documentation
+docs/** linguist-documentation
--- a/4
+++ b/4
@@ -6,7 +6,7 @@


 # Build project
-FROM node:15.5.1-alpine AS builder
+FROM node:current-alpine AS builder
 RUN set -x \
    # Add user
    && addgroup --gid 10001 app \
@@ -26,7 +26,7 @@ RUN set -x \


 # Main image
-FROM node:15.5.1-alpine
+FROM node:current-alpine
 RUN set -x \
    # Add user
    && addgroup --gid 10001 app \
--- a/app/main.css
+++ b/app/main.css
@@ -118,7 +118,7 @@ details {
  overflow: hidden;
 }

-details > summary::-webkit-details-marker {
+details > summary::marker {
  display: none;
 }

--- a/docs/deployment.md
+++ b/docs/deployment.md
@@ -13,7 +13,7 @@ For Debian/Ubuntu systems this probably just means something like this:
 ## Building
 * We assume an already configured virtual-host on your webserver with an existing empty htdocs folder
 * First, remove that htdocs folder - we will replace it with Send's version now
-* git clone https://github.com/mozilla/send.git htdocs
+* git clone https://github.com/timvisee/send.git htdocs
 * Make now sure you are NOT root but rather the user your webserver is serving files under (e.g. "su www-data" or whoever the owner of your htdocs folder is)
 * npm install
 * npm run build
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "send",
  "description": "File Sharing Experiment",
-  "version": "3.4.7",
+  "version": "3.4.10",
  "author": "Mozilla (https://mozilla.org)",
  "contributors": [
    "Tim Visee <3a4fb3964f@sinenomine.email> (https://timvisee.com)"
@@ -30,7 +30,7 @@
    "test:report": "nyc report --reporter=html",
    "test-integration": "cross-env NODE_ENV=development wdio test/wdio.docker.conf.js",
    "circleci-test-integration": "echo 'webdriverio tests need to be updated to node 12'",
-    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true FXA_CLIENT_ID=fced6b5e3f4c66b9 BASE_URL=http://localhost:8080 webpack-dev-server --mode=development",
+    "start": "npm run clean && cross-env NODE_ENV=development L10N_DEV=true BASE_URL=http://localhost:8080 DETECT_BASE_URL=true webpack-dev-server --mode=development",
    "android": "cross-env ANDROID=1 npm start",
    "prod": "node server/bin/prod.js"
  },
@@ -64,10 +64,10 @@
    "node": "^15.5.1"
  },
  "devDependencies": {
-    "@babel/core": "^7.13.15",
+    "@babel/core": "^7.14.0",
    "@babel/plugin-proposal-class-properties": "^7.13.0",
    "@babel/plugin-syntax-dynamic-import": "^7.2.0",
-    "@babel/preset-env": "^7.13.15",
+    "@babel/preset-env": "^7.14.1",
    "@dannycoates/webcrypto-liner": "^0.1.37",
    "@fullhuman/postcss-purgecss": "^1.3.0",
    "@mattiasbuelens/web-streams-polyfill": "0.2.1",
@@ -78,7 +78,7 @@
    "base64-js": "^1.5.1",
    "content-disposition": "^0.5.3",
    "copy-webpack-plugin": "^5.1.2",
-    "core-js": "^3.10.1",
+    "core-js": "^3.12.0",
    "crc": "^3.8.0",
    "cross-env": "^6.0.3",
    "css-loader": "^3.6.0",
@@ -117,7 +117,7 @@
    "script-loader": "^0.7.2",
    "sinon": "^7.5.0",
    "string-hash": "^1.1.3",
-    "stylelint": "^13.12.0",
+    "stylelint": "^13.13.1",
    "stylelint-config-standard": "^19.0.0",
    "stylelint-no-unsupported-browser-features": "^4.1.4",
    "svgo": "^1.3.2",
@@ -135,9 +135,9 @@
    "@dannycoates/express-ws": "^5.0.3",
    "@fluent/bundle": "^0.13.0",
    "@fluent/langneg": "^0.3.0",
-    "@google-cloud/storage": "^5.8.3",
+    "@google-cloud/storage": "^5.8.5",
    "@sentry/node": "^5.30.0",
-    "aws-sdk": "^2.888.0",
+    "aws-sdk": "^2.902.0",
    "body-parser": "^1.19.0",
    "choo": "^7.0.0",
    "cldr-core": "^35.1.0",
--- a/public/locales/nl/send.ftl
+++ b/public/locales/nl/send.ftl
@@ -28,7 +28,7 @@ notSupportedOutdatedDetail = Helaas ondersteunt deze versie van Firefox de webte
 updateFirefox = Firefox bijwerken
 deletePopupCancel = Annuleren
 deleteButtonHover = Verwijderen
-footerText = Niet aangesloten aan Mozilla of Firefox.
+footerText = Niet gelieerd aan Mozilla of Firefox.
 footerLinkDonate = Doneren
 footerLinkCli = CLI
 footerLinkDmca = DMCA
@@ -52,7 +52,7 @@ passwordSetError = Dit wachtwoord kon niet worden ingesteld
 -send-short-brand = Send
 -firefox = Firefox
 -mozilla = Mozilla
-introTitle = Eenvoudig, privé bestanden delen
+introTitle = Bestanden delen, eenvoudig en privé 
 introDescription = Met { -send-brand } kunt u bestanden delen met end-to-endversleuteling en een koppeling die automatisch verloopt. Hierdoor kunt u privé houden wat u wilt delen en er zeker van zijn dat uw zaken niet voor altijd online blijven.
 notifyUploadEncryptDone = Uw bestand is versleuteld en klaar voor verzending
 # downloadCount is from the downloadCount string and timespan is a timespanMinutes string. ex. 'Expires after 2 downloads or 25 minutes'
--- a/server/config.js
+++ b/server/config.js
@@ -130,6 +130,11 @@ const conf = convict({
    default: 'https://send.firefox.com',
    env: 'BASE_URL'
  },
+  detect_base_url: {
+    format: Boolean,
+    default: false,
+    env: 'DETECT_BASE_URL'
+  },
  file_dir: {
    format: 'String',
    default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
@@ -206,4 +211,17 @@ const conf = convict({
 conf.validate({ allowed: 'strict' });

 const props = conf.getProperties();
-module.exports = props;
+
+const deriveBaseUrl = req => {
+  if (!props.detect_base_url) {
+    return props.base_url;
+  }
+
+  const protocol = req.secure ? 'https://' : 'http://';
+  return `${protocol}${req.headers.host}`;
+};
+
+module.exports = {
+  ...props,
+  deriveBaseUrl
+};
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -36,9 +36,14 @@ module.exports = function(app) {
        defaultSrc: ["'self'"],
        connectSrc: [
          "'self'",
-          config.base_url.replace(/^https:\/\//, 'wss://')
+          function(req) {
+            const baseUrl = config.deriveBaseUrl(req);
+            const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
+            console.log([baseUrl, r]);
+            return r;
+          }
        ],
-        imgSrc: ["'self'"],
+        imgSrc: ["'self'", 'data:'],
        scriptSrc: [
          "'self'",
          function(req) {
@@ -52,10 +57,6 @@ module.exports = function(app) {
      }
    };

-    csp.directives.connectSrc.push(
-      config.base_url.replace(/^https:\/\//, 'wss://')
-    );
-
    app.use(helmet.contentSecurityPolicy(csp));
  }

--- a/server/routes/upload.js
+++ b/server/routes/upload.js
@@ -28,8 +28,7 @@ module.exports = async function(req, res) {
    //this hasn't been updated to expiration time setting yet
    //if you want to fallback to this code add this
    await storage.set(newId, fileStream, meta, config.default_expire_seconds);
-    const protocol = config.env === 'production' ? 'https' : req.protocol;
-    const url = `${protocol}://${req.get('host')}/download/${newId}/`;
+    const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;
    res.set('WWW-Authenticate', `send-v1 ${meta.nonce}`);
    res.json({
      url,
--- a/server/routes/ws.js
+++ b/server/routes/ws.js
@@ -65,8 +65,7 @@ module.exports = function(ws, req) {
        nonce: crypto.randomBytes(16).toString('base64')
      };

-      const protocol = config.env === 'production' ? 'https' : req.protocol;
-      const url = `${protocol}://${req.get('host')}/download/${newId}/`;
+      const url = `${config.deriveBaseUrl(req)}/download/${newId}/`;

      ws.send(
        JSON.stringify({
--- a/server/state.js
+++ b/server/state.js
@@ -23,6 +23,7 @@ module.exports = async function(req) {
  if (config.survey_url) {
    prefs.surveyUrl = config.survey_url;
  }
+  const baseUrl = config.deriveBaseUrl(req);
  return {
    archive: {
      numFiles: 0
@@ -33,7 +34,7 @@ module.exports = async function(req) {
    title: 'Send',
    description:
      'Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay online forever.',
-    baseUrl: config.base_url,
+    baseUrl,
    ui: {},
    storage: {
      files: []
--- a/server/storage/redis.js
+++ b/server/storage/redis.js
@@ -8,10 +8,10 @@ module.exports = function(config) {

  //eslint-disable-next-line security/detect-non-literal-require
  const redis = require(redis_lib);
-  const client = redis.createClient({
+
+  var client_config = {
    host: config.redis_host,
    port: config.redis_port,
-    password: config.redis_password,
    retry_strategy: options => {
      if (options.total_retry_time > config.redis_retry_time) {
        client.emit('error', 'Retry time exhausted');
@@ -20,7 +20,10 @@ module.exports = function(config) {

      return config.redis_retry_delay;
    }
-  });
+  };
+  if (config.redis_password != null && config.redis_password.length > 0)
+    client_config.password = config.redis_password;
+  const client = redis.createClient(client_config);

  client.ttlAsync = promisify(client.ttl);
  client.hgetallAsync = promisify(client.hgetall);
Author	SHA1	Message	Date
timvisee	72377d3438	Bump version to 3.4.10	2021-05-07 13:09:37 +02:00
timvisee	512c9803bd	Enable base URL detection by default with npm start, remove FXA_CLIENT_ID	2021-05-07 13:07:26 +02:00
timvisee	4c45d6217d	Properly derive base URL as configured in file upload logic Fixes https://github.com/timvisee/send/issues/29	2021-05-07 13:07:17 +02:00
timvisee	b4b8060a78	Update dependencies	2021-05-07 12:40:16 +02:00
timvisee	ed042b8515	Merge branch 'ckwalsh-detect_base_url' into master	2021-05-07 12:38:24 +02:00
timvisee	06bc58c93c	Merge branch 'detect_base_url' of https://github.com/ckwalsh/send into ckwalsh-detect_base_url	2021-05-07 12:30:06 +02:00
timvisee	b58caed44f	Merge branch 'dependabot/npm_and_yarn/url-parse-1.5.1' into master	2021-05-06 18:45:36 +02:00
timvisee	174ade1c2e	Merge branch 'master' into dependabot/npm_and_yarn/url-parse-1.5.1	2021-05-06 18:44:28 +02:00
timvisee	31ce8c048b	Merge branch 'dependabot/npm_and_yarn/lodash-4.17.21' into master	2021-05-06 18:38:29 +02:00
dependabot[bot]	ce401881d7	Bump url-parse from 1.4.7 to 1.5.1 Bumps [url-parse](https://github.com/unshiftio/url-parse) from 1.4.7 to 1.5.1. - [Release notes](https://github.com/unshiftio/url-parse/releases) - [Commits](https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.1) Signed-off-by: dependabot[bot] <support@github.com>	2021-05-06 16:35:49 +00:00
dependabot[bot]	c49e8e1062	Bump lodash from 4.17.20 to 4.17.21 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21) Signed-off-by: dependabot[bot] <support@github.com>	2021-05-06 16:35:08 +00:00
timvisee	15648157c9	Update dependencies	2021-05-06 18:31:34 +02:00
timvisee	4280edd5af	Merge branch 'tjeerdhans-patch-1' into master See https://github.com/timvisee/send/pull/26	2021-05-06 18:25:58 +02:00
Tjeerd Hans	a3d4e2c502	Some dutch grammar fixes	2021-05-06 17:24:31 +02:00
timvisee	bed5443685	Merge branch 'abhijitnathwani-patch-1' into master See https://github.com/timvisee/send/pull/25	2021-05-06 11:31:27 +02:00
timvisee	f9f5d77cd0	Merge branch 'abhijitnathwani-patch-1' into master See https://github.com/timvisee/send/pull/25	2021-05-06 11:30:59 +02:00
Abhijit Nathwani	0f8a6a107a	Update git url in deployment.md	2021-05-06 12:21:55 +05:30
Cullen Walsh	02e8cb264f	Add detect_base_url config This diff adds the detect_base_url config, controlled by the DETECT_BASE_URL env variable. When set to true, the BASE_URL setting is ignored, and the base_url is derived from the request protocol and host header. Test Plan: Started up a local instance in my homelab, running docker node:15 image with a nginx reverse proxy. Configured nginx to use the same backend with multiple hostnames on https. Opened in browser and confirmed og:url meta tag uses correct url.	2021-05-05 22:19:11 -07:00
timvisee	385ac595b9	Fix linguist documentation marker for locale files Thanks https://news.ycombinator.com/item?id=27055526	2021-05-05 22:46:55 +02:00
timvisee	6df0876286	Merge branch 'whalehub-patch-1' into master	2021-05-03 00:16:41 +02:00
Aaron	827a35f73e	main.css: Use ::marker to avoid browser console warning Signed-off-by: Aaron <admin@datahoarder.dev>	2021-05-03 00:13:24 +02:00
timvisee	eb3a9e8c89	Bump version to 3.4.9	2021-04-21 21:52:18 +02:00
timvisee	6c3ac403f6	Update dependencies	2021-04-21 21:51:12 +02:00
timvisee	1ce2a60dd5	Merge branch 'whalehub-patch-1' into master https://github.com/timvisee/send/pull/19	2021-04-21 21:49:21 +02:00
Aaron	f5bb74e921	index.js: Add "data:" as an allowed image source in CSP Signed-off-by: Aaron <admin@datahoarder.dev>	2021-04-21 21:40:15 +02:00
timvisee	352fba6302	Update dependencies	2021-04-20 20:37:16 +02:00
timvisee	ace2aa5d73	Merge branch 'dependabot/npm_and_yarn/ssri-6.0.2' into master See https://github.com/timvisee/send/pull/18	2021-04-20 20:36:17 +02:00
timvisee	3256b01276	Merge branch 'master' into dependabot/npm_and_yarn/ssri-6.0.2 See https://github.com/timvisee/send/pull/18	2021-04-20 20:35:35 +02:00
timvisee	96244132c6	Bump version to 3.4.8	2021-04-20 18:52:45 +02:00
timvisee	a9cdd13543	Update dependencies	2021-04-20 18:50:12 +02:00
timvisee	1b6c5b8f97	Only set Redis client password if password is specified This attempts to fix a Redis connection issue when the Redis password is an empty string. See https://github.com/timvisee/send-docker-compose/issues/3#issuecomment-822885578	2021-04-20 18:37:19 +02:00
Tim Visée	27e6606516	Merge branch 'simao-silva-master-patch-09841' into 'master' Update Alpine images to current tag See merge request timvisee/send!15	2021-04-19 19:37:59 +00:00
Simão Silva	4902d304b6	Update Alpine images to current tag	2021-04-19 19:32:48 +00:00
dependabot[bot]	32539e58ac	Bump ssri from 6.0.1 to 6.0.2 Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/npm/ssri/releases) - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) Signed-off-by: dependabot[bot] <support@github.com>	2021-04-18 09:33:53 +00:00