Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mimetype mapping settings #15133

Merged
merged 6 commits into from
May 10, 2021
Merged

Conversation

szatyinadam
Copy link
Contributor

@szatyinadam szatyinadam commented Mar 23, 2021

This PR should fix #14164 issue.

The Content-Type header set to application/vnd.android.package-archive instead of application/zip when the file extension is .apk .

Related to #8152 as well.

@6543 6543 added this to the 1.15.0 milestone Mar 23, 2021
@6543 6543 added the type/enhancement An improvement of existing functionality label Mar 23, 2021
@@ -59,6 +60,9 @@ func ServeData(ctx *context.Context, name string, size int64, reader io.Reader)
} else {
ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, name))
ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
if filepath.Ext(name) == ".apk" && base.IsZipFile(buf) {
Copy link
Member

@silverwind silverwind Mar 23, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will not work with mixed case letters, e.g. APK or aPk.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've fixed this with EqualFold.
Should I squash the fix and the original commit?

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 23, 2021
@silverwind
Copy link
Member

silverwind commented Mar 23, 2021

Is there a reason why we single out such types and not just use https://golang.org/pkg/mime/#TypeByExtension? Are there security implications related to Content-Type?

@szatyinadam
Copy link
Contributor Author

Is there a reason why we single out such types and not just use https://golang.org/pkg/mime/#TypeByExtension? Are there security implications related to Content-Type?

Unfortunately mime.TypeByExtension(".apk") returns empty string.

@silverwind
Copy link
Member

Right, mime.TypeByExtension seems worthless. Maybe in the future we can add a more complete mime type database.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 26, 2021
@szatyinadam
Copy link
Contributor Author

Thanks @silverwind for the review! Can someone else check it?

@zeripath
Copy link
Contributor

I think we just need to think carefully about whether there are security implications of this change.

@silverwind
Copy link
Member

Indeed, it is related to #8152 (comment) and recent PR #15299.

Github serves raw APK as generic mime type application/octet-stream.

I now think we should in the default configuration serve generic mime types application/octet-stream and text/plain to be on the safe side. There could be added a configuration option to serve "more correct" mime types, maybe user-definable based on file extension.

@silverwind
Copy link
Member

See #8152 (comment) for a better suggestion.

@szatyinadam szatyinadam marked this pull request as draft April 14, 2021 21:41
@szatyinadam
Copy link
Contributor Author

szatyinadam commented Apr 14, 2021

@silverwind Can You take an other look for the new commit? If the direction is good then I will remove the unused functions created in the previous commit and remove the Draft flag.

Should we use some case insensitivity in this solution as well?

@silverwind
Copy link
Member

Looks good at first glance. Yes, please make it case-insenstive. Should add an entry in https://github.com/go-gitea/gitea/blob/master/docs/content/doc/advanced/config-cheat-sheet.en-us.md as well.

I'm not totally satisfied with the name of the config option, maybe you find a better section to put it in or someone else has a better suggestion.

@silverwind
Copy link
Member

silverwind commented Apr 15, 2021

Maybe we can put it as security.mimetype.mapping as it is kind of a security-related topic.

Edit, actually no, not a good idea.

@szatyinadam szatyinadam marked this pull request as ready for review April 15, 2021 22:11
@szatyinadam szatyinadam requested a review from silverwind April 15, 2021 22:12
@szatyinadam
Copy link
Contributor Author

@silverwind Can you take a look on this PR or refer anyone who can do a review?

Copy link
Contributor

@zeripath zeripath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think changing the name to repository.mimetype_mapping would be better

@@ -1302,3 +1302,8 @@ STORAGE_TYPE = local
;MINIO_LOCATION = us-east-1
; Minio enabled ssl only available when STORAGE_TYPE is `minio`
;MINIO_USE_SSL = false

; Custom mime type mapping for downloadable files
;[download.mimetype.mapping]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
;[download.mimetype.mapping]
;[repository.mimetype_mapping]

@@ -958,6 +958,15 @@ MINIO_USE_SSL = false

And used by `[attachment]`, `[lfs]` and etc. as `STORAGE_TYPE`.

## MIME type mapping (`download.mimetype.mapping`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move it up to near the repository sections and rename it:

Suggested change
## MIME type mapping (`download.mimetype.mapping`)
## MIME type mapping (`repository.mimetype_mapping`)

)

func newMimeTypeMap() {
sec := Cfg.Section("download.mimetype.mapping")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sec := Cfg.Section("download.mimetype.mapping")
sec := Cfg.Section("repository.mimetype_mapping")

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 10, 2021
Copy link
Member

@techknowlogick techknowlogick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR :)

@zeripath zeripath changed the title Fix APK's Content-Type header Add mime-type settings May 10, 2021
@zeripath zeripath changed the title Add mime-type settings Add mimetype mapping settings May 10, 2021
@techknowlogick
Copy link
Member

🚀

@techknowlogick techknowlogick merged commit d86d123 into go-gitea:main May 10, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
* Fix APK's Content-Type header

* Fix case sensitive comparison

* Add custom mime type mapping for downloadable files

* Add documentation for MIME type mapping

* Rename download.mimetype.mapping configuration to repository.mimetype_mapping

Co-authored-by: zeripath <art27@cantab.net>
aswild added a commit to aswild/gitea that referenced this pull request Aug 28, 2021
1.15.0-rc1

* BREAKING
  * Make app.ini permissions more restrictive (go-gitea#16266)
  * Refactor Webhook + Add X-Hub-Signature (go-gitea#16176)
  * Add asymmetric JWT signing (go-gitea#16010)
  * Clean-up the settings hierarchy for issue_indexer queue (go-gitea#16001)
  * Change default queue settings to be low go-routines (go-gitea#15964)
  * Improve assets handler middleware (go-gitea#15961)
  * Rename StaticUrlPrefix to AssetUrlPrefix (go-gitea#15779)
  * Use a generic markup class to display externally rendered files and diffs (go-gitea#15735)
  * Add frontend testing, require node 12 (go-gitea#15315)
  * Move (custom) assets into subpath `/assets` (go-gitea#15219)
  * Use level config in log section when sub log section not set level (go-gitea#15176)
  * Links in markdown should be absolute to the repository not the server (go-gitea#15088)
* SECURITY
  * Encrypt LDAP bind password in db with SECRET_KEY (go-gitea#15547)
  * Remove random password in Dockerfiles (go-gitea#15362)
* FEATURES
  * Update Go-Git to take advantage of LargeObjectThreshold (go-gitea#16316)
  * Support custom mime type mapping for text files (go-gitea#16304)
  * Link to previous blames in file blame page (go-gitea#16259)
  * Add LRU mem cache implementation (go-gitea#16226)
  * Localize Email Templates (go-gitea#16200)
  * Make command in authorized keys a template (go-gitea#16003)
  * Add possibility to make branch in branch page (go-gitea#15960)
  * Add email headers (go-gitea#15939)
  * Make tasklist checkboxes clickable (go-gitea#15791)
  * Add selecting tags on the compare page (go-gitea#15723)
  * Add cron job to delete old actions from database (go-gitea#15688)
  * On open repository open common cat file batch and batch-check (go-gitea#15667)
  * Add tag protection (go-gitea#15629)
  * Add push to remote mirror repository (go-gitea#15157)
  * Add Image Diff for SVG files (go-gitea#14867)
  * Add dashboard milestone search and repo milestone search by name. (go-gitea#14866)
  * Add LFS Migration and Mirror (go-gitea#14726)
  * Improve notifications for WIP draft PR's (go-gitea#14663)
  * Disable Stars config option (go-gitea#14653)
  * Add option to provide signature for a token to verify key ownership (go-gitea#14054)
  * OAuth2 auto-register (go-gitea#5123)
* API
  * Return updated repository when changing repository using API (go-gitea#16420)
  * Let branch/tag name be a valid ref to get CI status (go-gitea#16400)
  * Add endpoint to get commits of PR (go-gitea#16300)
  * Allow COMMENT reviews to not specify a body (go-gitea#16229)
  * Add subject-type filter to list notification API endpoints (go-gitea#16177)
  * ListReleases add filter for draft and pre-releases (go-gitea#16175)
  * ListIssues add more filters (go-gitea#16174)
  * Issue Search Add filter for MilestoneNames (go-gitea#16173)
  * GET / SET User Settings (go-gitea#16169)
  * Expose repo.GetReviewers() & repo.GetAssignees() (go-gitea#16168)
  * User expose counters (go-gitea#16167)
  * Add repoGetTag (go-gitea#16166)
  * Add repoCreateTag (go-gitea#16165)
  * Creating a repo from a template repo via API (go-gitea#15958)
  * Add Active and ProhibitLogin to API (go-gitea#15689)
  * Add Location, Website and Description to API (go-gitea#15675)
  * Expose resolver via API (go-gitea#15167)
* ENHANCEMENTS
  * Support HTTP/2 in Let's Encrypt (go-gitea#16371)
  * Introduce NotifySubjectType (go-gitea#16320)
  * Add forge emojies (go-gitea#16296)
  * Implemented head_commit for webhooks (go-gitea#16282)
  * Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (go-gitea#16278)
  * Add previous/next buttons to review comments (go-gitea#16273)
  * Review comments: break-word for long file names (go-gitea#16272)
  * Add configuration to restrict allowed user visibility modes (go-gitea#16271)
  * Add scroll-margin-top to account for sticky header (go-gitea#16269)
  * Add --quiet and --verbose to gitea web to control initial logging (go-gitea#16260)
  * Use gitea logging module for git module (go-gitea#16243)
  * Add tests for all webhooks (go-gitea#16214)
  * Add button to delete undeleted repositories from failed migrations (go-gitea#16197)
  * Speed up git diff highlight generation (go-gitea#16180)
  * Add OpenID claims "profile" and "email". (go-gitea#16141)
  * Reintroduce squash merge default comment as a config setting (go-gitea#16134)
  * Add sanitizer rules per renderer (go-gitea#16110)
  * Improve performance of dashboard list orgs (go-gitea#16099)
  * Refactor assert statements in tests (go-gitea#16089)
  * Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (go-gitea#16086)
  * Remove unnecessary goroutine (go-gitea#16080)
  * Add attachments for PR reviews (go-gitea#16075)
  * Make the github migration less rate limit waiting to get comment per page from repository but not per issue (go-gitea#16070)
  * Add Visible modes function from Organisation to Users too (go-gitea#16069)
  * Add checkbox to delete pull branch after successful merge (go-gitea#16049)
  * Make commit info cancelable (go-gitea#16032)
  * Make modules/context.Context a context.Context (go-gitea#16031)
  * Unified custom config creation (go-gitea#16012)
  * Make sshd_config more flexible regarding connections (go-gitea#16009)
  * Append to existing trailers in generated squash commit message (go-gitea#15980)
  * Always store primary email address into email_address table and also the state (go-gitea#15956)
  * Load issue/PR context popup data only when needed (go-gitea#15955)
  * Remove remaining fontawesome usage in templates (go-gitea#15952)
  * Remove fomantic accordion module (go-gitea#15951)
  * Small refactoring of modules/private (go-gitea#15947)
  * Double the avatar size factor (go-gitea#15941)
  * Add curl to rootless docker image (go-gitea#15908)
  * Replace clipboard.js with async clipboard api (go-gitea#15899)
  * Allow custom highlight mapping beyond file extensions (go-gitea#15808)
  * Add trace logging to SSO methods (go-gitea#15803)
  * Refactor routers directory (go-gitea#15800)
  * Allow only internal registration (go-gitea#15795)
  * Add a new internal hook to save ssh log (go-gitea#15787)
  * Respect default merge message syntax when parsing item references (go-gitea#15772)
  * OAuth2 login: Set account link to "login" as default behavior (go-gitea#15768)
  * Use single shared random string generation function (go-gitea#15741)
  * Hold the event source when there are no listeners (go-gitea#15725)
  * Code comments improvements (go-gitea#15722)
  * Provide OIDC compliant user info endpoint (go-gitea#15721)
  * Fix webkit calendar icon color on arc-green (go-gitea#15713)
  * Improve Light Chroma style (go-gitea#15699)
  * Only use boost workers for leveldb shadow queues (go-gitea#15696)
  * Add compare tag dropdown to releases page (go-gitea#15695)
  * Add caret styling CSS (go-gitea#15651)
  * Remove x-ua-compatible meta tag (go-gitea#15640)
  * Refactor of link creation (go-gitea#15619)
  * Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (go-gitea#15599)
  * Rewrite of the LFS server (go-gitea#15523)
  * Display more repository type on admin repository management (go-gitea#15440)
  * Remove usage of some JS globals (go-gitea#15378)
  * SHA in merged commit comment should be rendered ui sha (go-gitea#15376)
  * Add well-known config for OIDC (go-gitea#15355)
  * Use route rather than use thus reducing the number of stack frames (go-gitea#15301)
  * Code Formats, Nits & Unused Func/Var deletions (go-gitea#15286)
  * Let package git depend on setting but not opposite (go-gitea#15241)
  * Fixed sanitize errors (go-gitea#15240)
  * response simple text message for not html request when 404 (go-gitea#15229)
  * Remove file-loader dependency (go-gitea#15196)
  * Refactor renders (go-gitea#15175)
  * Add mimetype mapping settings (go-gitea#15133)
  * Add Status Updates whilst Gitea migrations are occurring (go-gitea#15076)
  * Reload locales in initialisation if needed by utilizing i18n.Reset (go-gitea#15073)
  * Counterwork seemingly unclickable repo button labels (go-gitea#15064)
  * Add DefaultMergeStyle option to repository (go-gitea#14789)
  * Added support for gopher URLs. (go-gitea#14749)
  * Rework repository archive (go-gitea#14723)
  * Add links to toggle WIP status (go-gitea#14677)
  * Add Tabular Diff for CSV files (go-gitea#14661)
  * Use milestone deadline when sorting issues (go-gitea#14551)
* BUGFIXES
  * Fix invalid params and typo of email templates (go-gitea#16394)
  * Fix activation of primary email addresses (go-gitea#16385)
  * Fix calculation for finalPage in repo-search component (go-gitea#16382)
  * Specify user in rootless container numerically (go-gitea#16361)
  * Detect encoding changes while parsing diff (go-gitea#16330)
  * Fix U2F error reasons always hidden (go-gitea#16327)
  * Prevent zombie processes (go-gitea#16314)
  * Escape reference to `user` table in models.SearchEmails (go-gitea#16313)
  * Fix default push instructions on empty repos (go-gitea#16302)
  * Fix modified files list in webhooks when there is a space (go-gitea#16288)
  * Fix webhook commits wrong hash on HEAD reset (go-gitea#16283)
  * Fuzzer finds an NPE due to incorrect URLPrefix (go-gitea#16249)
  * Don't WARN log UserNotExist errors on ExternalUserLogin failure (go-gitea#16238)
  * Do not show No match found for tribute (go-gitea#16231)
  * Fix "Copy Link" for pull requests (go-gitea#16230)
  * Fix diff expansion is missing final line in a file (go-gitea#16222)
  * Fix private repo permission problem (go-gitea#16142)
  * Fix not able to update local created non-urlencoded wiki pages (go-gitea#16139)
  * More efficiently parse shas for shaPostProcessor (go-gitea#16101)
  * Fix `doctor --run check-db-consistency --fix` with label fix (go-gitea#16094)
  * Prevent webhook action buttons from shifting (go-gitea#16087)
  * Change default TMPDIR path in rootless containers (go-gitea#16077)
  * Fix typo and add TODO notice (go-gitea#16064)
  * Use git log name-status in get last commit (go-gitea#16059)
  * Fix 500 Error with branch and tag sharing the same name (go-gitea#16040)
  * Fix get tag when migration (go-gitea#16014)
  * Add custom emoji support (go-gitea#16004)
  * Use filepath.ToSlash and Join in indexer defaults and queues (go-gitea#15971)
  * Add permission check for ``GenerateRepository`` (go-gitea#15946)
  * Ensure settings for Service and Mailer are read on the install page (go-gitea#15943)
  * Fix layout of milestone view (go-gitea#15927)
  * Unregister non-matching serviceworkers (go-gitea#15834)
  * Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (go-gitea#15693)
  * Attachment support repository route (go-gitea#15580)
  * Fix missing icons and colorpicker when mounted on suburl (go-gitea#15501)
  * Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (go-gitea#15304)
  * Prevent double-login for Git HTTP and LFS and simplify login (go-gitea#15303)
  * Resolve Object { type: "error", data: undefined } in stopwatch.js (go-gitea#15278)
  * Fix heatmap activity (go-gitea#15252)
  * Remove vendored copy of fomantic-dropdown (go-gitea#15193)
  * Update repository size on cron gc task (go-gitea#15177)
  * Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (go-gitea#15153)
  * Add code block highlight to orgmode back (go-gitea#14222)
  * Remove User.GetOrganizations() (go-gitea#14032)
* TESTING
  * Bump `postgres` and `mysql` versions (go-gitea#15710)
  * Add tests for clone from wiki (go-gitea#15513)
  * Fix Benchmark tests, remove a broken one & add two new  (go-gitea#15250)
  * Create Proper Migration tests (go-gitea#15116)
* TRANSLATION
  * Use a special name for update default branch on repository setting (go-gitea#15893)
  * Fix mirror_lfs source string in en-US locale (go-gitea#15369)
* BUILD
  * Upgrade xorm to v1.1.1 (go-gitea#16339)
  * Alpine 3.14 released (go-gitea#16170)
  * Disable legal comments in esbuild (go-gitea#15929)
  * Switch to Node 16 to build fronted  (go-gitea#15804)
  * Use esbuild to minify CSS (go-gitea#15756)
  * Use binary version of revive linter (go-gitea#15739)
  * Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (go-gitea#15465)
  * Stop packaging node_modules in release tarballs (go-gitea#15273)
  * Introduce esbuild on webpack (go-gitea#14578)
* DOCS
  * Update queue workers documentation (go-gitea#15999)
  * Comment out app.example.ini (go-gitea#15807)
  * Improve logo customization docs (go-gitea#15754)
  * Add some response status on api docs (go-gitea#15399)
  * Rework Token API comments (go-gitea#15162)
  * Add better errors for disabled account recovery (go-gitea#15117)
* MISC
  * Remove utf8 option from installation page (go-gitea#16126)
  * Use Wants= over Requires= in systemd file (go-gitea#15897)
aswild added a commit to aswild/gitea that referenced this pull request Aug 28, 2021
* BREAKING
  * Make app.ini permissions more restrictive (go-gitea#16266)
  * Refactor Webhook + Add X-Hub-Signature (go-gitea#16176)
  * Add asymmetric JWT signing (go-gitea#16010)
  * Clean-up the settings hierarchy for issue_indexer queue (go-gitea#16001)
  * Change default queue settings to be low go-routines (go-gitea#15964)
  * Improve assets handler middleware (go-gitea#15961)
  * Rename StaticUrlPrefix to AssetUrlPrefix (go-gitea#15779)
  * Use a generic markup class to display externally rendered files and diffs (go-gitea#15735)
  * Add frontend testing, require node 12 (go-gitea#15315)
  * Move (custom) assets into subpath `/assets` (go-gitea#15219)
  * Use level config in log section when sub log section not set level (go-gitea#15176)
  * Links in markdown should be absolute to the repository not the server (go-gitea#15088)
  * Upgrade to the latest version of golang-jwt (go-gitea#16590) (go-gitea#16606)
  * Set minimum supported version of go to 1.16 (go-gitea#16710)
* SECURITY
  * Encrypt LDAP bind password in db with SECRET_KEY (go-gitea#15547)
  * Remove random password in Dockerfiles (go-gitea#15362)
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (go-gitea#16590) (go-gitea#16606)
  * Correctly create of git-daemon-export-ok files (go-gitea#16508) (go-gitea#16514)
  * Don't show private user's repo in explore view (go-gitea#16550) (go-gitea#16554)
  * Update node tar dependency to 6.1.6 (go-gitea#16622) (go-gitea#16623)
* FEATURES
  * Update Go-Git to take advantage of LargeObjectThreshold (go-gitea#16316)
  * Support custom mime type mapping for text files (go-gitea#16304)
  * Link to previous blames in file blame page (go-gitea#16259)
  * Add LRU mem cache implementation (go-gitea#16226)
  * Localize Email Templates (go-gitea#16200)
  * Make command in authorized keys a template (go-gitea#16003)
  * Add possibility to make branch in branch page (go-gitea#15960)
  * Add email headers (go-gitea#15939)
  * Make tasklist checkboxes clickable (go-gitea#15791)
  * Add selecting tags on the compare page (go-gitea#15723)
  * Add cron job to delete old actions from database (go-gitea#15688)
  * On open repository open common cat file batch and batch-check (go-gitea#15667)
  * Add tag protection (go-gitea#15629)
  * Add push to remote mirror repository (go-gitea#15157)
  * Add Image Diff for SVG files (go-gitea#14867)
  * Add dashboard milestone search and repo milestone search by name. (go-gitea#14866)
  * Add LFS Migration and Mirror (go-gitea#14726)
  * Improve notifications for WIP draft PR's (go-gitea#14663)
  * Disable Stars config option (go-gitea#14653)
  * GPG Key Ownership verification with Signed Token (go-gitea#14054)
  * OAuth2 auto-register (go-gitea#5123)
* API
  * Return updated repository when changing repository using API (go-gitea#16420)
  * Let branch/tag name be a valid ref to get CI status (go-gitea#16400)
  * Add endpoint to get commits of PR (go-gitea#16300)
  * Allow COMMENT reviews to not specify a body (go-gitea#16229)
  * Add subject-type filter to list notification API endpoints (go-gitea#16177)
  * ListReleases add filter for draft and pre-releases (go-gitea#16175)
  * ListIssues add more filters (go-gitea#16174)
  * Issue Search Add filter for MilestoneNames (go-gitea#16173)
  * GET / SET User Settings (go-gitea#16169)
  * Expose repo.GetReviewers() & repo.GetAssignees() (go-gitea#16168)
  * User expose counters (go-gitea#16167)
  * Add repoGetTag (go-gitea#16166)
  * Add repoCreateTag (go-gitea#16165)
  * Creating a repo from a template repo via API (go-gitea#15958)
  * Add Active and ProhibitLogin to API (go-gitea#15689)
  * Add Location, Website and Description to API (go-gitea#15675)
  * Expose resolver via API (go-gitea#15167)
  * Swagger AccessToken fixes (go-gitea#16574) (go-gitea#16597)
  * Set AllowedHeaders on API CORS handler (go-gitea#16524) (go-gitea#16618)
* ENHANCEMENTS
  * Support HTTP/2 in Let's Encrypt (go-gitea#16371)
  * Introduce NotifySubjectType (go-gitea#16320)
  * Add forge emojies (go-gitea#16296)
  * Implemented head_commit for webhooks (go-gitea#16282)
  * Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback (go-gitea#16278)
  * Add previous/next buttons to review comments (go-gitea#16273)
  * Review comments: break-word for long file names (go-gitea#16272)
  * Add configuration to restrict allowed user visibility modes (go-gitea#16271)
  * Add scroll-margin-top to account for sticky header (go-gitea#16269)
  * Add --quiet and --verbose to gitea web to control initial logging (go-gitea#16260)
  * Use gitea logging module for git module (go-gitea#16243)
  * Add tests for all webhooks (go-gitea#16214)
  * Add button to delete undeleted repositories from failed migrations (go-gitea#16197)
  * Speed up git diff highlight generation (go-gitea#16180)
  * Add OpenID claims "profile" and "email". (go-gitea#16141)
  * Reintroduce squash merge default comment as a config setting (go-gitea#16134)
  * Add sanitizer rules per renderer (go-gitea#16110)
  * Improve performance of dashboard list orgs (go-gitea#16099)
  * Refactor assert statements in tests (go-gitea#16089)
  * Add sso.Group, context.Auth, context.APIAuth to allow auth special routes (go-gitea#16086)
  * Remove unnecessary goroutine (go-gitea#16080)
  * Add attachments for PR reviews (go-gitea#16075)
  * Make the github migration less rate limit waiting to get comment per page from repository but not per issue (go-gitea#16070)
  * Add Visible modes function from Organisation to Users too (go-gitea#16069)
  * Add checkbox to delete pull branch after successful merge (go-gitea#16049)
  * Make commit info cancelable (go-gitea#16032)
  * Make modules/context.Context a context.Context (go-gitea#16031)
  * Unified custom config creation (go-gitea#16012)
  * Make sshd_config more flexible regarding connections (go-gitea#16009)
  * Append to existing trailers in generated squash commit message (go-gitea#15980)
  * Always store primary email address into email_address table and also the state (go-gitea#15956)
  * Load issue/PR context popup data only when needed (go-gitea#15955)
  * Remove remaining fontawesome usage in templates (go-gitea#15952)
  * Remove fomantic accordion module (go-gitea#15951)
  * Small refactoring of modules/private (go-gitea#15947)
  * Double the avatar size factor (go-gitea#15941)
  * Add curl to rootless docker image (go-gitea#15908)
  * Replace clipboard.js with async clipboard api (go-gitea#15899)
  * Allow custom highlight mapping beyond file extensions (go-gitea#15808)
  * Add trace logging to SSO methods (go-gitea#15803)
  * Refactor routers directory (go-gitea#15800)
  * Allow only internal registration (go-gitea#15795)
  * Add a new internal hook to save ssh log (go-gitea#15787)
  * Respect default merge message syntax when parsing item references (go-gitea#15772)
  * OAuth2 login: Set account link to "login" as default behavior (go-gitea#15768)
  * Use single shared random string generation function (go-gitea#15741)
  * Hold the event source when there are no listeners (go-gitea#15725)
  * Code comments improvements (go-gitea#15722)
  * Provide OIDC compliant user info endpoint (go-gitea#15721)
  * Fix webkit calendar icon color on arc-green (go-gitea#15713)
  * Improve Light Chroma style (go-gitea#15699)
  * Only use boost workers for leveldb shadow queues (go-gitea#15696)
  * Add compare tag dropdown to releases page (go-gitea#15695)
  * Add caret styling CSS (go-gitea#15651)
  * Remove x-ua-compatible meta tag (go-gitea#15640)
  * Refactor of link creation (go-gitea#15619)
  * Add a new table issue_index to store the max issue index so that issue could be deleted with no duplicated index (go-gitea#15599)
  * Rewrite of the LFS server (go-gitea#15523)
  * Display more repository type on admin repository management (go-gitea#15440)
  * Remove usage of some JS globals (go-gitea#15378)
  * SHA in merged commit comment should be rendered ui sha (go-gitea#15376)
  * Add well-known config for OIDC (go-gitea#15355)
  * Use route rather than use thus reducing the number of stack frames (go-gitea#15301)
  * Code Formats, Nits & Unused Func/Var deletions (go-gitea#15286)
  * Let package git depend on setting but not opposite (go-gitea#15241)
  * Fixed sanitize errors (go-gitea#15240)
  * response simple text message for not html request when 404 (go-gitea#15229)
  * Remove file-loader dependency (go-gitea#15196)
  * Refactor renders (go-gitea#15175)
  * Add mimetype mapping settings (go-gitea#15133)
  * Add Status Updates whilst Gitea migrations are occurring (go-gitea#15076)
  * Reload locales in initialisation if needed by utilizing i18n.Reset (go-gitea#15073)
  * Counterwork seemingly unclickable repo button labels (go-gitea#15064)
  * Add DefaultMergeStyle option to repository (go-gitea#14789)
  * Added support for gopher URLs. (go-gitea#14749)
  * Rework repository archive (go-gitea#14723)
  * Add links to toggle WIP status (go-gitea#14677)
  * Add Tabular Diff for CSV files (go-gitea#14661)
  * Use milestone deadline when sorting issues (go-gitea#14551)
* BUGFIXES
  * Fix invalid params and typo of email templates (go-gitea#16394)
  * Fix activation of primary email addresses (go-gitea#16385)
  * Fix calculation for finalPage in repo-search component (go-gitea#16382)
  * Specify user in rootless container numerically (go-gitea#16361)
  * Detect encoding changes while parsing diff (go-gitea#16330)
  * Fix U2F error reasons always hidden (go-gitea#16327)
  * Prevent zombie processes (go-gitea#16314)
  * Escape reference to `user` table in models.SearchEmails (go-gitea#16313)
  * Fix default push instructions on empty repos (go-gitea#16302)
  * Fix modified files list in webhooks when there is a space (go-gitea#16288)
  * Fix webhook commits wrong hash on HEAD reset (go-gitea#16283)
  * Fuzzer finds an NPE due to incorrect URLPrefix (go-gitea#16249)
  * Don't WARN log UserNotExist errors on ExternalUserLogin failure (go-gitea#16238)
  * Do not show No match found for tribute (go-gitea#16231)
  * Fix "Copy Link" for pull requests (go-gitea#16230)
  * Fix diff expansion is missing final line in a file (go-gitea#16222)
  * Fix private repo permission problem (go-gitea#16142)
  * Fix not able to update local created non-urlencoded wiki pages (go-gitea#16139)
  * More efficiently parse shas for shaPostProcessor (go-gitea#16101)
  * Fix `doctor --run check-db-consistency --fix` with label fix (go-gitea#16094)
  * Prevent webhook action buttons from shifting (go-gitea#16087)
  * Change default TMPDIR path in rootless containers (go-gitea#16077)
  * Fix typo and add TODO notice (go-gitea#16064)
  * Use git log name-status in get last commit (go-gitea#16059)
  * Fix 500 Error with branch and tag sharing the same name (go-gitea#16040)
  * Fix get tag when migration (go-gitea#16014)
  * Add custom emoji support (go-gitea#16004)
  * Use filepath.ToSlash and Join in indexer defaults and queues (go-gitea#15971)
  * Add permission check for ``GenerateRepository`` (go-gitea#15946)
  * Ensure settings for Service and Mailer are read on the install page (go-gitea#15943)
  * Fix layout of milestone view (go-gitea#15927)
  * Unregister non-matching serviceworkers (go-gitea#15834)
  * Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (go-gitea#15693)
  * Attachment support repository route (go-gitea#15580)
  * Fix missing icons and colorpicker when mounted on suburl (go-gitea#15501)
  * Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (go-gitea#15304)
  * Prevent double-login for Git HTTP and LFS and simplify login (go-gitea#15303)
  * Resolve Object { type: "error", data: undefined } in stopwatch.js (go-gitea#15278)
  * Fix heatmap activity (go-gitea#15252)
  * Remove vendored copy of fomantic-dropdown (go-gitea#15193)
  * Update repository size on cron gc task (go-gitea#15177)
  * Add NeedPostProcess for Parser interface to improve performance of csv parser and some external parser (go-gitea#15153)
  * Add code block highlight to orgmode back (go-gitea#14222)
  * Remove User.GetOrganizations() (go-gitea#14032)
  * Restore Accessibility for Dropdown (go-gitea#16576) (go-gitea#16617)
  * Pass down SignedUserName down to AccessLogger context (go-gitea#16605) (go-gitea#16616)
  * Fix table alignment in markdown (go-gitea#16596) (go-gitea#16602)
  * Fix 500 on first wiki page (go-gitea#16586) (go-gitea#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (go-gitea#16564) (go-gitea#16570)
  * Upgrade levelqueue to v0.4.0 (go-gitea#16560) (go-gitea#16561)
  * Handle too long PR titles correctly (go-gitea#16517) (go-gitea#16549)
  * Fix data race in bleve indexer (go-gitea#16474) (go-gitea#16509)
  * Restore CORS on git smart http protocol (go-gitea#16496) (go-gitea#16506)
  * Fix race in log (go-gitea#16490) (go-gitea#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (go-gitea#16487) (go-gitea#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16480)
  * Update notification table with only latest data (go-gitea#16445) (go-gitea#16469)
  * Fix crash following ldap authentication update (go-gitea#16447) (go-gitea#16448)
  * Fix direct creation of external users on admin page (partial go-gitea#16612) (go-gitea#16613)
  * Prevent 500 on draft releases without tag (go-gitea#16634) (go-gitea#16636)
  * Restore creation of git-daemon-export-ok files (go-gitea#16508) (go-gitea#16514)
  * Fix data race in bleve indexer (go-gitea#16474) (go-gitea#16509)
  * Restore CORS on git smart http protocol (go-gitea#16496) (go-gitea#16506)
  * Fix race in log (go-gitea#16490) (go-gitea#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (go-gitea#16487) (go-gitea#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16480)
  * Update notification table with only latest data (go-gitea#16445) (go-gitea#16469)
  * Fix crash following ldap authentication update (go-gitea#16447) (go-gitea#16448)
  * Restore compatibility with SQLServer 2008 R2 in migrations (go-gitea#16638)
  * Fix direct creation of external users on admin page (go-gitea#16613)
  * Fix go-git implementation of GetNote when passed a non-existent commit (go-gitea#16658) (go-gitea#16659)
  * Fix NPE in fuzzer (go-gitea#16680) (go-gitea#16682)
  * Set issue_index when finishing migration (go-gitea#16685) (go-gitea#16687)
  * Skip patch download when no patch file exists (go-gitea#16356) (go-gitea#16681)
  * Ensure empty lines are copiable and final new line too (go-gitea#16678) (go-gitea#16692)
  * Fix wrong user in OpenID response (go-gitea#16736) (go-gitea#16741)
  * Do not use thin scrollbars on Firefox (go-gitea#16738) (go-gitea#16745)
  * Recreate Tables should Recreate indexes on MySQL (go-gitea#16718) (go-gitea#16739)
  * Keep attachments on tasklist update (go-gitea#16750) (go-gitea#16757)
* TESTING
  * Bump `postgres` and `mysql` versions (go-gitea#15710)
  * Add tests for clone from wiki (go-gitea#15513)
  * Fix Benchmark tests, remove a broken one & add two new  (go-gitea#15250)
  * Create Proper Migration tests (go-gitea#15116)
* TRANSLATION
  * Use a special name for update default branch on repository setting (go-gitea#15893)
  * Fix mirror_lfs source string in en-US locale (go-gitea#15369)
* BUILD
  * Upgrade xorm to v1.1.1 (go-gitea#16339)
  * Disable legal comments in esbuild (go-gitea#15929)
  * Switch to Node 16 to build fronted  (go-gitea#15804)
  * Use esbuild to minify CSS (go-gitea#15756)
  * Use binary version of revive linter (go-gitea#15739)
  * Fix: npx webpack make: *** [Makefile:699: public/js/index.js] Error -… (go-gitea#15465)
  * Stop packaging node_modules in release tarballs (go-gitea#15273)
  * Introduce esbuild on webpack (go-gitea#14578)
* DOCS
  * Update queue workers documentation (go-gitea#15999)
  * Comment out app.example.ini (go-gitea#15807)
  * Improve logo customization docs (go-gitea#15754)
  * Add some response status on api docs (go-gitea#15399)
  * Rework Token API comments (go-gitea#15162)
  * Add better errors for disabled account recovery (go-gitea#15117)
* MISC
  * Remove utf8 option from installation page (go-gitea#16126)
  * Use Wants= over Requires= in systemd file (go-gitea#15897)
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Can't execute APK file downloaded from assets in versions page, on Android
6 participants