Commit Graph

116 Commits

Author SHA1 Message Date
Guy Sartorelli
31c974c528 ENH Add samesite attribute to cookies.
Co-authored-by: pine3ree <pine3ree@gmail.com>
2022-06-02 12:01:03 +12:00
Lukas
552cf5944d
MNT Fix various typos with codespell (#10177) 2021-12-13 21:05:33 +13:00
Michael Pritchard
fdbd899766 DOC Update SilverStripe to Silverstripe CMS
- Remaining Developer Guides and Upgrading
- SilverStripe in a namespace or api has not been change
- To keep PRs easier no formatting was changed

Update merge conflics with two files

Update Silverstripe Ltd, Silverstripe Cloud and Silverstripe CMS

Silverstripe CMS Ltd > Silverstripe Ltd
Silverstripe CMS Platform > Silverstripe Cloud
Silverstripe CMS Framework > Silverstripe CMS

Resolve merge conflict

Remove Framework from Silverstripe CMS Framework

- 3 files

Change SilverStripe CMS to Silverstripe CMS
2021-07-30 13:54:15 +01:00
Steve Boyd
1c7fd287a1 ENH Reduce default token period from 90 to 30 days 2021-04-06 13:22:10 +12:00
Ed Wilde
da56fa785b
DOC: fix invalid syntax on link
Fixing the markdown syntax for the link to HTTP Cache Headers.
2021-02-12 16:11:36 +13:00
Ingo Schommer
fee31c2c6c DOCS Recommend moving .protected out of webroot
Note that it's currently unclear whether Silverstripe Cloud or CWP support this,
but it shouldn't block us from recommend this in the open source project.
It's documented in the "server requirements", which should make it pretty
clear that this requires you to have control over server configuration (or check with those that have).

See https://github.com/silverstripe/silverstripe-framework/issues/7710
2020-10-15 17:08:37 +13:00
Ingo Schommer
bffb7e2577 Revert "DOCS MFA authentication"
Underlying feature isn't merged yet,
see https://github.com/silverstripe/silverstripe-installer/issues/280

Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md"

This reverts commit 72a02a3d0e.

Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md"

This reverts commit c54f8e4864.

Revert "DOCS MFA authentication"

This reverts commit 5fe5833fb2.
2020-08-20 18:40:59 +12:00
Ingo Schommer
f8b4570cb1
DOCS MFA authentication (#9536)
See https://github.com/silverstripe/silverstripe-installer/issues/280
2020-08-20 18:33:36 +12:00
Ingo Schommer
72a02a3d0e
Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md
Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>
2020-08-20 18:32:57 +12:00
Ingo Schommer
c54f8e4864
Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md
Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>
2020-08-20 18:32:39 +12:00
Ingo Schommer
b6169a87c2 DOCS HTTP header in server requirements 2020-07-29 14:28:20 +12:00
Jackson Darlow
ae1a883b32 Added mention of Session.timeout to secure_coding docs 2020-06-12 14:43:37 +12:00
Ingo Schommer
5fe5833fb2 DOCS MFA authentication
See https://github.com/silverstripe/silverstripe-installer/issues/280
2020-06-04 08:46:34 +12:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase 2020-05-16 10:34:45 +01:00
Maxime Rainville
affd43052a Merge branch '4.5' into 4 2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167 Merge branch '4.4' into 4.5 2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d [CVE-2019-19325] XSS through non-scalar FormField attributes
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Loz Calver
f4713d95f6
Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs
DOCS Add note about applying forceSSL to non-live environments
2019-11-25 11:37:30 +00:00
Garion Herman
bf38997b6e DOCS Add note about applying forceSSL to non-live environments 2019-11-25 12:14:26 +13:00
Aaron Carlino
6888901468
NEW: Update docs to be compliant with Gatsby site (#9314)
* First cut

* Temporarily disable composer.json for netlify build

* POC

* New recursive directory query, various refinements

* Fix flexbox

* new styled components plugin

* Apply frontmatter delimiters

* Mobile styles, animation

* Search

* Redesign, clean up

* Nuke the cache, try again

* fix file casing

* Remove production env file

* ID headers

* Move app to new repo

* Add frontmatter universally

* Hide children changelogs

* Add how to title

* New callout tags

* Revert inline code block change

* Replace note callouts

* Fix icons

* Repalce images

* Fix icon

* Fix image links

* Use proper SQL icon
2019-11-18 17:58:33 +13:00
Maxime Rainville
d7f5ed3e65 DOC Substituce old apache syntax for Require 2019-09-25 16:59:48 +12:00
Matt Peel
7083f016c1
Update secure coding standards
As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.
2019-09-10 12:55:24 +12:00
Robbie Averill
3224c9971b Merge branch '4.4' into 4 2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688 Merge branch '4.3' into 4.4 2019-08-02 11:24:45 +12:00
Robbie Averill
2d2b0b82f0 DOCS Fix incorrect rendering of note on list item
[ci skip]
2019-07-25 12:03:12 +02:00
Ingo Schommer
4d93e48b10
DOCS Add silverstripe/login-forms (#9112)
See https://github.com/silverstripe/recipe-cms/issues/26.
Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257.
2019-07-16 10:11:37 +12:00
Erlend Mongstad
80b097eb68
Added missing Permission class to example
Following the example will give the following error;

```[Emergency] Uncaught Error: Class {my namespace}\Permission not found```

Added the missing class
2019-04-17 02:36:13 +02:00
Robbie Averill
af8d268cc7 DOCS Update documentation for password validation rule configuration 2018-11-13 10:55:26 +02:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
259aa06010 DOCS More resilient example domain
myapp.com is owned, example.com is specifically reserved for documentation use cases:
https://en.wikipedia.org/wiki/Example.com

[ci skip]
2018-06-26 10:13:36 +12:00
Ingo Schommer
2e1e8e07b9 DOCS Consistent app/ folder and composer use
- Stronger wording around "use composer"
- Consistent domain and email address naming
- Removed example for publishing non-composer modules (those shouldn't be encouraged)
- Removed instructions for installing modules from archives

[ci skip]
2018-06-25 10:40:19 +12:00
Damian Mooyman
3ea98cdb13
Migrate documentation from 3.x 2018-06-13 14:50:02 +12:00
Robbie Averill
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
Ingo Schommer
9097a95de2 Cookie lifetime docs 2018-05-21 11:36:53 +12:00
Ingo Schommer
5445a0d3fc Corrected login data usage docs 2018-05-21 11:36:45 +12:00
Ingo Schommer
78fe189c6d
Merge pull request #8003 from open-sausages/pulls/4/docs-personal-data
Docs for personal data usage in core
2018-05-17 17:11:56 +12:00
Kairat Jenishev
b4ba3cbd1f
DOCS Fix broken links and headers 2018-05-03 16:42:52 +01:00
Robbie Averill
1505a89a63 Update to include note about auto redirect to HTTPS for basic auth 2018-04-24 16:42:52 +12:00
Ingo Schommer
1b882e802e Docs for personal data usage in core
See https://github.com/silverstripe/silverstripe-framework/issues/7791
2018-04-13 13:23:05 +12:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
cpenny
fdbf4c2134 Updated docs for Rate Limiting. 2018-03-09 08:15:11 +13:00
Gorrie Coe
3ae8838285
Added Name to example 2017-12-12 14:40:34 +13:00
Gorrie Coe
849038a60b
Added after priority to replace default authenticator. 2017-12-12 12:52:52 +13:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup 2017-10-27 15:38:27 +13:00
Aaron Carlino
e7274b0ee4 Add namespaces 2017-10-27 12:45:26 +13:00
Daniel Hensby
c077abf353
DOCS new rate limiting docs 2017-09-27 17:40:04 +01:00
Simon Erkelens
774d44a574 Authentication documentation rewrite 2017-08-28 16:28:30 +12:00
Aaron Carlino
50c8a02bff remove tabs 2017-08-07 15:11:17 +12:00
Aaron Carlino
e4935123d8 Remove a few more references 2017-08-07 14:01:38 +12:00