6 Commits (37de389c2ff18ecac7b66c3168941496e038ef37)

Author	SHA1	Message	Date
James Elliott	0855ea2f71	fix(server): missing cache and xss headers (#3289) ... Addresses documentation and a couple of headers which were missed.	2022-05-04 14:47:23 +10:00
James Elliott	556a115c83	fix(server): missing modern security headers (#3288) ... This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc.	2022-05-03 12:19:30 +10:00
James Elliott	4710de33a4	refactor(configuration): remove ptr for duoapi and notifier (#3200) ... This adds to the ongoing effort to remove all pointers to structs in the configuration without breaking backwards compatibility.	2022-04-16 09:34:26 +10:00
James Elliott	4503ac07be	fix(web): lowercase locales are not consistent with localization platforms (#3141) ... This fixes an issue with localization platforms and the docs regarding localization, and the forcing locale names to lowercase.	2022-04-08 14:53:46 +10:00
James Elliott	ce6bf74c8d	fix(server): incorrect remote ip logged in error handler (#3139) ... This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important.	2022-04-08 14:13:47 +10:00
James Elliott	4ebd8fdf4e	feat(oidc): provide cors config including options handlers (#3005) ... This adjusts the CORS headers appropriately for OpenID Connect. This includes responding to OPTIONS requests appropriately. Currently this is only configured to operate when the Origin scheme is HTTPS; but can easily be expanded in the future to include additional Origins.	2022-04-07 10:58:51 +10:00