* add Content Security Policy
* remove reflect-metadata on production builds to get rid of unsafe-eval
* fix baseCSP usage
* add SRI to CSP
* add blob: to media-src
* remove SRI
* CSP set to reportOnly
* adding data: to connect-src CSP
* remove block-all-mixed-content
* add report-uri support
* Remove hard-coded 8GB upload limit in client
Ideally we'd know what the specific server's configured upload limit
is before starting, but this 8GB limit is not useful if an administrator
has changed the nginx post limit on the server.
* Better docs for admins about client_max_body_size
Seems like some admins already tweak this value up or down to allow
for different maximum video upload sizes. The current codebase has no
other server-side limits that I'm aware of, and I've been routinely
uploading quite large videos to my instance.
This patch replaces the somewhat incorrect (or outdated?) 'hard limit'
comment with some advice about allocating enough space for nginx and
communicating the limit with your users.
Of course it would be better if this configuration could be unified with
PeerTube's config somehow. I'm not sure whether the best option there is
to turn off nginx's buffering here and let PeerTube handle the entire upload
(can we do this only for the video upload API endpoint?) or whether we want
PeerTube to generate nginx configs in a more automated way layer. In any case,
this patch is intended as an incremental improvement.
* make username, display_name and video_channel_name min length 1 and max length 50; (fixes#1263);
! still some bug on the frontend complains but if you remove the disabled property it creates the account just fine;
allow for usernames to start with a number;
fix test, since username can be 1 char now make test check empty;
fix test, Should fail with a too long username;
fix test, Should fail with a too small username;
fix regular expression for username and videoChannel;
change username, videoChannel to be lowercase and fix message;
* change 1 characters to 1 character
* enable email verification by admin
* rename/label to set email as verified
to be more explicit that admin is not sending
another email to confirm
* add update user emailVerified check-params test
* make user.model emailVerified property required