Whenever using worker through an iframe it was throwing:
cannot open file SecurityError: Failed to construct 'Worker': Script at 'http://localhost:8000/assets/c06e8f0a220ae2c4e6fd03dd808e69ff1beee4c2/plugin/application_gis.zip/loader_dbf.worker.js' cannot be accessed from origin 'null'.
at Module.default (loader_dbf.js:9:20)
at application_table.js:58:50
So we made a helper function to run workers with an option to make it
compatible with iframes. The issue is it does require some flag to be
passed through the iframe: allow-same-origin and allow-scripts but this
was the only way we had to get it done until a better solution comes in
For htpasswd entries where hash is an actual valid hash (SHA etc.), the hash
itself should not be accepted as password. Otherwise, obtaining the htpasswd
file gives an attacker access to all accounts withoutneeding to crack/reverse
hashes.
This commit tries to ensure that hash==password is only accepted if hash is
not a valid hash (plaintext password fallback).
According to the UI default language, the UI language of collabora/code must be explicitly specified within the URL( &lang=pt-BR ); otherwise, the UI language will always default to English (en).
We want to have a warning so that it is possible from the logs to immediately
see if there have been failed logging attempts.
This might allow in the future to set up tools like fail2ban.
Co-authored-by: Marco Seravalli <me@marcoseravalli.com>
