diff --git a/configs/nginx.example b/configs/nginx.example index cbd0dfb4..4d027b89 100644 --- a/configs/nginx.example +++ b/configs/nginx.example @@ -5,8 +5,15 @@ upstream chan { server { server_name domain.com www.domain.com; + server_tokens off; + error_page 404 = /home/tom/jschan/static/html/404.html; - error_page 404 = /path/to/jschan/static/html/404.html; + add_header Cache-Control "public"; + add_header Content-Security-Policy "Content-Security-Policy: default-src 'none'; img-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'"; + add_header Referrer-Policy "same-origin"; + add_header X-Frame-Options "sameorigin"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1; mode=block"; if ($request_uri ~ ^/(?!captcha|randombanner|forms|logout|socket\.io)) { rewrite ^([^.\?]*[^/])$ $1/ redirect; @@ -22,7 +29,6 @@ server { location = /favicon.ico { access_log off; expires max; - add_header Cache-Control "public"; root /path/to/jschan/static/img; try_files $uri =404; } @@ -74,7 +80,6 @@ server { # HTML location ~* \.html$ { expires 0; - add_header Cache-Control "public"; root /path/to/jschan/static/html; try_files $uri @backend; } @@ -82,7 +87,6 @@ server { # JSON location ~* \.json$ { expires 0; - add_header Cache-Control "public"; root /path/to/jschan/static/json; try_files $uri =404; #json doesnt hit backend if it doesnt exist yet. @@ -92,7 +96,6 @@ server { location ~* \.css$ { access_log off; expires 1d; - add_header Cache-Control "public"; root /path/to/jschan/static; try_files $uri =404; } @@ -102,7 +105,6 @@ server { expires 1d; access_log off; root /path/to/jschan/static; - add_header Cache-Control "public"; try_files $uri =404; } @@ -110,7 +112,6 @@ server { location ~* \.(png|jpg|jpeg|gif|mp4|webm|mov|svg)$ { access_log off; expires max; - add_header Cache-Control "public"; root /path/to/jschan/static; try_files $uri =404; } diff --git a/gulp/res/css/nscaptcha.css b/gulp/res/css/nscaptcha.css new file mode 100644 index 00000000..746b2c31 --- /dev/null +++ b/gulp/res/css/nscaptcha.css @@ -0,0 +1,11 @@ +img { + width:200px; + height:80px; + margin:0 auto; +} +input { + position:fixed; + left:-1px; + bottom:-1px; + opacity:0.9; +} diff --git a/gulp/res/css/style.css b/gulp/res/css/style.css index 16ef2d70..490fb20f 100644 --- a/gulp/res/css/style.css +++ b/gulp/res/css/style.css @@ -82,6 +82,9 @@ pre { .text-center { text-align: center; } +.fw { + width: 100%; +} .pr-20 { padding-right: 20px; } @@ -199,6 +202,10 @@ p { color: #3060A8; } +.horscroll { + overflow-x:auto; +} + .spoiler { background: black; color: black; @@ -397,6 +404,7 @@ td, th { .user-id { text-shadow: #000 0px 0px 1px, #000 0px 0px 1px, #000 0px 0px 1px, #000 0px 0px 1px, #000 0px 0px 1px, #000 0px 0px 1px; + background: attr(data-user-id); color: white; padding: 0px 2px; border: 1px solid rgba(0, 0, 0, 0.4); @@ -737,7 +745,7 @@ table.boardtable th:nth-child(3),table.boardtable th:nth-child(4),table.boardtab @media only screen and (max-width: 600px) { table.boardtable td:nth-child(3), table.boardtable th:nth-child(3), - table.boardtable td:nth-child(5), table.boardtable th:nth-child(5) { + table.boardtable td:nth-child(4), table.boardtable th:nth-child(4) { display: none; } diff --git a/gulp/res/js/post.js b/gulp/res/js/post.js index 4efe8a1a..3d8986ba 100644 --- a/gulp/res/js/post.js +++ b/gulp/res/js/post.js @@ -58,7 +58,7 @@ pug_html = pug_html + "\u003Cspan class=\"post-capcode\"\u003E" + (pug_escape(nu const postDate = new Date(post.date) pug_html = pug_html + "\u003Ctime" + (" class=\"post-date\""+pug_attr("datetime", postDate.toISOString(), true, false)) + "\u003E" + (pug_escape(null == (pug_interp = postDate.toLocaleString(undefined, {hour12:false})) ? "" : pug_interp)) + "\u003C\u002Ftime\u003E "; if (post.userId) { -pug_html = pug_html + "\u003Cspan" + (" class=\"user-id\""+pug_attr("style", pug_style(`background: #${post.userId}`), true, false)) + "\u003E" + (pug_escape(null == (pug_interp = post.userId) ? "" : pug_interp)) + "\u003C\u002Fspan\u003E "; +pug_html = pug_html + "\u003Cspan" + (" class=\"user-id\""+pug_attr("style", pug_style(`background-color: #${post.userId}`), true, false)) + "\u003E" + (pug_escape(null == (pug_interp = post.userId) ? "" : pug_interp)) + "\u003C\u002Fspan\u003E "; } pug_html = pug_html + "\u003C\u002Flabel\u003E\u003Cspan class=\"post-links\"\u003E\u003Ca" + (" class=\"no-decoration\""+pug_attr("href", `${postURL}#${post.postId}`, true, false)) + "\u003ENo.\u003C\u002Fa\u003E\u003Cspan class=\"post-quoters\"\u003E\u003Ca" + (" class=\"no-decoration\""+pug_attr("href", `${postURL}#postform`, true, false)) + "\u003E" + (pug_escape(null == (pug_interp = post.postId) ? "" : pug_interp)) + "\u003C\u002Fa\u003E"; if (!post.thread) { diff --git a/views/includes/actionfooter.pug b/views/includes/actionfooter.pug index 3e9ba892..aa688547 100644 --- a/views/includes/actionfooter.pug +++ b/views/includes/actionfooter.pug @@ -22,7 +22,7 @@ details.toggle-label label input#report(type='text', name='report_reason', placeholder='report reason' autocomplete='off') details.actions - summary(style='font-weight: bold') Staff Actions: + summary.bold Staff Actions: label input.post-check(type='checkbox', name='delete_ip_board' value='1') | Delete from IP on board diff --git a/views/includes/bantable.pug b/views/includes/bantable.pug index a6bb9ea2..f0cfd15e 100644 --- a/views/includes/bantable.pug +++ b/views/includes/bantable.pug @@ -1,5 +1,5 @@ -.table-container.mv-10.text-center(style='overflow-x:scroll') - table(style='width:100%') +.table-container.mv-10.text-center.horscroll + table.fw tr th th Board diff --git a/views/includes/captcha.pug b/views/includes/captcha.pug index 515dfbb1..5fe8a75b 100644 --- a/views/includes/captcha.pug +++ b/views/includes/captcha.pug @@ -1,4 +1,3 @@ noscript.no-m-p iframe.captcha(src='/captcha.html' 'width=200' height='80' scrolling='no') -.jsonly.captcha(style='display:none;') input.captchafield(type='text' name='captcha' autocomplete='off' placeholder='captcha text' pattern=".{6}" required title='6 characters') diff --git a/views/includes/head.pug b/views/includes/head.pug index efbc49ad..a6021919 100644 --- a/views/includes/head.pug +++ b/views/includes/head.pug @@ -4,5 +4,5 @@ link(rel='stylesheet' href='/css/style.css') - const theme = board ? board.settings.theme : defaultTheme; link#theme(rel='stylesheet' data-theme=theme href=`/css/themes/${theme}.css`) noscript - style .jsonly { display: none } + style .jsonly { display: none; } link(rel='shortcut icon' href='/favicon.ico' type='image/x-icon') diff --git a/views/mixins/post.pug b/views/mixins/post.pug index 68d36cc0..9e5ffa6c 100644 --- a/views/mixins/post.pug +++ b/views/mixins/post.pug @@ -34,7 +34,7 @@ mixin post(post, truncate, manage=false, globalmanage=false, ban=false) time.post-date(datetime=postDate.toISOString()) #{postDate.toLocaleString(undefined, {hour12:false})} | if post.userId - span.user-id(style=`background: #${post.userId}`) #{post.userId} + span.user-id(style=`background-color: #${post.userId}`) #{post.userId} | span.post-links a.no-decoration(href=`${postURL}#${post.postId}`) No. diff --git a/views/pages/captcha.pug b/views/pages/captcha.pug index 78ab88a6..4a207a16 100644 --- a/views/pages/captcha.pug +++ b/views/pages/captcha.pug @@ -2,7 +2,8 @@ doctype html html head link(rel='stylesheet', href='/css/style.css') - body(style='margin:0;padding:0;') - img(src='/captcha', style='width:200px;height:80px;margin:0 auto;') + link(rel='stylesheet', href='/css/nscaptcha.css') + body.no-m-p + img(src='/captcha') form(action='/forms/newcaptcha', method='POST') - input(style='position:fixed;left:-1px;bottom:-1px;opacity:0.9;' type='submit' value='🗘') + input(type='submit' value='🗘')