diff --git a/client/components/admin/admin-contribute.vue b/client/components/admin/admin-contribute.vue index 619d8054..0ee8d968 100644 --- a/client/components/admin/admin-contribute.vue +++ b/client/components/admin/admin-contribute.vue @@ -66,7 +66,7 @@ v-tab-item(:transition='false', :reverse-transition='false') .body-1.pa-3 {{ $t('admin:contribute.tshirts') }} v-card-actions.ml-2 - v-btn(outline, :color='darkMode ? `blue lighten-1` : `primary`', href='https://wikijs.threadless.com', large) + v-btn(outlined, :color='darkMode ? `blue lighten-1` : `primary`', href='https://wikijs.threadless.com', large) v-icon(left) mdi-tshirt-crew span {{ $t('admin:contribute.shop') }} v-divider.mt-3 diff --git a/client/components/admin/admin-dev-flags.vue b/client/components/admin/admin-dev-flags.vue index ba1ef5b2..c24bf0a7 100644 --- a/client/components/admin/admin-dev-flags.vue +++ b/client/components/admin/admin-dev-flags.vue @@ -13,7 +13,7 @@ span {{$t('common:actions.apply')}} v-card.mt-3.white.grey--text.text--darken-3 - v-alert(color='red', value='true', icon='mdi-alert', dark, prominent) + v-alert(color='red', :value='true', icon='mdi-alert', dark, prominent) span Do NOT enable these flags unless you know what you're doing! .caption Doing so may result in data loss or broken installation! v-card-text diff --git a/client/components/admin/admin-general.vue b/client/components/admin/admin-general.vue index 944380d0..d7a800f4 100644 --- a/client/components/admin/admin-general.vue +++ b/client/components/admin/admin-general.vue @@ -92,14 +92,14 @@ v-flex(lg6 xs12) v-card.animated.fadeInUp.wait-p4s - v-toolbar(color='primary', dark, dense, flat) + v-toolbar(color='indigo', dark, dense, flat) v-toolbar-title.subtitle-1 Features v-spacer - v-chip(label, color='white', small).primary--text coming soon + v-chip(label, color='white', small).indigo--text coming soon v-card-text v-switch( label='Asset Image Optimization' - color='primary' + color='indigo' v-model='config.featureTinyPNG' persistent-hint hint='Image optimization tool to reduce filesize and bandwidth costs.' @@ -119,7 +119,7 @@ v-divider.mt-3 v-switch( label='Page Ratings' - color='primary' + color='indigo' v-model='config.featurePageRatings' persistent-hint hint='Allow users to rate pages.' @@ -129,7 +129,7 @@ v-divider.mt-3 v-switch( label='Page Comments' - color='primary' + color='indigo' v-model='config.featurePageComments' persistent-hint hint='Allow users to leave comments on pages.' @@ -139,13 +139,75 @@ v-divider.mt-3 v-switch( label='Personal Wikis' - color='primary' + color='indigo' v-model='config.featurePersonalWikis' persistent-hint hint='Allow users to have their own personal wiki.' disabled ) + v-card.mt-5.animated.fadeInUp.wait-p5s + v-toolbar(color='red darken-2', dark, dense, flat) + v-toolbar-title.subtitle-1 Security + v-card-text + v-alert(outlined, color='red darken-2', icon='mdi-information-outline').body-2 Make sure to understand the implications before turning on / off a security feature. + v-switch.mt-3( + label='Block IFrame Embedding' + color='red darken-2' + v-model='config.securityIframe' + persistent-hint + hint='Prevents other websites from embedding your wiki in an iframe. This provides clickjacking protection.' + ) + v-divider.mt-3 + v-switch( + label='Same Origin Referrer Policy' + color='red darken-2' + v-model='config.securityReferrerPolicy' + persistent-hint + hint='Limits the referrer header to same origin.' + ) + + v-divider.mt-3 + v-switch( + label='Enforce HSTS' + color='red darken-2' + v-model='config.securityHSTS' + persistent-hint + hint='This ensures the connection cannot be established through an insecure HTTP connection.' + ) + v-select.mt-5( + outlined + label='HSTS Max Age' + :items='hstsDurations' + v-model='config.securityHSTSDuration' + prepend-icon='mdi-subdirectory-arrow-right' + :disabled='!config.securityHSTS' + hide-details + style='max-width: 450px;' + ) + .pl-11.mt-3 + .caption Defines the duration for which the server should only deliver content through HTTPS. + .caption It's a good idea to start with small values and make sure that nothing breaks on your wiki before moving to longer values. + + v-divider.mt-3 + v-switch( + label='Enforce CSP' + color='red darken-2' + v-model='config.securityCSP' + persistent-hint + hint='Restricts scripts to pre-approved content sources.' + disabled + ) + v-textarea.mt-5( + label='CSP Directives' + outlined + v-model='config.securityCSPDirectives' + prepend-icon='mdi-subdirectory-arrow-right' + persistent-hint + hint='One directive per line.' + disabled + ) +