squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-21 07:57:22 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,870 Commits 17 Branches 253 Tags
9380209afbca0d4b71691cf027cf1ed56c0d6eb8
Commit Graph

112 Commits

Author SHA1 Message Date
Chocobo1
9380209afb Revise CSP header 
The majority of the CSP is tuned for built-in WebUI, it may not be
suitable for alternative UI.

Also add QLatin1String to strings. This code path is called repeatedly,
it is worth adding QLatin1String to squeeze out the last bit of
performance.
 2018-12-17 00:49:07 +02:00
Chocobo1
be2895ac6f Enforce referrer-policy in WebUI 
This stops leaking private data to other websites via Referrer header.
 2018-12-17 00:49:06 +02:00
thalieht
bd4d2fa424 Combine qAsConst() with copyAsConst() to asConst() 2018-12-17 00:28:33 +02:00
thalieht
e2ee928017 Convert all foreach() to range-based for() 2018-12-17 00:28:32 +02:00
Chocobo1
fef0e70c9f Fix missing words in WebUI 
This is because Qt translator returns empty string when the translation
is not provided, now we fallback to the original string from source code.

Closes #9868.
 2018-12-17 00:28:14 +02:00
Thomas Piccirello
9cc112aa4e Add SameSite attribute to WebUI session cookie 
This attribute prevents the cookie from being submitted on any cross-site request, strongly limiting CSRF.

Closes #9877.
 2018-12-17 00:28:14 +02:00
Chocobo1
a21c386dbf Add option for WebUI Host header validation 
Closes #9743.
 2018-12-17 00:28:12 +02:00
Vladimir Golovnev (Glassez)
5a7b88c16c Fix Alternative Web UI to be available 2018-11-14 23:39:57 +02:00
Thomas Piccirello
cffafa8e9f Add WebUI search API controller 
Closes #2495.
 2018-11-14 23:39:57 +02:00
Vladimir Golovnev (Glassez)
3eef12bd8f Use independent translation for WebUI 2018-11-14 23:39:57 +02:00
Chocobo1
5cd5cc71a8 Replace png icons with svg 2018-08-17 21:40:04 +03:00
Chocobo1
a7b82ebcb5 Cache more preference values 
These values from Preference class are frequently used.
Also group related variables together.
 2018-08-12 11:08:06 +03:00
thalieht
8074be7644 Delete several unused #include 2018-08-12 11:08:06 +03:00
Chocobo1
0287481001 Send Cache-Control header in WebUI responses 
Tune the caching time to be shorter, in case there is a program
update.
Change the cacheability to private, as WebUI resources are not intended
to be cached at proxy.
For uncacheable responses, send out "no-store" explicitly to halt
browser caching.
 2018-08-12 11:08:06 +03:00
Thomas Piccirello
246cad1108 Add form-action to CSP 
This option restricts all form submissions to the WebUI's origin.
qBittorrent only ever submits forms to the origin, so this is intended as a security measure.
 2018-08-12 11:08:06 +03:00
Thomas Piccirello
23bf86a8a8 Add upgrade-insecure-requests to CSP when HTTPS is enabled 
This option automatically upgrades all http connections to https.
It ensures http urls cannot be accessed when in https mode, and is intended as a security measure.
 2018-08-12 11:08:06 +03:00
Chocobo1
c93b05c293 Replace QRegExp with QRegularExpression 
Revise `static` keyword usage, static is added to frequently used
instances.
 2018-08-12 11:08:06 +03:00
Chocobo1
725c6857be Improve WebUI security measures 
CSP was erroneously disabled in bad4d94f77
when clickjacking protection is off, now it is back.
Also added CSP 'frame-ancestors' directive when clickjacking
protection is enabled.
 2018-08-12 11:08:06 +03:00
Chocobo1
12d0a3acc1 Add option to control CSRF protection 
Some users are using WebUI with simple port-forwarding from their router,
providing an option to control the protection will save them from setting up an
non-trival web proxy.
Closes #7274.
 2018-08-12 11:08:06 +03:00
Chocobo1
6ad2a13386 Add option to control WebUI clickjacking protection 
Some users actually want embedding WebUI into their custom build iframe.
Closes #7370.
 2018-08-12 11:08:06 +03:00
Chocobo1
9ff17c8d9d Make use of QStringLiteral 
Only changed instances that are initialized at program start.
 2018-05-27 18:31:51 +03:00
Chocobo1
68a34e0738 Refactor code 
Add const to variables.
No functionality change.
 2018-05-27 18:31:51 +03:00
Chocobo1
38fa575958 Apply locale changes immediately in WebUI 2018-05-27 18:31:51 +03:00
Vladimir Golovnev (Glassez)
4b7ce87f57 Fix params handling for some legacy API methods 
Closes #8880.
 2018-05-27 18:31:51 +03:00
Vladimir Golovnev (Glassez)
2075533468 Improve legacy API params handling 2018-05-27 18:31:51 +03:00
thalieht
9cb190ebe7 Replace the zeroing of pointers with nullptr 2018-05-27 18:31:51 +03:00
Vladimir Golovnev (Glassez)
001bd38557 Fix pauseAll/resumeAll legacy API methods 
Closes #8766.
 2018-04-20 14:30:25 +03:00
Chocobo1
fdf3ebbb6c Remove usage of deprecated functions 
Also use proper type for storing date/time data
 2018-03-09 19:20:58 +08:00
Mike Tzou
5261d4375f Merge pull request #8551 from Chocobo1/override 
Fix warnings from linters
 2018-03-09 00:36:52 +08:00
Chocobo1
0457fd260e Avoid temporary QString allocations 
This fixes clazy warning: Use multi-arg instead [-Wclazy-qstring-arg]
 2018-03-07 20:06:00 +08:00
Vladimir Golovnev (Glassez)
1aca3b0adc Parse URL query string at application level 2018-03-04 17:08:48 +03:00
Vladimir Golovnev (Glassez)
34456a7459 Fix Legacy Web API to be fully available 2018-02-28 18:25:48 +03:00
Vladimir Golovnev (Glassez)
27d8dbf13b Redesign Web API 
Normalize Web API method names.
Allow to use alternative Web UI.
Switch Web API version to standard form (i.e. "2.0").
Improve Web UI translation code.
Retranslate changed files.
Add Web API for RSS subsystem.
 2018-01-28 19:16:24 +03:00
sledgehammer999
4e96a1065e Bump API_VERSION to 16. 2017-11-22 01:14:33 +02:00
sledgehammer999
ffa6f7ea34 Bump API_VERSION to 16. 2017-11-03 01:57:32 +02:00
Mike Tzou
b6be5afb89 Merge pull request #7584 from Chocobo1/refactor 
[WebAPI] Refactor
 2017-10-23 19:36:28 +08:00
Chocobo1
ce362f0e5e WebAPI refactor: utilize parseBool() function 
Coding style cleanup
Rename variable
Return const reference
Add const
 2017-10-18 22:27:59 +08:00
Chocobo1
f350977cb4 WebUI: add optional parameters for /command/download & /command/upload 
Specifically:
torrent name: string
download limit, upload limit: number in bytes, default: -1 (unlimited)
sequential download, first last piece prio: boolean true/false, default: false
 2017-10-11 20:25:11 +08:00
thalieht
525fdd6c2b Coding style, use nullptr and other minor things 2017-10-08 10:20:54 +03:00
Chocobo1
c5ddbcfb5b WebAPI: fix addPaused wrong default behavior 
Add helper function
Sort include header
 2017-09-19 17:26:01 +08:00
Chocobo1
72b0ba36ae Refactor 
Merge statements
Use case-insensitive contains()
Add const
Use value(), this avoids inserting empty values.
Use range based for loop
 2017-09-19 14:16:39 +08:00
Chocobo1
b107c0671d WebAPI: fix root_folder default behavior 
Bug was introduced in
6b33db3ae3
 2017-09-19 13:07:50 +08:00
thalieht
6b33db3ae3 Create root folder option when adding a torrent in WebUI 2017-09-11 16:56:33 +03:00
Thomas Piccirello
4846b0ec28 Use single quotes for char. 
Use case insensitive compare.
Swap conditionals
 2017-08-14 23:15:03 +08:00
Thomas Piccirello
771033a449 Add auto torrent management to webui context menu (addresses #6815) 2017-08-14 23:14:46 +08:00
Mike Tzou
0522db3f19 Merge pull request #7061 from Piccirello/webui-rename-torrent 
Rename torrent from webui context menu (addresses #6815)
 2017-08-13 23:39:35 +08:00
Vladimir Golovnev (qlassez)
cff6a64e9f Use qUtf8Printable() for logging strings 
qDebug(), qInfo(), qWarning(), qCritical(), qFatal() expect %s arguments
to be UTF-8 encoded, while qPrintable() converts to local 8-bit encoding.
Therefore qUtf8Printable() should be used for logging strings instead of
qPrintable().
 2017-08-13 16:14:57 +03:00
Thomas Piccirello
798c230634 Add option to rename torrent from WebUI 
Addresses #6815.
 2017-08-13 15:45:51 +03:00
Tom Piccirello
07a85a1018 Set torrent location from webui context menu (addresses #6815) (#7062) 
* Add option to set torrent location from webui context menu (addresses #6815)

* Update debug messages

* Use logger

* Remove redundant curly braces

* Remove message

* Use log message from transferlistwidget

* Use QDir

* Remove unused import

* Check if newLocation is an empty string
 2017-08-06 17:04:39 +08:00
sledgehammer999
802cd89ec9 Bump API_VERSION and API_VERSION_MIN to 15. 2017-07-18 22:38:59 +03:00