mozilla
/
addons-server
зеркало из https://github.com/mozilla/addons-server.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
🕶 addons.mozilla.org Django app and API 🎉
43 431 коммит 108 Ветки 1 262 Теги 1,7 GiB
Python 84.5%
JavaScript 7.7%
HTML 3%
CSS 2.5%
Less 2.1%
Перейти к файлу
Christopher Grebs d6c44135ce Merge pull request from GHSA-jq22-wqf5-666p 
* Serve files in old file-viewer through FileResponse.

Fixes bug 1566954

The old file-viewer will be going away "soon" anyway so we should be
using the same technique as for the new one.

The problem here specifically is that when going through Nginx via
X-Accel-Redirect nginx isn't setting proper CSP headers for the
download. Serving the files ourselves allows us to much easier restrict
CSP in the future even further.

* Explicitly restrict CSP config on download endpoints.

* Set report uri in settings.py too

* Explicitly add frame-ancestors

* Remove outdated test
 		2019-07-18 16:52:11 +01:00
.circleci Move some config to env variable for integration tests. (#11836) 2019-07-15 13:47:47 -05:00
docker Update 'file' version to fix json<->html detection for reviewe… (#11690) 2019-06-25 05:04:56 -07:00
docs Remove all usage of 'six' and as much compat code as I could f… (#11730) 2019-07-16 12:01:31 +02:00
locale Pontoon: Update Ukrainian (uk) localization of AMO 2019-07-18 14:13:06 +00:00
logs Actually commit logs/.gitkeep 2015-09-18 17:03:01 +01:00
requirements Update tox to 3.13.2 (#11764) 2019-07-11 13:56:26 +02:00
scripts Sign add-ons with recommendation signer based on DiscoveryItem. (#11627) 2019-06-12 15:01:36 +02:00
services Remove all usage of 'six' and as much compat code as I could f… (#11730) 2019-07-16 12:01:31 +02:00
src/olympia Merge pull request from GHSA-jq22-wqf5-666p 2019-07-18 16:52:11 +01:00
static Prevent developers from disabling/deleting latest version of recommended add-on 2019-06-04 13:07:26 +02:00
storage Expose correct addons and user-media paths in docker container. (#9706) 2018-10-16 13:45:29 +02:00
tests Move some config to env variable for integration tests. (#11836) 2019-07-15 13:47:47 -05:00
.dockerignore WIP: Cleanup locustio based performance / smoke tests, add more entities (#8358) 2018-05-30 16:46:16 +02:00
.gitignore Ignore docs/_build again (in the global .gitignore this time) 2019-02-13 17:38:08 +01:00
.jshintrc Fixing migration from config.json to .jshintrc 2014-11-12 19:45:54 +01:00
.travis.yml Update 'file' version to fix json<->html detection for reviewe… (#11690) 2019-06-25 05:04:56 -07:00
CODE_OF_CONDUCT.md Update CODE_OF_CONDUCT.md 2019-03-29 14:32:50 +01:00
CONTRIBUTING.rst Add a note about "good first bug" procedure (#3175) 2016-08-01 21:33:29 +02:00
Dockerfile Fix Dockerfile.deploy, add libmagic-dev update for prod/dev builds too. 2019-06-25 17:20:28 +02:00
Dockerfile.deploy Fix Dockerfile.deploy, add libmagic-dev update for prod/dev builds too. 2019-06-25 17:20:28 +02:00
Dockerfile.perftests WIP: Cleanup locustio based performance / smoke tests, add more entities (#8358) 2018-05-30 16:46:16 +02:00
ISSUE_TEMPLATE.md Update first line of issue template 2016-09-14 09:23:24 +01:00
LICENSE Update copyright notice, I think it's 2016 already. (#2806) 2016-05-31 06:22:19 +02:00
Makefile Fix codestyle and docs jobs (#10683) 2019-02-13 16:21:05 +01:00
Makefile-docker Use django-babel for for Django 2.x compatibility 2019-05-28 09:23:20 +02:00
Makefile-os Update docs for new procedures regarding integration testing. (#11076) 2019-04-01 20:45:40 -04:00
PULL_REQUEST_TEMPLATE.md Fix type and grammar in PR_TEMPLATE (#10036) 2018-11-21 11:07:21 +00:00
README.rst fixing a couple of typos 2017-09-10 21:42:04 +01:00
conftest.py Remove all usage of 'six' and as much compat code as I could f… (#11730) 2019-07-16 12:01:31 +02:00
contribute.json Update irc contacts in contribute.json (#9537) 2018-09-26 13:49:19 +01:00
docker-compose.override.yml Addon Install Test (#6641) 2018-01-12 06:58:00 +01:00
docker-compose.yml Sign add-ons with recommendation signer based on DiscoveryItem. (#11627) 2019-06-12 15:01:36 +02:00
manage.py Set a default settings module 2016-02-24 20:51:11 +01:00
package.json Update addons-linter 1.10.1 2019-07-03 13:24:04 +02:00
schematic move schematic from mozilla/schematic (#10537) 2019-01-30 20:30:31 +08:00
settings.py Merge pull request from GHSA-jq22-wqf5-666p 2019-07-18 16:52:11 +01:00
settings_test.py Re-add Django-Debug-Toolbar for easier debugging, particularly in the admin 2019-07-03 22:43:09 +02:00
setup.cfg Remove all usage of 'six' and as much compat code as I could f… (#11730) 2019-07-16 12:01:31 +02:00
setup.py Remove unused imports from setup.cfg 2016-01-06 10:48:03 +01:00
tox.ini Update sphinx to 2.0.0 (#11057) 2019-04-02 16:12:39 +01:00
version.json change source in version.json to new repo name 2016-02-05 16:20:28 -08:00

README.rst

Этот файл содержит неоднозначные символы Юникода!

Этот файл содержит неоднозначные символы Юникода, которые могут быть перепутаны с другими в текущей локали. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы подсветить эти символы.

.. image:: https://img.shields.io/badge/%E2%9D%A4-code%20of%20conduct-blue.svg
    :target: https://github.com/mozilla/addons-server/blob/master/CODE_OF_CONDUCT.md
    :alt: Code of conduct

.. image:: https://travis-ci.org/mozilla/addons-server.svg?branch=master
    :target: https://travis-ci.org/mozilla/addons-server

.. image:: https://pyup.io/repos/github/mozilla/addons-server/shield.svg
    :target: https://pyup.io/repos/github/mozilla/addons-server/
    :alt: Updates

.. image:: https://codecov.io/gh/mozilla/addons-server/branch/master/graph/badge.svg
    :target: https://codecov.io/gh/mozilla/addons-server

.. image:: https://pyup.io/repos/github/mozilla/addons-server/python-3-shield.svg
    :target: https://pyup.io/repos/github/mozilla/addons-server/
    :alt: Python 3


Addons-Server
=============

Welcome to the Addons Server repository!  Please feel free to visit the web page of the current project hosted on `addons.mozilla.org`_. If you want to install it follow our guide located in `install docs`_.  We'd love your help!  You can come talk to us on `irc.mozilla.org #amo`_ if you have any questions.

Please report bugs here: https://github.com/mozilla/addons/issues or https://github.com/mozilla/addons-server/issues
You can access the AMO dev environment at https://addons-dev.allizom.org/ and the AMO stage environment at https://addons.allizom.org/

You can join our mailing list at https://mail.mozilla.org/listinfo/dev-addons

.. _`addons.mozilla.org`: https://addons.mozilla.org
.. _`install docs`: https://addons-server.readthedocs.io/en/latest/topics/install/docker.html
.. _`irc.mozilla.org #amo`: irc://irc.mozilla.org/amo


.. marker-for-security-bug-inclusion-do-not-remove

Security Bug Reports
--------------------

This code and its associated production web page are included in the Mozillas web and services `bug bounty program`_. If you find a security vulnerability, please submit it via the process outlined in the program and `FAQ pages`_. Further technical details about this application are available from the `Bug Bounty Onramp page`_.

Please submit all security-related bugs through Bugzilla using the `web security bug form`_. Never submit security-related bugs through a Github Issue or by email.

.. _bug bounty program: https://www.mozilla.org/en-US/security/web-bug-bounty/
.. _FAQ pages: https://www.mozilla.org/en-US/security/bug-bounty/faq-webapp/
.. _Bug Bounty Onramp page: https://wiki.mozilla.org/Security/BugBountyOnramp/
.. _web security bug form: https://bugzilla.mozilla.org/form.web.bounty