This commit is contained in:
Varakh 2018-05-24 13:49:28 +02:00
parent 6e1320e93c
commit 5411405022
8 changed files with 74 additions and 123 deletions

View file

@ -42,26 +42,29 @@ as dependencies.
* Point your document root to `public/`.
* Example nginx conf:
```
root .../public;
index index.php;
root .../public;
index index.php;
rewrite_log on;
rewrite_log on;
location / {
try_files $uri $uri/ @ee;
}
location / {
try_files $uri $uri/ @ee;
}
location @ee {
rewrite ^(.*) /index.php?$1 last;
}
location @ee {
rewrite ^(.*) /index.php?$1 last;
}
# php fpm
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
}
```
# php fpm
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
}
You should be able to set a very strict Content-Security-Policy.
## Upgrade ##
@ -79,6 +82,10 @@ as dependencies.
This app uses Symfony Translator. It's bootstraped in `Util\BootstrapHelper` and locales are placed under `data/locale/`. Adjust to your needs or help translating.
## Changelog ##
- 0.3.0.1
- Remove cookie consent as session cookies should be allowed because they provide core functionality
- Adjust `legal.example.md` and add `PHPSESSID`
- Fix styles
- 0.3.0.0
- Fixes
- Cookie consent

View file

@ -1,4 +1,4 @@
# Accountable
# Responsible
```
Contact data
@ -11,11 +11,23 @@ Contact data
# Website
- Cookies: This website uses small files called cookies to help the operator customise your experience. Cookies are small text files that are stored by the browser on your device. They allow websites to store things like user preferences. Functionality might be affected if you disable cookies for this website.
- Registration: An email is stored (maximal: 7 days, typical: deleted after verification process is completed) and credentials (minimal: stored as long as the account exists, typical: check user JID against well-known spammer patterns) are stored.
- Log: Access logs are not stored except for fixing bugs in case of an error or an attack on this service. Logs will be removed once the [log rotates](https://en.wikipedia.org/wiki/Log_rotation).
## Cookies
# Using the service
This website uses small files called cookies to help the operator customise your experience. Cookies are small text files that are stored by the browser on your device. They allow websites to store things like user preferences. Functionality might be affected if you disable cookies for this website.
These cookies are essential to the proper functioning of our website and enable you to use its features, such as accessing secure areas of the site. Without these cookies, you will not be able to perform core site functions such as logging in.
| Cookiename | Provider | Purpose |
|:------------------:|:-----------:|:---------|
| `PHPSESSID` | Provider | Creates a unique session for your device, allowing a platform for login. No personal or device information is collected or stored. If you login, you will be given access to parts of the site for registered members. If you close your browser or end your browser session, this cookie will be deleted automatically. |
## Registration
Registration: An email is stored (maximal: 7 days, typical: deleted after verification process is completed) and credentials (minimal: stored as long as the account exists, typical: check user JID against well-known spammer patterns) are stored.
## Log
Access logs are not stored except for fixing bugs in case of an error or an attack on this service. Logs will be removed once the [log rotates](https://en.wikipedia.org/wiki/Log_rotation) within 7 days.
# Service
- [What data is processed?](https://wiki.xmpp.org/web/GDPR#Q1.1b_List_what_data_is_processed)
- [How is data processing done?](https://wiki.xmpp.org/web/GDPR#Q1.1c_List_what_processing_is_done)

View file

@ -22,14 +22,8 @@ sign.up.form.password: Password
sign.up.form.password.placeholder: password
# Legal modal
legalmodal.open: I've read the agreement and I agree to it.
legalmodal.title: Agreement
# Cookie modal
cookie.message: "Cookies are required for this website in order to check the login status. Those will be deleted once you end your browser session. Other cookies are not set. OK?"
cookie.more: "Learn more in the privacy policy!"
cookie.dismiss: "Yes!"
cookie.deny: "No."
legalmodal.open: I agree to all policies which apply for this service.
legalmodal.title: Policy
# Verification
verification.mail.subject: "%server%: jabber account verification"

View file

@ -1,6 +0,0 @@
.cc-window{opacity:1;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{transition:transform 1s ease}.cc-animate.cc-revoke.cc-top{transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-bottom,.cc-animate.cc-revoke.cc-active.cc-top,.cc-revoke:hover{transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;transition:max-height 1s}
.cc-link,.cc-revoke:hover{text-decoration:underline}.cc-revoke,.cc-window{position:fixed;overflow:hidden;box-sizing:border-box;font-family:Helvetica,Calibri,Arial,sans-serif;font-size:16px;line-height:1.5em;display:-ms-flexbox;display:flex;-ms-flex-wrap:nowrap;flex-wrap:nowrap;z-index:9999}.cc-window.cc-static{position:static}.cc-window.cc-floating{padding:2em;max-width:24em;-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner{padding:1em 1.8em;width:100%;-ms-flex-direction:row;flex-direction:row}.cc-revoke{padding:.5em}.cc-header{font-size:18px;font-weight:700}.cc-btn,.cc-close,.cc-link,.cc-revoke{cursor:pointer}.cc-link{opacity:.8;display:inline-block;padding:.2em}.cc-link:hover{opacity:1}.cc-link:active,.cc-link:visited{color:initial}.cc-btn{display:block;padding:.4em .8em;font-size:.9em;font-weight:700;border-width:2px;border-style:solid;text-align:center;white-space:nowrap}.cc-banner .cc-btn:last-child{min-width:140px}.cc-highlight .cc-btn:first-child{background-color:transparent;border-color:transparent}.cc-highlight .cc-btn:first-child:focus,.cc-highlight .cc-btn:first-child:hover{background-color:transparent;text-decoration:underline}.cc-close{display:block;position:absolute;top:.5em;right:.5em;font-size:1.6em;opacity:.9;line-height:.75}.cc-close:focus,.cc-close:hover{opacity:1}
.cc-revoke.cc-top{top:0;left:3em;border-bottom-left-radius:.5em;border-bottom-right-radius:.5em}.cc-revoke.cc-bottom{bottom:0;left:3em;border-top-left-radius:.5em;border-top-right-radius:.5em}.cc-revoke.cc-left{left:3em;right:unset}.cc-revoke.cc-right{right:3em;left:unset}.cc-top{top:1em}.cc-left{left:1em}.cc-right{right:1em}.cc-bottom{bottom:1em}.cc-floating>.cc-link{margin-bottom:1em}.cc-floating .cc-message{display:block;margin-bottom:1em}.cc-window.cc-floating .cc-compliance{-ms-flex:1;flex:1}.cc-window.cc-banner{-ms-flex-align:center;align-items:center}.cc-banner.cc-top{left:0;right:0;top:0}.cc-banner.cc-bottom{left:0;right:0;bottom:0}.cc-banner .cc-message{-ms-flex:1;flex:1}.cc-compliance{display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:justify;align-content:space-between}.cc-compliance>.cc-btn{-ms-flex:1;flex:1}.cc-btn+.cc-btn{margin-left:.5em}
@media print{.cc-revoke,.cc-window{display:none}}@media screen and (max-width:900px){.cc-btn{white-space:normal}}@media screen and (max-width:414px) and (orientation:portrait),screen and (max-width:736px) and (orientation:landscape){.cc-window.cc-top{top:0}.cc-window.cc-bottom{bottom:0}.cc-window.cc-banner,.cc-window.cc-left,.cc-window.cc-right{left:0;right:0}.cc-window.cc-banner{-ms-flex-direction:column;flex-direction:column}.cc-window.cc-banner .cc-compliance{-ms-flex:1;flex:1}.cc-window.cc-floating{max-width:none}.cc-window .cc-message{margin-bottom:1em}.cc-window.cc-banner{-ms-flex-align:unset;align-items:unset}}
.cc-floating.cc-theme-classic{padding:1.2em;border-radius:5px}.cc-floating.cc-type-info.cc-theme-classic .cc-compliance{text-align:center;display:inline;-ms-flex:none;flex:none}.cc-theme-classic .cc-btn{border-radius:5px}.cc-theme-classic .cc-btn:last-child{min-width:140px}.cc-floating.cc-type-info.cc-theme-classic .cc-btn{display:inline-block}
.cc-theme-edgeless.cc-window{padding:0}.cc-floating.cc-theme-edgeless .cc-message{margin:2em 2em 1.5em}.cc-banner.cc-theme-edgeless .cc-btn{margin:0;padding:.8em 1.8em;height:100%}.cc-banner.cc-theme-edgeless .cc-message{margin-left:1em}.cc-floating.cc-theme-edgeless .cc-btn+.cc-btn{margin-left:0}

File diff suppressed because one or more lines are too long

3
public/js/custom.js Normal file
View file

@ -0,0 +1,3 @@
$(".alert-danger").delay(30000).fadeOut(300);
$(".alert-success").delay(10000).fadeOut(300);
$(".alert-info").delay(10000).fadeOut(300);

View file

@ -9,7 +9,6 @@
<!-- CSS & fonts -->
<link rel="stylesheet" href="{{ base_url() }}/css/bootstrap.min.css">
<link rel="stylesheet" href="{{ base_url() }}/css/font-awesome.css">
<link rel="stylesheet" href="{{ base_url() }}/css/cookie.min.css"/>
<!-- Custom styles for this template -->
<link rel="stylesheet" href="{{ base_url() }}/css/custom.css"/>
@ -77,96 +76,39 @@
</nav>
<!-- Main content -->
<div id="container">
<div class="row">
<div class="col-md-6 mx-auto">
{% if flash is not empty %}
<div id="flashMessage">
{% if flash.getMessage('info').0 %}
<div class="alert alert-info">
{{ flash.getMessage('info').0 }}
</div>
{% endif %}
{% if flash.getMessage('success').0 %}
<div class="alert alert-success">
{{ flash.getMessage('success').0 }}
</div>
{% endif %}
{% if flash.getMessage('error') %}
{% for error in flash.getMessage('error') %}
<div class="alert alert-danger">
{{ error }}
</div>
{% endfor %}
{% endif %}
<div class="container">
{% if flash is not empty %}
<div id="flashMessage">
{% if flash.getMessage('info').0 %}
<div class="alert alert-info">
{{ flash.getMessage('info').0 }}
</div>
{% endif %}
</div>
</div>
<div class="row">
<div class="col-md-6 mx-auto">
{% block content %}
{% endblock %}
{% if flash.getMessage('success').0 %}
<div class="alert alert-success">
{{ flash.getMessage('success').0 }}
</div>
{% endif %}
{% if flash.getMessage('error') %}
{% for error in flash.getMessage('error') %}
<div class="alert alert-danger">
{{ error }}
</div>
{% endfor %}
{% endif %}
</div>
</div>
{% endif %}
{% block content %}
{% endblock %}
</div>
<!-- Script -->
<script src="{{ base_url() }}/js/jquery.min.js"></script>
<script src="{{ base_url() }}/js/bootstrap.bundle.min.js"></script>
<script>
$(".alert-danger").delay(30000).fadeOut(300);
$(".alert-success").delay(10000).fadeOut(300);
$(".alert-info").delay(10000).fadeOut(300);
</script>
<!-- Cookie -->
<script src="{{ base_url() }}/js/cookie.min.js"></script>
<script>
window.addEventListener("load", function () {
window.cookieconsent.initialise({
"palette": {
"popup": {
"background": "#252e39"
},
"button": {
"background": "#14a7d0"
}
},
"content": {
"message": "{{ 'cookie.message'|trans }}",
"dismiss": "{{ 'cookie.dismiss'|trans }}",
"deny": "{{ 'cookie.deny'|trans }}",
"link": "{{ 'cookie.more'|trans }}",
"href": "/signup"
},
"type": "opt-out",
onStatusChange: function(status, chosenBefore) {
var type = this.options.type;
var didConsent = this.hasConsented();
if (type === 'opt-out' && !didConsent) {
console.log('Opting out of cookies, at least for non HttpOnly');
// deleting cookies
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i];
var eqPos = cookie.indexOf("=");
var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
}
window.location.replace("about:blank");
}
}
})
});
</script>
<script src="{{ base_url() }}/js/custom.js"></script>
</body>
</html>

View file

@ -44,7 +44,7 @@
<!-- legal modal -->
<div class="modal fade" id="legalModal" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-lg modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">{% trans %}legalmodal.title{% endtrans %}</h5>