This repository was archived by the owner on Dec 3, 2024. It is now read-only.
Load UI with Authorization header #1982
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
Just to confirm, does this work in older versions of WebView as well? Are there any specific requirements? |
Contributor
Author
|
API level 8 according to the docs:
The HashMap is mutable. |
|
I'll report back when I tried it... so, basicAuth will be dead with the next release, did I get this right reading the PR? Then I need to take a look as soon as I find time, maybe around the upcoming rc1. Thanks for your work on this @bt90 |
Contributor
Author
|
Not really dead, but syncthing won't ask for basic auth credentials by default. Sending it up front like here still works though. |
|
Took your changes to Syncthing-Fork, compiled using latest SynchtingNative main commit, but unfortunately it doesn't work to open the Web UI in logged in state.
|
Contributor
Author
|
Interesting. I tested without upgrading the binary. Can you confirm if it works with the current stable version of Syncthing? |
Currently on it... I'm comparing what the browser sends for the header to that what the java code wrapper sends... For example: So your header calculation code is obviously fine. This is android Syncthing's gui config: ref: https://github.com/syncthing/syncthing/blob/main/lib/api/api_auth.go#L148 Turned STTRACE=api on, but I do not see debugLn messages regarding the basicAuth login. Is the fallback code somehow not triggered, maybe @emlun can help here?! |
|
How can I check from the returned website data if I'm authenticated or unauthenticated? For example, this call to the android Syncthing including your login html form commit... ... gives this result: ... it seems, BasicAuth headers seems to work for the following resource: |
|
My conclusion after review:
|
Member
When you tried calling I'm wondering if perhaps the WebView still doesn't actually send the But there's another header that should also work, and isn't tied to this 401 status business: have you tried setting the |
Contributor
Author
|
The |
Member
|
Ah, that might not work with It seems like a fairly simple upstream fix to accept the |
Contributor
Author
|
That would be nice. The backend should always accept the Authorization header. The setting should only toggle if we want a prompt instead of the login form. |
Member
|
Upstream PR here: syncthing/syncthing#9159 |
calmh
pushed a commit
to syncthing/syncthing
that referenced
this pull request
Oct 10, 2023
…ions (#9159) This is motivated by the Android app: syncthing/syncthing-android#1982 (comment) The planned fix in response to basic auth behaviour changing in #8757 was to add the `Authorization` header when opening the WebView, but it turns out the function used only applies the header to the initial page load, not any subsequent script loads or AJAX calls. The `basicAuthAndSessionMiddleware` checks for no-auth exceptions before checking the `Authorization` header, so the header has no effect on the initial page load since the `/` path is a no-auth exception. Thus the Android app fails to log in when opening the WebView. This changes the order of checks in `basicAuthAndSessionMiddleware` so that the `Authorization` header is always checked if present, and a session cookie is set if it is valid. Only after that does the middleware fall back to checking for no-auth exceptions. `api_test.go` has been expanded with additional checks: - Check that a session cookie is set whenever correct basic auth is provided. - Check that a session cookie is not set when basic auth is incorrect. - Check that a session cookie is not set when authenticating with an API token (either via `X-Api-Key` or `Authorization: Bearer`). And an additional test case: - Check that requests to `/` always succeed, but receive a session cookie when correct basic auth is provided. I have manually verified that - The new assertions fail if the `createSession` call is removed in `basicAuthAndSessionMiddleware`. - The new test cases in e6e4df4 fail before the change in 0e47d37 is applied.
calmh
pushed a commit
to syncthing/syncthing
that referenced
this pull request
Oct 10, 2023
…ptions (#9159) This is motivated by the Android app: syncthing/syncthing-android#1982 (comment) The planned fix in response to basic auth behaviour changing in #8757 was to add the `Authorization` header when opening the WebView, but it turns out the function used only applies the header to the initial page load, not any subsequent script loads or AJAX calls. The `basicAuthAndSessionMiddleware` checks for no-auth exceptions before checking the `Authorization` header, so the header has no effect on the initial page load since the `/` path is a no-auth exception. Thus the Android app fails to log in when opening the WebView. This changes the order of checks in `basicAuthAndSessionMiddleware` so that the `Authorization` header is always checked if present, and a session cookie is set if it is valid. Only after that does the middleware fall back to checking for no-auth exceptions. `api_test.go` has been expanded with additional checks: - Check that a session cookie is set whenever correct basic auth is provided. - Check that a session cookie is not set when basic auth is incorrect. - Check that a session cookie is not set when authenticating with an API token (either via `X-Api-Key` or `Authorization: Bearer`). And an additional test case: - Check that requests to `/` always succeed, but receive a session cookie when correct basic auth is provided. I have manually verified that - The new assertions fail if the `createSession` call is removed in `basicAuthAndSessionMiddleware`. - The new test cases in e6e4df4 fail before the change in 0e47d37 is applied.
Contributor
Author
|
@Catfriend1 the fix is upstream now. |
Contributor
Author
|
@imsodin the changes of this PR are version agnostic. Sending the headers in the initial request works with all previous releases and the current state of main. |
imsodin
reviewed
Oct 11, 2023
app/src/main/java/com/nutomic/syncthingandroid/activities/WebGuiActivity.java
Show resolved
Hide resolved
Contributor
Author
|
This comes with the nice little bonus that the user is free to change the username/password without breaking the Web GUI activity. |
Member
Can this fix #1710 then? The app would need to stop overwriting the user set values in order to so, right? |
Member
|
That may be, but lets please keep this change focused on getting the app to work with the new auth. I'd like to be able to release a new version of syncthing as soon as possible. |
Contributor
Author
|
We can cut the v1.25.0 release without this change and fix things in time for the v1.26.0 RC. But that depends on whether we can come to a conclusion on whether we want to support this in the backend. |
|
Is the bearer auth header already supported upstream? Does it set the cookie on first request? |
Contributor
Author
|
The initial authentication works but lacks the session cookie. My proposal would be to set the cookie for UI routes. @calmh @AudriusButkevicius what do you think? |
Member
Yes.
No,
|
Member
|
Well this will have to stay in beta for a while for testing, that's why I'd like to upgrade to the latest RC for the app to not stay behind too much. And we can do that without any changes, so I'd like to do that. If (!) we want to change something in sycnthing's auth mechanism, that's all fine and we can adapt to that again. Then again the latest RC seems to be delayed, so there's a bit of time. |
This reverts commit bd5e274.
Contributor
Author
|
Let's roll with basic auth for now and switch to API key in a separate PR. |
Contributor
Author
|
I created syncthing/syncthing#9170 to discuss this. |
Contributor
Author
|
@imsodin I think we can merge this one? |
imsodin
approved these changes
Oct 14, 2023
claraphyll
pushed a commit
to claraphyll/syncthing
that referenced
this pull request
Oct 15, 2023
commit a405c21 Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 14 12:29:53 2023 +0200 cmd/stdiscosrv: Only attempt unescaping when there are %-encodings in the header (fixes syncthing#9143) commit dc6a10d Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 20 08:52:33 2023 +0200 cmd/stcrashreceiver: Aggregate slice out of bounds errors commit d4c2acf Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 20 08:39:01 2023 +0200 cmd/stcrashreceiver: Propagate synthetic user ID for crashes commit 483ecad Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 14 12:18:27 2023 +0200 build: Update dependencies commit 9553365 Author: Eric P <eric@kastelo.net> Date: Wed Oct 11 14:40:55 2023 +0200 lib/fs: Properly handle Windows deduplicated files (fixes syncthing#9120) (syncthing#9168) ### Purpose Deduplicated files are apparently considered 'irregular' under the hood, this causes them to simply be ignored by Syncthing. This change is more of a workaround than a proper fix, as the fix should probably happen in the underlying libraries? - which may take some time. In the meanwhile, this change should make deduplicated files be treated as regular files and be indexed and synced as they should. ### Testing Create some volume where deduplication is turned on (see the relevant issue for details, including a proper description of how to reproduce it). Prior to this change, the deduplicated files were simply ignored (even by the indexer). After this change, the deduplicated files are being index and synced properly. commit 5eb2058 Author: orangekame3 <miya.org.0309@gmail.com> Date: Wed Oct 11 19:32:19 2023 +0900 cmd/ursrv: Replace "2006-01-02" with time.DateOnly (syncthing#9157) This commit replaces "2006-01-02" to time.DateOnly. time.DateOnly is introduced since Go1.20 commit ea1ea36 Author: Emil Lundberg <emil@emlun.se> Date: Tue Oct 10 07:48:35 2023 +0200 lib/api: Check basic auth (and set session cookie) before noauth exceptions (syncthing#9159) This is motivated by the Android app: syncthing/syncthing-android#1982 (comment) The planned fix in response to basic auth behaviour changing in syncthing#8757 was to add the `Authorization` header when opening the WebView, but it turns out the function used only applies the header to the initial page load, not any subsequent script loads or AJAX calls. The `basicAuthAndSessionMiddleware` checks for no-auth exceptions before checking the `Authorization` header, so the header has no effect on the initial page load since the `/` path is a no-auth exception. Thus the Android app fails to log in when opening the WebView. This changes the order of checks in `basicAuthAndSessionMiddleware` so that the `Authorization` header is always checked if present, and a session cookie is set if it is valid. Only after that does the middleware fall back to checking for no-auth exceptions. `api_test.go` has been expanded with additional checks: - Check that a session cookie is set whenever correct basic auth is provided. - Check that a session cookie is not set when basic auth is incorrect. - Check that a session cookie is not set when authenticating with an API token (either via `X-Api-Key` or `Authorization: Bearer`). And an additional test case: - Check that requests to `/` always succeed, but receive a session cookie when correct basic auth is provided. I have manually verified that - The new assertions fail if the `createSession` call is removed in `basicAuthAndSessionMiddleware`. - The new test cases in e6e4df4 fail before the change in 0e47d37 is applied. commit 6e4574a Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Oct 9 03:45:35 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit 3d0da5a Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 7 04:29:53 2023 +0200 lib/api: Better handle %s templates in LDAP strings (fixes syncthing#9072) (syncthing#9155) Also add some escaping for good measure. commit 9f8e696 Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 7 04:12:07 2023 +0200 docker: Allow start even if chown fails (fixes syncthing#9133) (syncthing#9152) commit a64ae36 Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 7 04:09:51 2023 +0200 lib/model: Verify versioning on configuration reload (fixes syncthing#9106) (syncthing#9154) commit 690b553 Author: Jakob Borg <jakob@kastelo.net> Date: Sat Oct 7 04:09:07 2023 +0200 cmd/stdiscosrv: Handle unescaped cert header from Traefik (fixes syncthing#9143) (syncthing#9153) commit 2f6187d Author: DeflateAwning <11021263+DeflateAwning@users.noreply.github.com> Date: Fri Oct 6 09:25:28 2023 -0600 Add oxford comma (syncthing#9137) Co-authored-by: André Colomb <src@andre.colomb.de> commit 8294870 Author: Emil Lundberg <emil@emlun.se> Date: Fri Oct 6 13:00:58 2023 +0200 Add HTML login form (fixes syncthing#4137) (syncthing#8757) commit ac2e444 Author: bt90 <btom1990@googlemail.com> Date: Fri Oct 6 12:27:13 2023 +0200 gui: Fix favicon status (fixes syncthing#9149) (syncthing#9150) commit 4f6b86a Author: Jakob Borg <jakob@kastelo.net> Date: Wed Oct 4 11:36:49 2023 +0200 cmd/stdiscosrv: Slightly tweak replication settings commit 516c057 Author: Jakob Borg <jakob@kastelo.net> Date: Tue Oct 3 10:00:16 2023 +0200 build: Update deps commit d644dce Author: Jakob Borg <jakob@kastelo.net> Date: Tue Oct 3 09:33:52 2023 +0200 build: Run release steps for workflow_dispatch as well commit 7c57988 Author: bt90 <btom1990@googlemail.com> Date: Mon Oct 2 12:48:04 2023 +0200 cmd/ursrv: Add linuxserver.io detection (syncthing#9145) Detect linuxserver commit 296db31 Author: Jakob Borg <jakob@kastelo.net> Date: Mon Oct 2 08:40:03 2023 +0200 lib/config: Improve parsing of gui-address overrides (syncthing#9144) improve parsing of gui-address overrides make checks for whether the gui-address is overridden consistent by checking whether the environment variable is set and not an empty string. the `Network()` function however checked for the inclusion of a slash instead of the presence of any characters. If the config file's gui address was set to a unix socket and the gui override to a tcp address, then the function would have wrongly returned "unix". the `URL()` function always returned the config file's gui address if a unix socket was configured, even if an override was specified. the `URL()` function wrongly formatted unix addresses. the http(s) protocol was used as the sheme and the path was percent escaped. because of the previous bug, this could only be triggered if the config file's gui address was tcp and an unix socket override was given. simplify the `useTLS()` function's codepath for overrides. Co-authored-by: digital <didev@dinid.net> commit a8486b0 Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Oct 2 03:45:41 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit f8a7a03 Author: bt90 <btom1990@googlemail.com> Date: Fri Sep 29 17:42:44 2023 +0200 cmd/ursrv: Fix f-droid detection (syncthing#9142) Fix f-droid detection commit ceae56a Author: bt90 <btom1990@googlemail.com> Date: Fri Sep 29 16:34:28 2023 +0200 cmd/ursrv: Support new android build user (syncthing#9141) Support new android build user commit dcafd6e Author: DeflateAwning <11021263+DeflateAwning@users.noreply.github.com> Date: Thu Sep 28 03:55:48 2023 -0600 readme: Style fixes, add security note (syncthing#9136) commit 8619a03 Author: Jakob Borg <jakob@kastelo.net> Date: Mon Sep 25 21:50:17 2023 +0200 build: Update Actions commit b91d771 Author: Jakob Borg <jakob@kastelo.net> Date: Mon Sep 25 21:45:57 2023 +0200 Update dependencies (syncthing#9129) And some QUIC API changes, of course. commit 9940c91 Author: d-volution <49024624+d-volution@users.noreply.github.com> Date: Mon Sep 25 21:42:27 2023 +0200 gui: Scroll to bottom by clicking message in log viewer (syncthing#9128) commit 80a577b Author: tomasz1986 <twilczynski@naver.com> Date: Mon Sep 25 21:34:19 2023 +0200 gui: Show if device is untrusted in the main GUI (syncthing#9116) Add a new entry to the unfolded device info to inform the user that the device has been marked as "untrusted" and all folders shared with it have to be password-protected or already Receive Encrypted. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit d672175 Author: tomasz1986 <twilczynski@naver.com> Date: Mon Sep 25 21:33:16 2023 +0200 gui: Show if device has Auto Accept enabled in the main GUI (syncthing#9118) Add a new entry to the unfolded device info to inform the user that the device has Auto Accept enabled. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit a44b31d Author: tomasz1986 <twilczynski@naver.com> Date: Mon Sep 25 21:17:57 2023 +0200 gui: Fix body padding infinitely increasing due to overlapping modals (ref syncthing#9063) (syncthing#9078) Opening and hiding multiple modals at the same time as well as opening a modal before fully hiding the previous one can lead to the body padding infinitely increasing by the scrollbar width each time, with the only way to fix it being refreshing the GUI. Therefore, always try to ensure to open and hide multiple modals one by one, and also that the previous modal has fully been hidden before proceeding to open the next one. The most common case when this problem happens is when saving config changes which displays a GUI blocking modal that overlaps, e.g. with folder or device modals that have not been hidden yet. Ref: twbs/bootstrap#3902 (comment) Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit 70065e6 Author: Martin Polehla <p0l0us@users.noreply.github.com> Date: Mon Sep 25 16:17:01 2023 +0200 gitignore: All exe files, no editor configs (syncthing#9126) commit adbb3ed Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Sep 25 03:45:38 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit 6ed9c0c Author: Jakob Borg <jakob@kastelo.net> Date: Sun Sep 24 19:23:49 2023 +0200 lib/config: Accept pre-hashed password (fixes syncthing#9123) (syncthing#9124) commit 19bbf4f Author: tomasz1986 <twilczynski@naver.com> Date: Fri Sep 22 07:39:16 2023 +0200 gui: Add missing $scope in editDeviceUntrustedChanged function (syncthing#9117) Because $scope is missing, there are JavaScript errors when ticking and unticking the "Untrusted" checkbox in the Advanced tab of the Edit Device modal. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit cf46bf0 Author: bt90 <btom1990@googlemail.com> Date: Wed Sep 20 11:23:48 2023 +0200 lib/connections: Fix transport type detection for QUIC (fixes syncthing#8274) (syncthing#9114) Check remote address commit 051cbdc Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 20 09:04:47 2023 +0200 lib/fs, lib/model: Be careful about potentially negative durations (fixes syncthing#9112) (syncthing#9113) I don't really understand under what circumstances, but sometimes these calls panic with a "panic: counter cannot decrease in value" because the value passed to Add() was negative. commit 58d1f3a Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Sep 18 03:45:31 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit c9dfd75 Author: tomasz1986 <twilczynski@naver.com> Date: Tue Sep 12 15:02:37 2023 +0200 gui: Block GUI when saving changes only if necessary (ref syncthing#9063) (syncthing#9079) Currently, the UI is always blocked from modifications when changes are being saved, even if the save process takes very little time. This leads to a situation where showing and closing the blocking modal can take more time than is actually required to perform the whole operation. The modal opening and closing very quickly can also cause the screen to flash for a brief moment, leading to visual discomfort. Because of this, wait for at least 200 ms and only show the blocking modal if the changes have not been saved until then yet. The value of 200 ms is loosely based on [1] which states that 'a delay of 0.2–1.0 seconds does mean that users notice the delay and thus feel the computer is "working" on the command, as opposed to having the command be a direct effect of the users' actions.' Additionally, the delay must not be too long, because the main purpose of the blocking modal is to prevent the user from making further changes, and a longer delay would possibly allow to do so in that brief amount of time as long as the user is quick enough with their input. [1] https://nngroup.com/articles/response-times-3-important-limits Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit f47de83 Author: Jakob Borg <jakob@kastelo.net> Date: Tue Sep 12 14:48:15 2023 +0200 lib/protocol: Ensure starting & closing a connection are exclusive (fixes syncthing#9102) (syncthing#9103) In principle a connection can close while it's in progress with starting, and then it's undefined if we wait for goroutines to exit etc. With this change, we will wait for start to complete before starting to stop everything. commit caedb19 Author: tomasz1986 <twilczynski@naver.com> Date: Tue Sep 12 14:47:31 2023 +0200 gui: Remove unused hard-coded styles from Recent Changes modal (syncthing#9101) gui: Remove unused hard-coded styles from globalChangesModalView modal Currently, the globalChangesModalView modal has hardcoded th and td styles. However, they are not even used in the modal itself, because Bootstrap overrides them with its own styles for these elements in the same modal. Yet, when hard-coded like that, these styles can conflict with other table elements in the GUI. Thus, remove them completely. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit e860d3b Author: bt90 <btom1990@googlemail.com> Date: Tue Sep 12 14:34:30 2023 +0200 lib/connections: Make assumptions about isLAN when interface address listing fails (syncthing#9093) commit ed66fba Author: bt90 <btom1990@googlemail.com> Date: Tue Sep 12 14:28:17 2023 +0200 lib/beacon, lib/discover: Send IPv4 limited broadcast when address listing fails (fixes syncthing#1628) (syncthing#9087) commit 415f320 Author: Jakob Borg <jakob@kastelo.net> Date: Tue Sep 12 14:08:59 2023 +0200 build: Update dependencies commit 4812600 Author: Jakob Borg <jakob@kastelo.net> Date: Mon Sep 11 23:10:18 2023 +0200 lib/versioner: Don't complain when folder is stopping (syncthing#9097) commit 5ff11ce Author: Jakob Borg <jakob@kastelo.net> Date: Mon Sep 11 14:59:48 2023 +0200 gui: Add help link for numConnections (syncthing#9082) commit 5415727 Author: tomasz1986 <twilczynski@naver.com> Date: Mon Sep 11 05:50:23 2023 +0200 gui: Add missing translation related to Number of Connections (ref syncthing#8918) (syncthing#9095) Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit e38679d Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Sep 11 03:45:45 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit f25a169 Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 6 21:10:58 2023 +0200 build: Go 1.21.1 or higher commit 06ac10e Author: bt90 <btom1990@googlemail.com> Date: Wed Sep 6 14:36:00 2023 +0200 cmd/stdiscosrv: Deduplicate addresses (fixes syncthing#8482) (syncthing#9080) commit 7c0223b Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 6 13:11:20 2023 +0200 lib/build: Next version is the Gold Grasshopper commit c6334e6 Author: Jakob Borg <jakob@kastelo.net> Date: Wed Sep 6 12:52:01 2023 +0200 all: Support multiple device connections (fixes syncthing#141) (syncthing#8918) This adds the ability to have multiple concurrent connections to a single device. This is primarily useful when the network has multiple physical links for aggregated bandwidth. A single connection will never see a higher rate than a single link can give, but multiple connections are load-balanced over multiple links. It is also incidentally useful for older multi-core CPUs, where bandwidth could be limited by the TLS performance of a single CPU core -- using multiple connections achieves concurrency in the required crypto calculations... Co-authored-by: Simon Frei <freisim93@gmail.com> Co-authored-by: tomasz1986 <twilczynski@naver.com> Co-authored-by: bt90 <btom1990@googlemail.com> commit 38bbdeb Author: Jakob Borg <jakob@kastelo.net> Date: Tue Sep 5 09:52:19 2023 +0200 build: Use actions/checkout@v4 commit e80d048 Author: Jakob Borg <jakob@kastelo.net> Date: Tue Sep 5 09:47:51 2023 +0200 build: Minor dependency update commit 4138e22 Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Sep 4 03:45:39 2023 +0000 gui, man, authors: Update docs, translations, and contributors commit c42c0e7 Author: Maximilian <maxi.rostock@outlook.de> Date: Sun Sep 3 17:03:27 2023 +0200 lib/connections: Fix WANAddresses returning only unspecified IPs (ref syncthing#9010) (syncthing#9073) Avoids taking the address of the same variable twice. commit 5118538 Author: Jakob Borg <jakob@kastelo.net> Date: Sat Sep 2 16:42:46 2023 +0200 lib/model: Refactor folderRunners to use a serviceMap (syncthing#9071) Instead of separately tracking the token. Also changes serviceMap to have a channel version of RemoveAndWait, so that it's possible to do the removal under a lock but wait outside of the lock. And changed where we do that in connection close, reversing the change that happened when I added the serviceMap in 40b3b9a. commit 4d93648 Author: tomasz1986 <twilczynski@naver.com> Date: Sat Sep 2 12:19:18 2023 +0200 gui: Don't hide default values for folders and devices (syncthing#8987) Currently, some of the information for folders and devices displayed in the GUI relies on arbitrary values that come pre-set as defaults on a fresh Syncthing installation, i.e. if the value matches the default, it is hidden, and if does not, then it is displayed. With this change, the GUI always displays all information regardless of their value, making the overall experience more consistent and predictable. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit 29f100c Author: tomasz1986 <twilczynski@naver.com> Date: Fri Sep 1 11:15:20 2023 +0200 gui: Fix File Versioning icon to match in all places (syncthing#9070) Currently, different icons are used for File Versioning when displayed in the unfolded folder info in the main part of the GUI, and the icon used in the Edit Folder modal. This changes the main GUI icon to match the icon used in the modal. Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit cd98a43 Author: tomasz1986 <twilczynski@naver.com> Date: Fri Sep 1 11:14:28 2023 +0200 gui: Fix Logs modal icon to match header icon (ref syncthing#9067) (syncthing#9069) The Logs icon was changed in [1] in the header, however the icon used in the modal was left out. This changes it, so that the header and the modal icons match. [1] 2abba1d Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit 4bf9823 Author: Jakob Borg <jakob@kastelo.net> Date: Fri Sep 1 08:35:30 2023 +0200 build: Be more subtle about cross compilation errors Summarize platforms that fail to build, without overloading the build log with errors that we anyway ignore. (Currently freebsd/riscv64 fails to build.) commit 29056d5 Author: Jakob Borg <jakob@kastelo.net> Date: Fri Sep 1 08:39:15 2023 +0200 build: Update dependencies (syncthing#9068) commit 2abba1d Author: tomasz1986 <twilczynski@naver.com> Date: Fri Sep 1 08:18:30 2023 +0200 gui: Remove footer and move links to header (fixes syncthing#5607) (syncthing#9067) * gui: Remove footer and move links to header (fixes syncthing#5607) Currently, the footer is always present and takes space at the bottom of the GUI. However, the links listed there are not part of everyday user interaction, and as such, they unnecessarily clutter the page, reducing the usable screen space. Thus, transform the current Help link in the header into a Help dropdown menu, and move the links from the footer into it. Also apply the following tweaks: 1. Move the About dialog from Actions to Help. 2. Add an Introduction (to the GUI) link to Help. 3. Change the Support icon from a question mark to a group of people. 4. Change the Changelog and About icons to a filled version to match the other icons better. 5. Use a source code icon for Source Code instead of a wrench icon, and move the wrench icon to Logs. This is done to prevent Changelog and Logs from using the same icon. 6. Update all dropdown icons' Fork Awesome styles to "fa fa-fw <icon>". Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> * a few more Fork Awesome style updates --------- Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit 325b3b1 Author: tomasz1986 <twilczynski@naver.com> Date: Fri Sep 1 07:22:04 2023 +0200 gui: Fix lastSeenDays error due to undefined deviceStats when adding new devices (ref syncthing#8730) (syncthing#9066) commit 03590e5 Author: tomasz1986 <twilczynski@naver.com> Date: Thu Aug 31 22:16:59 2023 +0200 gui: Automatically select device ID on click (ref syncthing#8544) (syncthing#9065) The CSS method to select device IDs on click was added in [1]. However, it was later mistakenly overwritten by [2]. This commit fixes the regression and also applies the same behaviour to the Edit Device modal which was omitted in the original commit. [1] 5baf5fe [2] 5e384c9 Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com> commit 95b3c26 Author: tomasz1986 <twilczynski@naver.com> Date: Thu Aug 31 17:11:03 2023 +0200 gui: Prevent modifications when saving changes (fixes syncthing#9019) (syncthing#9063) commit 3e5f0b1 Author: tomasz1986 <twilczynski@naver.com> Date: Thu Aug 31 07:22:24 2023 +0200 gui: Show in GUI if limitBandwidthInLan is enabled (syncthing#9062) commit 3130af3 Author: Jakob Borg <jakob@kastelo.net> Date: Wed Aug 30 21:58:34 2023 +0200 lib/upgrade: Enable HTTP/2 for upgrade checks (syncthing#9060) commit abd89f1 Author: Jakob Borg <jakob@kastelo.net> Date: Wed Aug 30 21:58:05 2023 +0200 lib/discover: Enable HTTP/2 for global discovery requests (syncthing#9059) By creating the http.Transport and tls.Configuration ourselves we override some default behavior and end up with a client that speaks only HTTP/1.1. This adds a call to http.ConfigureTransport to do the relevant magic to enable HTTP/2. Also tweaks the keepalive settings to be a little kinder to the server(s). commit a80e6be Author: Jakob Borg <jakob@kastelo.net> Date: Wed Aug 30 09:36:27 2023 +0200 cmd/stdiscosrv: Streamline context handling commit acc532f Author: Jakob Borg <jakob@kastelo.net> Date: Wed Aug 30 09:09:50 2023 +0200 cmd/stdiscosrv: Explicitly enable HTTP/2 The server supports it, but it's not negotiated unless explicitly allowed in the TLS config NextProtos. commit 3cc3fb7 Author: Syncthing Release Automation <release@syncthing.net> Date: Mon Aug 28 03:45:57 2023 +0000 gui, man, authors: Update docs, translations, and contributors
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As preparation for syncthing/syncthing#8757. See syncthing/syncthing#8757 (comment)
The app sends the
Authorization: Basic <base64-ui-credentials>HTTP header in the initial request when loading the Web UI to skip the login form.