bookstack/website
Fork 4
Code Issues 5 Pull requests Activity

Made changes during v0.31 blogpost review

Browse source
This commit is contained in:
Dan Brown 2021-01-03 21:50:39 +00:00
commit 489c201c6b
Signed by: danb
GPG key ID: 46D9F943C24A2EF9
5 changed files with 55 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/docs/admin/security.md
View file

@ -149,7 +149,7 @@ ALLOWED_IFRAME_HOSTS="https://example.com"
ALLOWED_IFRAME_HOSTS="https://a.example.com https://b.example.com"
```
Note, when this option is used then all cookies will served with `SameSite=None` [(info)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#None) set so that
Note: when this option is used, all cookies will served with `SameSite=None` [(info)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#None) set so that
a user session can persist within the iframe.
---

4
content/docs/admin/updates.md
View file

@ -37,9 +37,9 @@ The below lists things you may need to be aware of when upgrading to a newer ver
**Requirements Change** - The minimum required PHP version has changed from 7.2 to 7.2.5. Additionally, the `Tidy` PHP extension is no longer required.
**GitLab Authentication** - The `read_user` scope will now be passed and will be required on the "Application" setup within GitLab. Not having this scope may lead to errors when users attempt to authenticate via GitLab.
**GitLab Authentication** - The `read_user` scope will now be passed and is required on the "Application" setup within GitLab. Not having this scope may lead to errors when users attempt to authenticate via GitLab.
**Security & IFrame Usage** - By default BookStack will set headers to prevent usage within an iframe. You can set trusted iframe hosts through the `ALLOWED_IFRAME_HOSTS`. See the [security page](/docs/admin/security#iframe-control) for more information on this option.
**Security & IFrame Usage** - By default BookStack will set headers to prevent usage within an iframe. You can set trusted iframe hosts through the `ALLOWED_IFRAME_HOSTS` option in your `.env` file. See the [security page](/docs/admin/security#iframe-control) for more information on this option.
#### Updating to v0.30.6, v0.30.7 or higher