This patch includes a requested security feature for denying symlinks. Enable, using --deny-symlinks
flag and symlinks will receive a "Forbidden" response for all files that are symlinks.
Node Security Advisory
https://www.npmjs.com/advisories/816
HackerOne Reprot
https://hackerone.com/reports/530289
Published by sintaxi over 3 years ago
Patch release that fixes unauthorized file access via encoded underscore.
Node Security Advisory
https://www.npmjs.com/advisories/807
HackerOne Reprot
https://hackerone.com/reports/453820
Detailed tests added in [email protected]
https://github.com/sintaxi/terraform/commit/b1934873bba39427e3324a999b19b0741b04df0f
Basic harp test added...
https://github.com/sintaxi/harp/commit/6547336e87096bd92e10aa0dedfe3b73b5f41a9f
Published by sintaxi over 7 years ago
Published by sintaxi over 8 years ago
Published by sintaxi about 9 years ago
Published by kennethormandy about 10 years ago
A new release of Harp is available today. Harp now takes care of vendor prefixing for you, via the fantastic Autoprefixer.
Create any .sass
, .scss
, .less
, or .styl
file…
// main.scss
h1 {
font-feature-settings: "liga";
transition: color 0.25s;
}
…and it will be preprocessed and prefixed automatically.
/* main.css */
h1 {
-webkit-font-feature-settings: "liga";
-moz-font-feature-settings: "liga";
font-feature-settings: "liga";
-webkit-transition: color 0.25s;
transition: color 0.25s
}
You shouldn’t have to think about vendor prefixing or configuring your preprossors while building static sites and apps. To get this taken care of for you, install the latest version of Harp:
npm install -g harp
Note you may need to preface this with sudo
depending on your setup.
You can read the rest of the release notes on the Harp blog.
Published by kennethormandy about 10 years ago
A new release of Harp is available today. We’re happily adding one of Harp’s most-requested features: built-in preprocessing of Sass’ indented syntax.
Now, you can write .sass
files and they will be implicitly preprocessed as .css
files, without any configuration necessary. This works exactly the same as with .scss
, .styl
, and .less
files.
Published by sintaxi almost 11 years ago
Basic Auth support (takes an array in _harp.json
file)
{
"basicAuth": ["batman:darkknight", "superman:supersecret"]
}
OR just takes a single user cred as a string
{
"basicAuth": "foo:bar"
}
!!!
to doctype
in init to prepare for jade v1none
Published by sintaxi almost 11 years ago
Published by sintaxi almost 11 years ago
200.xxx
fallback feature that behaves the same as custom 404 pages except returns status code 200 instead.data
to _data
in public object.contents
to _contents
in public object.A very common API has change. The change is low risk but will break a lot of apps. All instances of data
in the public
object now begins with underscore. Its now _data
. The same change is made for the less commonly used contents
arrays. Now _contents
.
Published by sintaxi almost 11 years ago
small release where harp ignores hidden directories. that is all.
Published by sintaxi about 11 years ago
script
and style
tags must be changed to script.
and style.
Published by sintaxi about 11 years ago
As of this release, Harp apps are now mountable. This makes it trivial to tack a blog or whatever onto an express/connect server.
if you would like to mount an application at the "/docs" route just add that as your mountPoint
var docsPath = __dirname + "/docs"
app.use(harp.mount("/docs", docsPath))
The mountPath is optional. If you would like to use harp as your asset pipeline, just omit the mountPath and point it to your harp app....
app.use(harp.mount(__dirname + "/public"))
Published by sintaxi about 11 years ago
Layout engine got a pretty major overhaul
Layouts walk the directory tree by default looking for _layout.xxx
in each directory until it hits the public directory. (specifying a layout file in _data.json) will be how you override this behaviour.
Specifying a layout in _data.json
is how to override the implicit layout behaviour and this file path should be relative to the template file. This makes sense because the _data.json
file lives where the template file lives. The system falls back to using an absolute path if no layout is found at the relative path specified. This is to make it easier to accidentally do the right thing.
Specifying a "layout": false
in the _data.json
does not use a layout file and "layout": true
works just like the default behaviour.
Zero to minimal API breakage expected. Upgrade by running the following...
sudo npm install harp -g
Restart your harp webserver and your good to go.
Published by sintaxi about 11 years ago
There was a small bug found in the static serving of "root style" projects. This patch fixes that.
Published by sintaxi about 11 years ago
important - there were changes to the globals
object. skip to bottom for upgrade path.
Harp now works as a great little disposable web server for serving assets in a hurry. To use simply run harp server
in the root of any directory that you want served. You may also create a _harp.json
file in the root of your project for addition configuration.
The framework style directory structure still functions as usual but now requires a harp.json
file in the root directory. When a harp.json
file (no underscore) is found, it tells the server to serve a public directory instead of the root.
global
objects now work.You put your globals in harp.json
file as you did before...
{
"globals": {
"title": "Sintaxi Blog"
}
}
and now you can reference then as first class attributes in all your templates...
h1= title
globals
truely global_layout.xxx
sudo npm install -g harp
and restart your server node server
.globals
scope form all references to the global variables in your app. For example globals.name
is now referenced as just name
. And globals.public.data
is referenced as public.data
.harp.json
file to your project if you want to keep your current application running the same way.