* PM-27900 harden iframe, origin route tightening and test updates
* reduce comments to make more legible
* Removes referrer check in favor of PM-27822 #17313bitwarden/clients@4206447cfe
* nake token optional since it is later set
* whitelist -> allowlist
* improve notes on unsafe
* improve content handler notes
* order allowlist
* improve jsdoc on ismessagefromextension method
* cover additional test cases
* rename verifytoken and document more clear, update referrer
---------
Co-authored-by: Miles Blackwood <mrobinson@bitwarden.com>
* premium upgrade nudge
* add specs
* clean up vault template and specs
* fix date comparison. add more specs for date
* fix spec
* fix specs
* make prop private
* PM-4903- added a check for auth status and popout tabs, if no popup tab and auth is locked, abandon autofill
* add test
* clear all notifications if unlock popout closed
* add more tests and use tabid for performance optimization
* feat: add support for IPC client managed session storage
* feat: update SDK
* fix: using undecorated service in jslib module directly
* feat: add test case for web
* chore: document why we use any type
* fix: `ipc` too short
* typo: omg
* Revert "typo: omg"
This reverts commit 559b05eb5a.
* Revert "fix: `ipc` too short"
This reverts commit 35fc99e10b.
* fix: use camelCase
* PM-26916 utilize opid on focused fields as first validation in order to avoid erroneously filling other similar fields
* extract logic to helper and take totp and multiple forms into account
* run prettier
* avoid filling with opid if already filled
* clean up comments and avoid early return so all fields are scanned
* add tests
* allow for search while vault is loading
* fix comment wording
* remove subscription return value - it is not used
* update `distinctUntilChanged` to account for tuple
* use feature flag to determine search pattern
* fix tests & lint issues
* fix lint errors part 2
* add import to overflow styles to override the overflow applied by virtual scrolling
* add position relative so absolute children display in scrolling context rather over the entire page
* add fade in skeleton to vault page
* refactor vault loading state to shared service
* disable search while loading
* add live announcement when vault is loading / loaded
* simplify announcement
* resolve CI issues
* add feature flag for skeletons
* add feature flag observables for loading state
* update component naming
* consolidated session timeout settings component
* rename preferences to appearance
* race condition bug on computed signal
* outdated header for browser
* unnecessary padding
* remove required on action, fix build
* rename localization key
* missing user id
* required
* cleanup task
* eslint fix signals rollback
* takeUntilDestroyed, null checks
* move browser specific logic outside shared component
* explicit input type
* input name
* takeUntilDestroyed, no toast
* unit tests
* cleanup
* cleanup, correct link to deprecation jira
* tech debt todo with jira
* missing web localization key when policy is on
* relative import
* extracting timeout options to component service
* duplicate localization key
* fix failing test
* subsequent timeout action selecting opening without dialog on first dialog cancellation
* default locale can be null
* unit tests failing
* rename, simplifications
* one if else feature flag
* timeout input component rendering before async pipe completion
* typing cleanup
* additional cleanup
* more typing fixes
* revert notification background changes
* fix DOM query service breakage
* do not run a fill_by_opid action if there is a nullish or empty value attribute
* type cleanup
* cleanup per review suggestions
* remove unused flag check
* add non-null assertion signposts
* additional cleanup
* add persistent callout in settings for non-premium users
* always call password reprompt in doAutofill
* ensure password reprompt is checked in all instances
* Revert "add persistent callout in settings for non-premium users"
This reverts commit d206832cd3.
* limit port to internal communications
* A few more internal-only ports
* fixup tests
disabled tests that are now failing with a race condition.
* Remove autofill team review requirement
* Improve popout window UX for fullscreen macOS
Adds special handling for popout windows when the sender is in fullscreen mode on macOS. The sender window moves from fullscreen to maximized before opening the popout, and the new window is focused after creation to improve user experience.
* Add tests for fullscreen popout behavior on mac
added happy path and skip path tests
* Move popout window check before fullscreen logic
* Refactor openPopout tests for platform-specific fullscreen handling
* run prettier
---------
Co-authored-by: Addison Beck <github@addisonbeck.com>
* feature flag
* new upgrade dialog component and moved pricing service into libs
first draft
* moved pricing service to libs/common
removed toast service from the pricing service and implemented error handling in calling components
# Conflicts:
# apps/web/src/app/billing/individual/upgrade/upgrade-payment/upgrade-payment.component.ts
* moved new premium upgrade dialog component to libs/angular
* badge opens new dialog in browser extension
* adds new dialog to desktop and fixes tests
* updates send dropdown to use premium prompt service
* styling and copy updates
* implement in web and desktop
* unit tests
* converting premium reports to use premium badge, and some cleanup
* fixes issue after merge
* linter errors
* pr feedback
* handle async promise correctly
* full sync after the premium upgrade is complete
* fixing test
* add padding to bottom of card in new dialog
* add support for self hosting
* fixing tests
* fix test
* Update has-premium.guard.ts
* pr feedback
* fix build and pr feedback
* fix build
* prettier
* fixing stories and making badge line height consistent
* pr feedback
* updated upgrade dialog to no longer use pricing card
* fixing incorrect markup and removing unused bits
* formatting
* pr feedback
removing unused message keys and adding back in code that was erroneously removed
* change detection
* close dialog when error
* claude pr feedback
* expose local db file to extension
* fetch from local db as fallback; only fetch new data on changed checksum; fetch from cdn
* check for undefined chrome runtime (for easy Storybook mocking)
* update capital letters lint
* add audit api tests
* add bash script to fetch local db info and split it to meet FF size limits
* add readme
* Rename README.md to readme.md
* remove leftover file
* remove unused methods from audit service
* remove local db logic
* wip
* revert local db build changes
* add tests; sub to updates directly; refactor teardown logic
* fix eslint crashing
* remove temp premium override
* remove unused test
* update timer value
* run prettier
* refetch all domains on app version change
* fix log statement
* harden fetching
* filter empty domains
* fix type issue
* fix typo
* fix type error
* fix cleanup
Admin Console UI for URI Match Default Policy
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param