eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-03-07 04:07:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,722 Commits 2 Branches 182 Tags
develop
Commit Graph

79 Commits

Author SHA1 Message Date
Ralph Slooten
7d314d2b50 Chore: Add CORS error logging and update error messages for failed CORS requests 2026-02-08 11:19:54 +13:00
Ralph Slooten
9d2f30787a Fix spelling 2026-02-08 11:17:17 +13:00
Ralph Slooten
a63bcd9bd3 Chore: Add support for multi-origin CORS settings and apply to events websocket (#630) 2026-02-01 15:33:53 +13:00
Ralph Slooten
5ad8619893 Fix: Prevent potential information disclosure via indirect expvar library (Prometheus) 
This is a security fix which prevents potential information disclosure due to a pre-registered HTTP route. The Prometheus client imports the go stdlib expvar, which in turn is auto-registers `/debug/vars` on the default servemux. This fix ensures no default/global routes are inherited via the http library.
 2025-10-08 17:32:05 +13:00
Ralph Slooten
f3e3536cdb Feature: Add ability to generate self-signed (snakeoil) certificates for UI, SMTP and POP3 (#539) 2025-07-24 17:02:50 +12:00
Ralph Slooten
f99d9ecf69 Chore: Refactor error handling and resource management across multiple files (golangci-lint) 
- Updated error handling to use the error return value for resource closures in tests and functions, ensuring proper error reporting.
- Replaced direct calls to `Close()` with deferred functions that handle errors gracefully.
- Improved readability by using `strings.ReplaceAll` instead of `strings.Replace` for string manipulation.
- Enhanced network connection handling by adding default cases for unsupported network types.
- Updated HTTP response handling to use the appropriate status codes and error messages.
- Removed unused variables and commented-out code to clean up the codebase.
 2025-06-22 15:25:21 +12:00
Ben Edmunds
82d7bdc971 Feature: Add Prometheus exporter (#505) 2025-06-06 14:33:49 +12:00
Ben Edmunds
9bfdeb5f7b Feature: Send API allow separate auth (#504) 
Co-authored-by: Ben Edmunds <ben.edmunds@dotdigital.com>
 2025-05-30 08:34:40 +12:00
Ralph Slooten
c5b3edf87d Fix: Ignore basic auth for OPTIONS requests to API when CORS is set 
Web browsers do not send authorization headers for  preflight requests.
 2025-05-30 00:00:05 +12:00
Ralph Slooten
876d0eb5da Feature: Add configuration to explicitly disable HTTP compression in web UI/API (#448) 2025-03-01 22:51:22 +13:00
Ralph Slooten
dac9fcf735 Chore: Replace http.FileServer with custom controller to correctly encode gzipped error responses for embed.FS 
Go v1.23 removes the Content-Encoding header from error responses, breaking pages such as 404's while using gzip compression middleware.
 2025-02-08 15:15:07 +13:00
Ralph Slooten
496bf17db7 Chore: Add API CORS policy to HTML preview routes (#434) 2025-02-02 15:57:40 +13:00
Ralph Slooten
4d86297169 Feature: Add Chaos functionality to test integration handling of SMTP error responses (#402, #110, #144 & #268) 
Closes #405
 2025-01-25 12:17:15 +13:00
Ralph Slooten
23fee8e4e1 Chore: Move smtpd & pop3 modules to internal 2024-12-14 17:51:02 +13:00
Ralph Slooten
657cada916 Chore: Add swagger examples & API code restructure 2024-11-09 13:24:20 +13:00
Ralph Slooten
31ec6681a7 Feature: Experimental Unix socket support for HTTPD & SMTPD (#373) 2024-10-24 23:12:34 +13:00
Ralph Slooten
a56fd1f53d Chore: Code cleanup 2024-10-12 15:20:11 +13:00
Ralph Slooten
a078c318e8 Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify) 
This closes a security hole whereby a bad actor with SMTP access can bypass the CSP headers with a series of specially crafted HTML messages. A special thanks to @bmodotdev for responsibly disclosing the vulnerability and proving information and an initial fix.
 2024-07-26 22:02:14 +12:00
Ralph Slooten
9e881ea868 Chore: Display nicer noscript message when JavaScript is disabled 2024-07-24 19:19:26 +12:00
Ralph Slooten
0c377b9616 Feature: Add ability to rename and delete tags globally 2024-06-29 17:12:56 +12:00
Ralph Slooten
ebf7bb6348 Chore: Simplify JSON HTTP responses 2024-05-05 12:25:26 +12:00
Ralph Slooten
a15f032b32 Feature: API endpoint for sending (#278) 2024-05-04 10:15:30 +12:00
Ralph Slooten
d3b048e933 Chore: Clearer error messages for read/write permission failures (#281) 2024-04-21 10:16:59 +12:00
Ralph Slooten
072db266be Fix: Add delay to close database on fatal exit (#280) 2024-04-20 10:28:12 +12:00
Ralph Slooten
31e4f84f9a Chore: Remove deprecated --disable-html-check option 2024-04-13 00:25:48 +12:00
Maximilian Krauß
186f8b1829 Fix: Remove duplicated authentication check (#276) 2024-04-09 21:51:17 +12:00
Ralph Slooten
f548bbb874 Feature: Optional POP3 server (#249) 
Originally requested in #72
 2024-02-24 23:10:48 +13:00
Ralph Slooten
26a2095674 Chore: Security improvements (gosec) 2024-02-17 12:38:30 +13:00
Ralph Slooten
9cda71f21a Feature: Add optional SpamAssassin integration to display scores (#233) 2024-01-20 12:07:49 +13:00
Ralph Slooten
dd57596fd1 UI: Automatically refresh connected browsers if Mailpit is upgraded (version change) 2024-01-03 12:54:12 +13:00
Ralph Slooten
0af11fcb28 Chore: Include runtime statistics in API (info) & UI (About) 
Resolves #218
 2024-01-02 13:23:16 +13:00
Ralph Slooten
06ca217cde Chore: Convert to many-to-many message tag relationships 2024-01-01 23:46:34 +13:00
Ralph Slooten
83e291208a Chore: Standardize error logging & formatting 2024-01-01 15:25:38 +13:00
Ralph Slooten
945da2c75c Chore: Clearer log messages for bound SMTP & HTTP addresses 
See #211
 2023-12-01 15:03:01 +13:00
Ralph Slooten
ffe6167d96 Feature: Add URL redirect (/view/latest) to view latest message in web UI (#166) 2023-11-02 16:15:45 +13:00
Ralph Slooten
0ab4210640 Feature: Set auth credentials directly from environment variables 
Credentials for the UI and SMTP can now be exported via the `MP_UI_AUTH` and `MP_SMTP_AUTH` environment variables. See #173
 2023-09-29 16:40:23 +13:00
Ralph Slooten
ae15cac727 Testing: Add endpoints for integration tests 
See #166
 2023-09-27 17:29:03 +13:00
Ralph Slooten
737cff5a96 Chore: Update internal/storage import paths 2023-09-25 19:29:32 +13:00
Ralph Slooten
b6d5a8c182 Chore: Update internal import paths 2023-09-25 19:29:30 +13:00
Ralph Slooten
6a4e5fb03c UI: Rewrite web UI, add URL routing and components 
See #156
 2023-09-22 15:06:03 +12:00
Ralph Slooten
b193851269 API: Delete by search filter 
See #164
 2023-09-22 07:00:02 +12:00
Ralph Slooten
582f1f88b2 API: Add endpoint to return all tags in use 2023-09-22 06:55:20 +12:00
Ralph Slooten
ee49149df9 Feature: New search filter [!]is:tagged 
See #164
 2023-09-14 22:30:20 +12:00
Ralph Slooten
a37da776d7 Feature: HTML screenshots 
Resolves #157
 2023-09-06 16:14:35 +12:00
Ralph Slooten
d01fb4044e Feature: Link check to test message links 
@see #151
 2023-08-16 16:59:31 +12:00
Ralph Slooten
24fb49d079 Fix: Add basePath to swagger.json if webroot is specified 
@See #147
 2023-07-30 17:35:17 +12:00
Ralph Slooten
1922651d41 Feature: HTML check to test & score mail client compatibility with HTML emails 2023-07-30 17:04:06 +12:00
Ralph Slooten
50b5f8667a Minor UI / CLI updates 2023-05-23 16:07:05 +12:00
Ralph Slooten
9670c4e1d5 API: Return blank 200 response for OPTIONS requests (CORS) 2023-05-09 17:11:57 +12:00
Ralph Slooten
16bc025fff API: Set Access-Control-Allow-Headers when --api-cors is set 2023-05-04 22:23:07 +12:00