This page is intended to provide answers to some questions that frequently appear in the community.
In the past, the number of problems with our demo instance was very low, but we don’t guarantee that your notes won’t be lost because of hardware or software malfunctions. The demo instance runs the latest unstable code from our repository, so sometimes things might not work as expected. We generally recommend hosting your own instance for more than testing the features.
Some countries have a too high latency to the demo instance, which means HedgeDoc would be unusable. To make the demo available in as many countries as possible, we use Cloudflare. One of the downsides is that Cloudflare intercepts all TLS traffic between your browser and the demo instance, which makes the demo unsuitable for private notes. You can of course self-host HedgeDoc to avoid all of these latency and privacy issues.
No. The HedgeDoc server process is not entirely stateless and therefore running more than one instance will result in missing/broken content for users. In order to solve issues like HA-capabilities, please use a high level orchestrator that makes sure that always 1 instance is running on your infrastructure and that the database is available. The server process usually starts within seconds and therefore the possible downtime should be minimal.
The short version: There were two CodiMD-projects on GitHub, the community-driven fork and the original project maintained by the HackMD-team. To solve this naming conflict, our community-driven version was renamed to HedgeDoc. For a full writeup, check out the history document.
We used a chrome-headless instance to generate the PDFs, but that led to some security vulnerabilities and was therefore deactivated. There are currently plans to re-add this feature in a safe way, but this will most likely take some time and can be expected at the earliest with 2.1 (but could also take longer). In the meantime you can use your browsers print to PDF Feature. This page explains how to do that for multiple browsers.
Many servers don’t allow the embedding of their content on arbitrary sites.
For a more technical explanation:
The X-Frame-Options header can be used to specify if a given webpage can be embedded.
For security reasons this header is often set to SAMEORIGIN, which disallows embedding on other origins.
To be able to embed a PDF inside a HedgeDoc note, the server that hosts the PDF must either send no X-Frame-Options
header (which might be insecure) or include the URI of your HedgeDoc instance in an ALLOW-FROM statement.
See Mozillas docs for more details.
Also note that the X-Frame-Options header is being obsoleted
by the frame-ancestors statement in the Content-Security-Policy header.