csp.allowFraming
config option, which controls whether embedding a HedgeDoc instance in other webpages is allowed.
We strongly recommend disabling this option to reduce the risk of XSS attackscsp.allowPDFEmbed
config option, which controls whether embedding PDFs inside HedgeDoc notes is allowed. We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacksfilesystem
upload methodsecure
flag, if HedgeDoc is loaded via HTTPS/metrics
and /status
Do you need help with installation or upgrade? Read our docs!
This version hasn't been released as docker image yet. Come back later or check out our docker repository at quay.io hedgedoc/hedgedoc