csp.allowFramingconfig option, which controls whether embedding a HedgeDoc instance in other webpages is allowed. We strongly recommend disabling this option to reduce the risk of XSS attacks
csp.allowPDFEmbedconfig option, which controls whether embedding PDFs inside HedgeDoc notes is allowed. We recommend disabling this option if you don’t use the feature, to reduce the attack surface of XSS attacks
secureflag, if HedgeDoc is loaded via HTTPS
Do you need help with installation or upgrade? Read our docs!
Our docker images are located on quay.io at hedgedoc/hedgedoc.
You can pull our docker image directly with the command below. It is based on Debian Linux.
docker pull quay.io/hedgedoc/hedgedoc:1.9.0
The alpine-based image is much smaller than the debian-based image, but does not contain glibc resulting in some debugging software not working properly in the container.
docker pull quay.io/hedgedoc/hedgedoc:1.9.0-alpine