summaryrefslogtreecommitdiffstats
path: root/static
Commit message (Collapse)AuthorAgeFilesLines
* Fix base64 encoding crash on file attachments over ~1MBGab Virebent11 days1-1/+14
| | | | | | | String.fromCharCode(...bytes) spreads every byte as a separate call argument, exceeding the engine's max-arguments limit on multi-MB files (RangeError: Maximum call stack size exceeded). Chunk the conversion instead. Reported by a real submitter trying a 1.5MB file.
* Add light/dark theme toggle, fix dark theme text contrastGab Virebent11 days4-37/+161
| | | | | | | | | | Theme state persists via localStorage, applied pre-paint by theme-init.js to avoid flash. All JS moved to external files (app.js, theme-init.js) to keep script-src 'self' CSP intact, no inline scripts. Dark theme footer/notice/tagline colors were too close to the background (footer nearly matched the card border color) and hard to read; brightened to readable grays while leaving the light theme and submit button untouched.
* Fix PoW status message never rendering in the browserGab Virebent12 days1-0/+10
| | | | | | | | | A tight loop of only-awaited crypto.subtle.digest calls never yields to the browser's rendering pipeline (they resolve as microtasks), so the "computing proof of work" status update was silently skipped from the user's perspective even though the computation ran correctly. Insert an explicit macrotask yield before and periodically during the search so the message actually paints and the tab stays responsive.
* Add client-side proof of work and fix X25519 WebCrypto API usageGab Virebent12 days1-5/+44
| | | | | | | | | | | | | Self-contained hashcash-style PoW on /submit: client finds a nonce so SHA-256("<unix-ts>:<nonce>") has enough leading zero bits, sent as an X-Nymdrop-Pow header; server verifies and rejects expired or replayed stamps, no challenge round-trip required. Difficulty tunable via --pow-difficulty without a rebuild. Also fixes a latent bug in the browser crypto: X25519 was being requested as ECDH with namedCurve "X25519", which is not a valid WebCrypto combination and always throws. Modern WebCrypto exposes X25519 as its own algorithm identifier.
* Initial public release: Nym-native anonymous submission systemGab Virebent2026-06-203-0/+351
End-to-end verified pipeline (browser -> HTTP relay -> Nym mixnet -> reader). Client-side X25519+HKDF+AES-GCM-256, no-log blind relay, AGPL-3.0.