diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index 38cf7871..4a662dd8 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -252,7 +252,7 @@ http { {% endif %} {% endif %} - {% if API %} + {% if API == 'true' %} location ~ {{ WEB_API or '/api' }} { include /etc/nginx/proxy.conf; proxy_pass http://$admin; diff --git a/setup/static/render.js b/setup/static/render.js index b2cdc7c8..efb5bdbe 100644 --- a/setup/static/render.js +++ b/setup/static/render.js @@ -1,12 +1,7 @@ //API_TOKEN generator -var chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ"; -var tokenLength = 12; -var token = ""; - -for (var i = 0; i <= tokenLength; i++) { - var randomNumber = Math.floor(Math.random() * chars.length); - token += chars.substring(randomNumber, randomNumber +1); - } +var random_array = new Uint32Array(2); +crypto.getRandomValues(random_array); +var token = random_array[0].toString() + random_array[1].toString(); $(document).ready(function() { if ($("#webmail").val() == 'none') { @@ -53,7 +48,7 @@ $(document).ready(function() { $("#api_token_label").show(); } else { $("#api_path").hide(); - $("#api_path").val("/api") + $("#api_path").val("") $("#api_token").hide(); $("#api_token").prop('required',false); $("#api_token").val(""); @@ -69,7 +64,7 @@ $(document).ready(function() { $("#api_token_label").show(); } else { $("#api_path").hide(); - $("#api_path").val("/api") + $("#api_path").val("") $("#api_token").hide(); $("#api_token").prop('required',false); $("#api_token").val(""); diff --git a/setup/templates/steps/config.html b/setup/templates/steps/config.html index 19736448..03d03c41 100644 --- a/setup/templates/steps/config.html +++ b/setup/templates/steps/config.html @@ -93,7 +93,7 @@ manage your email domains, users, etc.
It is not possible to use the API without an API token.