Ricky Romero

I'd like to bump this issue in light of the Handbrake breach, which circumvented Sparkle through social-engineering (emphasis mine): > HandBrake had been nagging me for some time to install...

Today I saw this update prompt from 1Password and have no guarantee that it's legitimate. 

For completeness, here are the environment variables I've set for Grist. ``` GRIST_SAML_SP_HOST=https://grist.example.com GRIST_SAML_SP_KEY=/saml/snakeoil-sp.key GRIST_SAML_SP_CERT=/saml/snakeoil-sp.pem GRIST_SAML_IDP_LOGIN=https://auth.example.com/application/saml/grist/sso/binding/redirect/ GRIST_SAML_IDP_LOGOUT=https://auth.example.com/application/saml/grist/sso/binding/redirect/ GRIST_SAML_IDP_CERTS=/saml/snakeoil-idp.pem ```

That Reddit post was helpful. I changed Service Provider Binding to Post, then added `GRIST_SAML_IDP_UNENCRYPTED=1` to my environment variables. My installation works now. Thank you! :+1::+1::+1:

One thing that I haven't documented about this change is that in order to handle HTTPS proxying, we need to open 3 ports total: - The proxy itself [ex: 8080],...

Upon further reflection, this is an easily-solved problem - check if the port is available first. If not, keep iterating upward until we find one we can use. If the...

@Stuk I've gone ahead and made the change to randomly assign internal proxying ports. Feeling more confident about merging this now. Let me know if you want any other changes.

@Stuk Thanks for taking another look! The user doesn't choose between HTTP or HTTPS proxies - that selection is done by the script based on the incoming request. All they...

For what it's worth, I found this PR handy for filtering external scripts. I manually patched my copy and it worked like a charm. This also follows an existing pattern...