Why is CodiMD now called HedgeDoc?¶
The short version: There were two CodiMD-projects on GitHub, the community-driven fork and the original project maintained by the HackMD-team. To solve this naming conflict, our community-driven version was renamed to HedgeDoc. For a full writeup, check out the history overview.
Can I run multiple instances on the same database?¶
No. The HedgeDoc server process is not entirely stateless and therefore running more than one instance will result in missing/broken content for users. In order to solve issues like HA-capabilities, please use a high level orchestrator that makes sure that always 1 instance is running on your infrastructure and that the database is available. The server process usually starts within seconds and therefore the possible downtime should be minimal.
Why was the PDF Export feature removed?¶
We used a headless Chromium instance to generate the PDFs, but that led to some security vulnerabilities and was therefore deactivated.
There are currently plans to re-add this feature in a safe way, but this will most likely take some time and can be expected at the earliest with HedgeDoc 2.1 (but could also take longer).
In the meantime you can use your browsers print to PDF Feature. This page explains how to do that for multiple browsers.
Why can't I embed some PDFs?¶
Many servers don't allow the embedding of their content on arbitrary sites.
For a more technical explanation:
X-Frame-Options header can be used to specify if a given webpage can be embedded.
For security reasons this header is often set to
SAMEORIGIN, which disallows embedding on other origins.
To be able to embed a PDF inside a HedgeDoc note, the server that hosts the PDF must either send no
header (which might be insecure) or include the URI of your HedgeDoc instance in an
See Mozillas docs for more details.
Also note that the
X-Frame-Options header is being obsoleted
frame-ancestors statement in the
Why can't I embed a HedgeDoc note in other pages using iframes?¶
Allowing your HedgeDoc instance to be embedded in other pages increases the risk of clickjacking,
XSS and other attacks.
Therefore, we recommend to not enable this option.
If you still want to allow embedding via iframe, ensure that:
- Your HedgeDoc instance is served via HTTPS
CMD_COOKIE_POLICYis set to
none(Otherwise you will get a
AUTH failed: No cookie transmittederror.)
CMD_CSP_ALLOW_FRAMINGis set to
See also the configuration docs for more information about these options.
I can't upload images or the upload gets stuck¶
This problem is typically accompanied by the error
Invalid URL: /uploads/ in the log and is often caused by a missing
CMD_DOMAIN config option or an incorrect reverse proxy config.
Have a look at our reverse proxy documentation and make sure that
CMD_PROTOCOL_USESSL is set to
true if you serve HedgeDoc via HTTPS.
HedgeDoc fails executing migrations and does not start¶
Unfortunately, older versions of HedgeDoc had some bugs regarding migrations and didn't always record that a migration was executed.
Have a look at the Troubleshooting Migrations guide for more information.