12 files changed, 25 insertions, 26 deletions

diff --git a/api/context.go b/api/context.go
index ac9dffcbc..16da0a6eb 100644
--- a/api/context.go
+++ b/api/context.go
@@ -101,6 +101,12 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
 	w.Header().Set(model.HEADER_VERSION_ID, utils.Cfg.ServiceSettings.Version)
 
+	// Instruct the browser not to display us in an iframe for anti-clickjacking
+	if !h.isApi {
+		w.Header().Set("X-Frame-Options", "DENY")
+		w.Header().Set("Content-Security-Policy", "frame-ancestors none")
+	}
+
 	sessionId := ""
 
 	// attempt to parse the session token from the header
diff --git a/api/file.go b/api/file.go
index 889c9dd1b..3ef50fbbd 100644
--- a/api/file.go
+++ b/api/file.go
@@ -33,7 +33,7 @@ func InitFile(r *mux.Router) {
 
 	sr := r.PathPrefix("/files").Subrouter()
 	sr.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST")
-	sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+\\.[A-Za-z0-9]{3,}}", ApiAppHandler(getFile)).Methods("GET")
+	sr.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandler(getFile)).Methods("GET")
 	sr.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("POST")
 }
 
diff --git a/api/team.go b/api/team.go
index 1145e6e81..c9fe42ecc 100644
--- a/api/team.go
+++ b/api/team.go
@@ -35,25 +35,18 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	m := model.MapFromJson(r.Body)
 	email := strings.ToLower(strings.TrimSpace(m["email"]))
-	displayName := strings.TrimSpace(m["display_name"])
 
 	if len(email) == 0 {
 		c.SetInvalidParam("signupTeam", "email")
 		return
 	}
 
-	if len(displayName) == 0 {
-		c.SetInvalidParam("signupTeam", "display_name")
-		return
-	}
-
 	subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL())
 	bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL())
 	bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink
 
 	props := make(map[string]string)
 	props["email"] = email
-	props["display_name"] = displayName
 	props["time"] = fmt.Sprintf("%v", model.GetMillis())
 
 	data := model.MapToJson(props)
diff --git a/api/templates/email_change_body.html b/api/templates/email_change_body.html
index f8f3845e7..439fffd5b 100644
--- a/api/templates/email_change_body.html
+++ b/api/templates/email_change_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -32,7 +32,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/find_teams_body.html b/api/templates/find_teams_body.html
index 6eaaf56e0..a73ed0ad4 100644
--- a/api/templates/find_teams_body.html
+++ b/api/templates/find_teams_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -40,7 +40,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/invite_body.html b/api/templates/invite_body.html
index 46189fae5..ad0658e3d 100644
--- a/api/templates/invite_body.html
+++ b/api/templates/invite_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -35,7 +35,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/password_change_body.html b/api/templates/password_change_body.html
index 515c0a7d9..1d4a6e1c8 100644
--- a/api/templates/password_change_body.html
+++ b/api/templates/password_change_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -32,7 +32,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/post_body.html b/api/templates/post_body.html
index c0f4375d8..0aa913db5 100644
--- a/api/templates/post_body.html
+++ b/api/templates/post_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -35,7 +35,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/reset_body.html b/api/templates/reset_body.html
index af9f6b4e8..4c2fec1e7 100644
--- a/api/templates/reset_body.html
+++ b/api/templates/reset_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -35,7 +35,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/signup_team_body.html b/api/templates/signup_team_body.html
index 5a5ae4d47..5e60a042b 100644
--- a/api/templates/signup_team_body.html
+++ b/api/templates/signup_team_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -38,7 +38,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/verify_body.html b/api/templates/verify_body.html
index 67ded9c20..1a68c16f5 100644
--- a/api/templates/verify_body.html
+++ b/api/templates/verify_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -35,7 +35,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>
diff --git a/api/templates/welcome_body.html b/api/templates/welcome_body.html
index 7107bc2e0..cc4d95fb1 100644
--- a/api/templates/welcome_body.html
+++ b/api/templates/welcome_body.html
@@ -8,7 +8,7 @@
                     <td style="border: 1px solid #ddd;">
                         <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;">
                             <tr>
-                                <td style="padding: 20px 30px 10px; text-align:left;">
+                                <td style="padding: 20px 20px 10px; text-align:left;">
                                     <img src="{{.TeamURL}}/static/images/{{.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt="">
                                 </td>
                             </tr>
@@ -32,7 +32,7 @@
                                 </td>
                             </tr>
                             <tr>
-                                <td style="text-align: center;color: #AAA; font-size: 13px; padding-bottom: 10px;">
+                                <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;">
                                     <p style="margin: 25px 0;">
                                         <img width="65" src="{{.TeamURL}}/static/images/circles.png" alt="">
                                     </p>