<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#41568
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing
- [x] QA'd all new/changed functionality manually
<img width="751" height="239" alt="Localhost pixel 9pro xl emulation"
src="https://github.com/user-attachments/assets/2ad2d07a-aca8-4c4f-bbe2-0700736a51a4"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Adjusted the enrollment page responsive layout so the enroll button
renders at full width on larger-resolution mobile and medium screens.
* Increased spacing between device instructions and the enrollment
action to improve layout clarity.
* Visual-only change — no functional or behavioral modifications to the
enrollment flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40538
This is the initial iteration of CSP functionality, currently gated
behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces
are still injected into pages however a dummy nonce is used and has no
effect.
With this setting turned on things break and will be addressed by mainly
frontend changes in https://github.com/fleetdm/fleet/issues/41577
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
**Related issue:** Resolves#39996
This adds a new flow where the user is asked to navigate and dowload the
enrollment profile in safari for ios and ipados devices.
This fixes an issue where the enrollment profile was not downloaded
correctly on browsers other than Safari.
https://github.com/user-attachments/assets/20304389-4b36-445b-9b8f-d4b9bfbff143
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
- Many users will be single-clicking the downloaded Profile from the
expanded dock - "open" is the right level of specificity.
<img width="199" height="240" alt="Screenshot 2026-03-05 at 10 35 28 AM"
src="https://github.com/user-attachments/assets/5c782753-f479-425c-9492-61e9b13fef86"
/>
- The fact that we call out that there will be a warning communicates
that it is expected, redundant to say so. Also, it looks cleaner.
<img width="829" height="413" alt="Screenshot 2026-03-05 at 10 32 59 AM"
src="https://github.com/user-attachments/assets/f4e1fff2-4391-4971-ba99-32edbf2e25f4"
/>
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39389 (unreleased bug)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [ ] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38880, #38881
This adds the UI updates to the enroll page to so that verious devices
can enroll after scanning the QR code.
> NOTE: still a small piece is needed to integrate with the API changes
and to ensure android devices can actually enroll with the new QR code.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] QA'd all new/changed functionality manually
fixes: #29222
This is a feature branch that was completed last week, but did not get
merged in time.
All pr's going in was approved, and reviewed.
I will after this is merged, do a cherry pick onto the RC 4.73 branch,
and initiate the FR merge process.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
some iPads default to requesting the desktop version of websites, and
thus they send a different user agent. This improves the detection with
a well-known method.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
for #19448
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
relates to #21559
This adds the ability for end users to enrol their own device in fleet
mdm.
> NOTE: this new byod HTML page is a separate HTML asset that contains
all styles and scripts needed for the page to work. We do not send the
fleet UI assets and this drastically cuts down the response time to the
users who will be visiting this page on mobile devices
There are two sides included in this:
**Adding a new add host modal ios and iPad section for IT admins**
**delivering a new byod HTML page to end users that will allow end users
to download the config profile to enrol into fleet mdm**
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
* add google analytics to sandbox instances
* Add serverType variable to frontend handler
* update version of html-webpack-plugin
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
- Add the server_url_prefix flag for configuring this functionality
- Add prefix handling to the server routes
- Refactor JS to use appropriate paths from modules
- Use JS template to get URL prefix into JS environment
- Update webpack config to support prefixing
Thanks to securityonion.net for sponsoring the development of this feature.
Closes#1661
* Add SCSS pipeline and fix login style issues
* Fix nav styles and make tests pass
* Fix nav header styles and animations
* Change font-size to 13px on nav
* Fix duplicate specificity of styles
* Extracts stacked boxes UI to a re-usable component
* Presence validator
* Equality validator
* Adds ResetPasswordFrom
* PasswordResetPage component and route
* Ex icon on forgot pw page goes to login
* Smooth out the fonts so they match the mocks
* Remove dynamic background and refactor colors
* API client utility
* moves test helpers to the test directory
* Utility to namespace local storage keys
* LoginSuccessfulPage component
* Check icon
* adds auth to redux state
* successful form submission
* Allow tests to load dummy SVG static images & test fixes
* Add sensible React base to the app for frontend
This PR attempts to "reactify" Kolide and provide a sane development environment
that a front-end engineer would probably expect.
This PR accomplishes by doing the following:
1. Reorganizes the app into a `server/` and `client/` folders to keep golang
logic separated from react logic.
2. Adds an "asset pipeline" via webpack which knows how to build a js
and css bundle.
3. Packages up all static assets in a go-bindata file so that the binary
remains portable without external file dependencies.
1. Add a Makefile with several targets that will be common in everyday
development. For example, we have `serve` target which spins up a nodejs
reverse proxy on port 8081 which then watches for changed files, automatically
rebuilds the app, and hot loads the new JS/CSS in.
**Note:** Please use `make` to build the app, not `go build` as there are
now several things that need to be orchestrated beyond the go code to build the app.
* Create build if it doesn't exist, and use `go get`
* Improve README to reflect new dev workflow
* Document css vars and funcs and use alias paths
* makefile and structure modifications
