Headers

TimL • 2025/06/12

In System Tools > Settings > Security there are 2 header related options:

Use CTO and STS headers
- X-Content-Type-Options: nosniff
- Strict-Transport-Security: max-age=$HSTSSeconds; includeSubDomains
  - $HSTSSeconds is set in noodle.properties (6 months default)
  - Only set if HTTPS is in use
Use RT, CSP, FO, XSSP headers
- Report-To: ...1 day... /CSP.po
  - If Chrome or Edge of supporting versions
- Content-Security-Policy: $CSP
  - $CSP varies depending on the page served
- X-Frame-Options: SAMEORIGIN
- Referrer-Policy: strict-origin-when-cross-origin
- X-XSS-Protection: 1

JWT

TimL • 2025/03/25

Noodle can authenticate users from Google JWT.

Cloud users can visit intra.net
Local installs can visit https://intra.net/index_google.html?new=$your.domain.local
- after which a button will appear on the login page and a setting to disable it.

Terms Of Service

TimL • 2025/01/05

Act in good faith and contact us about any questions.

Privacy Policy

TimL • 2025/01/05

We don't share your data with anyone.

Some features may send data to 3rd parties (VPS, AI, Email, ect)

LLM APIs

TimL • 2024/11/26

Noodle can integrate with Large Language Models to aid in content creation. ArtificialAnalysis.ai has a nice pricing, quality, and speed overview. One token is roughly equivalent to 0.75 million words.

Links to 3rd party Application Programming Interfaces and pricing:

Free tiers:

x.ai ($25/month free + $7.50 / 1M Tokens)
google.com (Gemini 1.5 Flash: 1.5k requests / day + $0.13 / 1M Tokens)
huggingface.co (1k requests / day + $9 / month for 20k requests / day)

Paid only:

anthropic.com (Haiku: $2 / 2M Tokens)
openai.com (o1-mini: $5.25 / 1M tokens)

Screen sharing

TimL • 2024/09/27

To get a screen share from Vialect please use any free offering:

app:
- Tox
- RustDesk
web:
- Google Meet (free: 1h call limit)
- Screen Leap
- Dead Simple Screen Sharing

Or send us a link to a paid service:

app:
web or app:
- Join.me
- Zoom

Or let us know if you have some other preference.

Currently not working on some Web Browsers:

Microsoft Teams [CoreError::LAYOUT_ERROR][Error::Cannot return null for non-nullable field AuthenticationUserProfile.upn.]

Update HTTPS

TimL • 2024/01/23

If certbot from Let's Encrypt is not used certificates will need to be updated annually.

Download the signed public key from your Certificate Authorities (CA)
Import the signed public key into the keystore already containing the private key (and intermediate certificates if required)

keytool -import -alias noodle.domain.tld -trustcacerts -file noodlecert.crt -keystore noodle.pfx

Restart the Noodle service

In memory

TimL • 2023/11/13

Add the following to the Host tag in server.xml

<Context docBase="ROOT" override="true">
    <Resources cachingAllowed="true" cacheMaxSize="100000"/>
</Context>

Add the following to multiserver or intranet.bat

-Xmx1000m -Xms1000m -XX:+UseG1GC

Low memory

TimL • 2022/08/05

Add the following to the Host tag in server.xml

<Context docBase="ROOT" override="true">
    <Resources cachingAllowed="false" />
</Context>

Add the following to multiserver or intranet.bat

-Xmx50m -Xms50m -XX:+UseG1GC

Redirect to SSO

TimL • 2022/03/24

Put the following in the MOTD file:

<script>
    if (location.href.indexOf("?") < 0) {
        location.href = location.href.replace(/(https?:\/\/[^\/]+)(\/.*)?/, "$1/SPNEGO.po");
    }
</script>

The same can be done for SAML.po

Noodle Help Site

Helping you use your Noodle