diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-12-16 11:50:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-16 11:50:35 +0100 |
| commit | 7ca0a71601f92064db64862c8cab46a77d9c3d3d (patch) | |
| tree | 342c9a8972757d3706903a40e27a6f8e5a43533e /app/controllers/api | |
| parent | 3868ba683d56dbbeecc839fdeaeb7b3d0b18bb9a (diff) | |
| parent | 0912fb736d435b132779828376cd10cf7ad8e56e (diff) | |
Merge pull request #2014 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/controllers/api')
| -rw-r--r-- | app/controllers/api/base_controller.rb | 20 | ||||
| -rw-r--r-- | app/controllers/api/v1/admin/domain_blocks_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/api/v1/notifications_controller.rb | 2 |
3 files changed, 23 insertions, 5 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index defef0656..41f3ce2ee 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -16,6 +16,26 @@ class Api::BaseController < ApplicationController protect_from_forgery with: :null_session + content_security_policy do |p| + # Set every directive that does not have a fallback + p.default_src :none + p.frame_ancestors :none + p.form_action :none + + # Disable every directive with a fallback to cut on response size + p.base_uri false + p.font_src false + p.img_src false + p.style_src false + p.media_src false + p.frame_src false + p.manifest_src false + p.connect_src false + p.script_src false + p.child_src false + p.worker_src false + end + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end diff --git a/app/controllers/api/v1/admin/domain_blocks_controller.rb b/app/controllers/api/v1/admin/domain_blocks_controller.rb index df5b1b3fc..8b77e9717 100644 --- a/app/controllers/api/v1/admin/domain_blocks_controller.rb +++ b/app/controllers/api/v1/admin/domain_blocks_controller.rb @@ -40,10 +40,8 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController def update authorize @domain_block, :update? - @domain_block.update(domain_block_params) - severity_changed = @domain_block.severity_changed? - @domain_block.save! - DomainBlockWorker.perform_async(@domain_block.id, severity_changed) + @domain_block.update!(domain_block_params) + DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?) log_action :update, @domain_block render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer end diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index ac49167cb..a6ed359c9 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -40,7 +40,7 @@ class Api::V1::NotificationsController < Api::BaseController private def load_notifications - notifications = browserable_account_notifications.includes(from_account: :account_stat).to_a_paginated_by_id( + notifications = browserable_account_notifications.includes(from_account: [:account_stat, :user]).to_a_paginated_by_id( limit_param(DEFAULT_NOTIFICATIONS_LIMIT), params_slice(:max_id, :since_id, :min_id) ) |