diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2022-12-15 20:25:25 +0100 |
|---|---|---|
| committer | Claire <claire.github-309c@sitedethib.com> | 2022-12-15 20:25:25 +0100 |
| commit | f3a4d57be14b40d1e3a6ad9e1a1f9337dafc872e (patch) | |
| tree | 623c4b710fed94a7280587da7d66863ab489957c /app/controllers/api | |
| parent | 3868ba683d56dbbeecc839fdeaeb7b3d0b18bb9a (diff) | |
| parent | f847f67410c75036edb2c4b45d0db048af0481c9 (diff) | |
Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `README.md`: Discarded upstream changes: we have our own README - `app/controllers/follower_accounts_controller.rb`: Port upstream's minor refactoring
Diffstat (limited to 'app/controllers/api')
| -rw-r--r-- | app/controllers/api/base_controller.rb | 20 | ||||
| -rw-r--r-- | app/controllers/api/v1/admin/domain_blocks_controller.rb | 6 | ||||
| -rw-r--r-- | app/controllers/api/v1/notifications_controller.rb | 2 |
3 files changed, 23 insertions, 5 deletions
diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index defef0656..41f3ce2ee 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -16,6 +16,26 @@ class Api::BaseController < ApplicationController protect_from_forgery with: :null_session + content_security_policy do |p| + # Set every directive that does not have a fallback + p.default_src :none + p.frame_ancestors :none + p.form_action :none + + # Disable every directive with a fallback to cut on response size + p.base_uri false + p.font_src false + p.img_src false + p.style_src false + p.media_src false + p.frame_src false + p.manifest_src false + p.connect_src false + p.script_src false + p.child_src false + p.worker_src false + end + rescue_from ActiveRecord::RecordInvalid, Mastodon::ValidationError do |e| render json: { error: e.to_s }, status: 422 end diff --git a/app/controllers/api/v1/admin/domain_blocks_controller.rb b/app/controllers/api/v1/admin/domain_blocks_controller.rb index df5b1b3fc..8b77e9717 100644 --- a/app/controllers/api/v1/admin/domain_blocks_controller.rb +++ b/app/controllers/api/v1/admin/domain_blocks_controller.rb @@ -40,10 +40,8 @@ class Api::V1::Admin::DomainBlocksController < Api::BaseController def update authorize @domain_block, :update? - @domain_block.update(domain_block_params) - severity_changed = @domain_block.severity_changed? - @domain_block.save! - DomainBlockWorker.perform_async(@domain_block.id, severity_changed) + @domain_block.update!(domain_block_params) + DomainBlockWorker.perform_async(@domain_block.id, @domain_block.severity_previously_changed?) log_action :update, @domain_block render json: @domain_block, serializer: REST::Admin::DomainBlockSerializer end diff --git a/app/controllers/api/v1/notifications_controller.rb b/app/controllers/api/v1/notifications_controller.rb index ac49167cb..a6ed359c9 100644 --- a/app/controllers/api/v1/notifications_controller.rb +++ b/app/controllers/api/v1/notifications_controller.rb @@ -40,7 +40,7 @@ class Api::V1::NotificationsController < Api::BaseController private def load_notifications - notifications = browserable_account_notifications.includes(from_account: :account_stat).to_a_paginated_by_id( + notifications = browserable_account_notifications.includes(from_account: [:account_stat, :user]).to_a_paginated_by_id( limit_param(DEFAULT_NOTIFICATIONS_LIMIT), params_slice(:max_id, :since_id, :min_id) ) |