diff options
author | Thibaut Girka <thib@sitedethib.com> | 2020-05-10 15:15:39 +0200 |
---|---|---|
committer | Thibaut Girka <thib@sitedethib.com> | 2020-05-10 16:19:56 +0200 |
commit | 4a70792b4a8393a0cfd83a7e70f72179899111fa (patch) | |
tree | d340885b5dfb0f990c81b1a29f529a258c49d591 /config/initializers | |
parent | c6ff4c634caf718adf7280e04909c091d15add1d (diff) | |
parent | 4b766f984689311523b89e1b68d2a11dff3fc396 (diff) |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `Gemfile.lock`: Not a real conflict, just a glitch-soc-only dependency too close to a dependency that got updated upstream. Updated as well. - `app/models/status.rb`: Not a real conflict, just a change too close to glitch-soc-changed code for optionally showing boosts in public timelines. Applied upstream changes. - `app/views/layouts/application.html.haml`: Upstream a new, static CSS file, conflict due to glitch-soc's theming system, include the file regardless of the theme. - `config/initializers/content_security_policy.rb`: Upstream dropped 'unsafe-inline' from the 'style-src' directive, but both files are very different. Removed 'unsafe-inline' as well.
Diffstat (limited to 'config/initializers')
-rw-r--r-- | config/initializers/content_security_policy.rb | 7 | ||||
-rw-r--r-- | config/initializers/http_client_proxy.rb | 20 | ||||
-rw-r--r-- | config/initializers/inflections.rb | 2 |
3 files changed, 17 insertions, 12 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d1e6701e2..a76db6fe5 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -34,7 +34,7 @@ if Rails.env.production? p.script_src :self, assets_host p.font_src :self, assets_host p.img_src :self, :data, :blob, *data_hosts - p.style_src :self, :unsafe_inline, assets_host + p.style_src :self, assets_host p.media_src :self, :data, *data_hosts p.frame_src :self, :https p.child_src :self, :blob, assets_host @@ -48,3 +48,8 @@ end # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only # Rails.application.config.content_security_policy_report_only = true + +PgHero::HomeController.content_security_policy do |p| + p.script_src :self, :unsafe_inline, assets_host + p.style_src :self, :unsafe_inline, assets_host +end diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb index 9d7b16e69..7a9b7b86d 100644 --- a/config/initializers/http_client_proxy.rb +++ b/config/initializers/http_client_proxy.rb @@ -1,24 +1,22 @@ Rails.application.configure do config.x.http_client_proxy = {} + if ENV['http_proxy'].present? proxy = URI.parse(ENV['http_proxy']) + raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme raise "No proxy host" unless proxy.host host = proxy.host host = host[1...-1] if host[0] == '[' # for IPv6 address - config.x.http_client_proxy[:proxy] = { proxy_address: host, proxy_port: proxy.port, proxy_username: proxy.user, proxy_password: proxy.password }.compact + + config.x.http_client_proxy[:proxy] = { + proxy_address: host, + proxy_port: proxy.port, + proxy_username: proxy.user, + proxy_password: proxy.password, + }.compact end config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' end - -module Goldfinger - def self.finger(uri, opts = {}) - to_hidden = /\.(onion|i2p)(:\d+)?$/.match(uri) - raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && to_hidden - opts = { ssl: !to_hidden, headers: {} }.merge(Rails.configuration.x.http_client_proxy).merge(opts) - opts[:headers]['User-Agent'] ||= Mastodon::Version.user_agent - Goldfinger::Client.new(uri, opts).finger - end -end diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index c65153b0a..0667a542c 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -19,4 +19,6 @@ ActiveSupport::Inflector.inflections(:en) do |inflect| inflect.acronym 'ActivityStreams' inflect.acronym 'JsonLd' inflect.acronym 'NodeInfo' + + inflect.singular 'data', 'data' end |