Merge remote-tracking branch 'glitch/main'

2 files changed, 9 insertions, 3 deletions

diff --git a/config/initializers/chewy.rb b/config/initializers/chewy.rb
index f303fc54d..752fc3c6d 100644
--- a/config/initializers/chewy.rb
+++ b/config/initializers/chewy.rb
@@ -13,15 +13,14 @@ Chewy.settings = {
   journal: false,
   user: user,
   password: password,
-  sidekiq: { queue: 'pull' },
 }
 
 # We use our own async strategy even outside the request-response
 # cycle, which takes care of checking if Elasticsearch is enabled
 # or not. However, mind that for the Rails console, the :urgent
 # strategy is set automatically with no way to override it.
-Chewy.root_strategy              = :custom_sidekiq
-Chewy.request_strategy           = :custom_sidekiq
+Chewy.root_strategy              = :mastodon
+Chewy.request_strategy           = :mastodon
 Chewy.use_after_commit_callbacks = false
 
 module Chewy
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index f78db8653..84b649f5c 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -128,6 +128,13 @@ Doorkeeper.configure do
   #
   force_ssl_in_redirect_uri false
 
+  # Specify what redirect URI's you want to block during Application creation.
+  # Any redirect URI is whitelisted by default.
+  #
+  # You can use this option in order to forbid URI's with 'javascript' scheme
+  # for example.
+  forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) }
+
   # Specify what grant flows are enabled in array of Strings. The valid
   # strings and the flows they enable are:
   #