Merge branch 'glitch'

7 files changed, 31 insertions, 22 deletions

diff --git a/config/initializers/1_hosts.rb b/config/initializers/1_hosts.rb
index 757f1f735..eaf6e0181 100644
--- a/config/initializers/1_hosts.rb
+++ b/config/initializers/1_hosts.rb
@@ -4,7 +4,7 @@ port     = ENV.fetch('PORT') { 3000 }
 host     = ENV.fetch('LOCAL_DOMAIN') { "localhost:#{port}" }
 web_host = ENV.fetch('WEB_DOMAIN') { host }
 
-alternate_domains = ENV.fetch('ALTERNATE_DOMAINS') { '' }
+alternate_domains = ENV.fetch('ALTERNATE_DOMAINS') { '' }.split(/\s*,\s*/)
 
 Rails.application.configure do
   https = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'
@@ -15,7 +15,7 @@ Rails.application.configure do
   config.x.use_s3       = ENV['S3_ENABLED'] == 'true'
   config.x.use_swift    = ENV['SWIFT_ENABLED'] == 'true'
 
-  config.x.alternate_domains = alternate_domains.split(/\s*,\s*/)
+  config.x.alternate_domains = alternate_domains
 
   config.action_mailer.default_url_options = { host: web_host, protocol: https ? 'https://' : 'http://', trailing_slash: false }
 
@@ -26,4 +26,10 @@ Rails.application.configure do
       "ws://#{ENV['REMOTE_DEV'] == 'true' ? host.split(':').first : 'localhost'}:4000"
     end
   end
+
+  unless Rails.env.test?
+    config.hosts << host if host.present?
+    config.hosts << web_host if web_host.present?
+    config.hosts.concat(alternate_domains) if alternate_domains.present?
+  end
 end
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 4d5b8f6ef..a5eed5db2 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -53,11 +53,13 @@ Rails.application.config.content_security_policy_nonce_generator = -> request {
 
 Rails.application.config.content_security_policy_nonce_directives = %w(style-src)
 
-PgHero::HomeController.content_security_policy do |p|
-  p.script_src :self, :unsafe_inline, assets_host
-  p.style_src  :self, :unsafe_inline, assets_host
-end
+Rails.application.reloader.to_prepare do
+  PgHero::HomeController.content_security_policy do |p|
+    p.script_src :self, :unsafe_inline, assets_host
+    p.style_src  :self, :unsafe_inline, assets_host
+  end
 
-PgHero::HomeController.after_action do
-  request.content_security_policy_nonce_generator = nil
+  PgHero::HomeController.after_action do
+    request.content_security_policy_nonce_generator = nil
+  end
 end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 63cff7c59..f78db8653 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -52,6 +52,11 @@ Doorkeeper.configure do
   # Issue access tokens with refresh token (disabled by default)
   # use_refresh_token
 
+  # Forbids creating/updating applications with arbitrary scopes that are
+  # not in configuration, i.e. `default_scopes` or `optional_scopes`.
+  # (Disabled by default)
+  enforce_configured_scopes
+
   # Provide support for an owner to be assigned to each registered application (disabled by default)
   # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
   # a registered application
diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb
index 9ad7fd814..e2a045647 100644
--- a/config/initializers/paperclip.rb
+++ b/config/initializers/paperclip.rb
@@ -112,7 +112,9 @@ else
   )
 end
 
-Paperclip.options[:content_type_mappings] = { csv: Import::FILE_TYPES }
+Rails.application.reloader.to_prepare do
+  Paperclip.options[:content_type_mappings] = { csv: Import::FILE_TYPES }
+end
 
 # In some places in the code, we rescue this exception, but we don't always
 # load the S3 library, so it may be an undefined constant:
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index e5d1be4c6..3d9bf96fd 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,7 +1,6 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, {
+Rails.application.config.session_store :cookie_store,
   key: '_mastodon_session',
   secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
-  same_site: :lax,
-}
+  same_site: :lax
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index fc85a3913..219554df4 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -1,14 +1,7 @@
 # frozen_string_literal: true
 
-namespace    = ENV.fetch('REDIS_NAMESPACE') { nil }
-redis_params = { url: ENV['REDIS_URL'], driver: :hiredis }
-
-if namespace
-  redis_params[:namespace] = namespace
-end
-
 Sidekiq.configure_server do |config|
-  config.redis = redis_params
+  config.redis = REDIS_SIDEKIQ_PARAMS
 
   config.server_middleware do |chain|
     chain.add SidekiqErrorHandler
@@ -26,7 +19,7 @@ Sidekiq.configure_server do |config|
 end
 
 Sidekiq.configure_client do |config|
-  config.redis = redis_params
+  config.redis = REDIS_SIDEKIQ_PARAMS
 
   config.client_middleware do |chain|
     chain.add SidekiqUniqueJobs::Middleware::Client
diff --git a/config/initializers/suppress_csrf_warnings.rb b/config/initializers/suppress_csrf_warnings.rb
index 410ab585b..b86adc6f1 100644
--- a/config/initializers/suppress_csrf_warnings.rb
+++ b/config/initializers/suppress_csrf_warnings.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 
-ActionController::Base.log_warning_on_csrf_failure = false
+Rails.application.reloader.to_prepare do
+  ActionController::Base.log_warning_on_csrf_failure = false
+end