diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2020-05-10 15:15:39 +0200 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2020-05-10 16:19:56 +0200 |
| commit | 4a70792b4a8393a0cfd83a7e70f72179899111fa (patch) | |
| tree | d340885b5dfb0f990c81b1a29f529a258c49d591 /config | |
| parent | c6ff4c634caf718adf7280e04909c091d15add1d (diff) | |
| parent | 4b766f984689311523b89e1b68d2a11dff3fc396 (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Conflicts: - `Gemfile.lock`: Not a real conflict, just a glitch-soc-only dependency too close to a dependency that got updated upstream. Updated as well. - `app/models/status.rb`: Not a real conflict, just a change too close to glitch-soc-changed code for optionally showing boosts in public timelines. Applied upstream changes. - `app/views/layouts/application.html.haml`: Upstream a new, static CSS file, conflict due to glitch-soc's theming system, include the file regardless of the theme. - `config/initializers/content_security_policy.rb`: Upstream dropped 'unsafe-inline' from the 'style-src' directive, but both files are very different. Removed 'unsafe-inline' as well.
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 1 | ||||
| -rw-r--r-- | config/deploy.rb | 20 | ||||
| -rw-r--r-- | config/initializers/content_security_policy.rb | 7 | ||||
| -rw-r--r-- | config/initializers/http_client_proxy.rb | 20 | ||||
| -rw-r--r-- | config/initializers/inflections.rb | 2 | ||||
| -rw-r--r-- | config/locales/en.yml | 4 | ||||
| -rw-r--r-- | config/pghero.yml | 2 | ||||
| -rw-r--r-- | config/routes.rb | 2 |
8 files changed, 42 insertions, 16 deletions
diff --git a/config/application.rb b/config/application.rb index 4c34efa15..d1980cd68 100644 --- a/config/application.rb +++ b/config/application.rb @@ -106,6 +106,7 @@ module Mastodon :tr, :uk, :ur, + :vi, :'zh-CN', :'zh-HK', :'zh-TW', diff --git a/config/deploy.rb b/config/deploy.rb index 79550baed..76e6b2815 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -lock '3.12.1' +lock '3.14.0' set :repo_url, ENV.fetch('REPO', 'https://github.com/tootsuite/mastodon.git') set :branch, ENV.fetch('BRANCH', 'master') @@ -12,3 +12,21 @@ set :migration_role, :app append :linked_files, '.env.production', 'public/robots.txt' append :linked_dirs, 'vendor/bundle', 'node_modules', 'public/system' + +namespace :systemd do + %i[sidekiq streaming web].each do |service| + %i[reload restart status].each do |action| + desc "Perform a #{action} on #{service} service" + task "#{service}:#{action}".to_sym do + on roles(:app) do + # runs e.g. "sudo restart mastodon-sidekiq.service" + sudo :systemctl, action, "#{fetch(:application)}-#{service}.service" + end + end + end + end +end + +after 'deploy:publishing', 'systemd:web:reload' +after 'deploy:publishing', 'systemd:sidekiq:restart' +after 'deploy:publishing', 'systemd:streaming:restart' diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d1e6701e2..a76db6fe5 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -34,7 +34,7 @@ if Rails.env.production? p.script_src :self, assets_host p.font_src :self, assets_host p.img_src :self, :data, :blob, *data_hosts - p.style_src :self, :unsafe_inline, assets_host + p.style_src :self, assets_host p.media_src :self, :data, *data_hosts p.frame_src :self, :https p.child_src :self, :blob, assets_host @@ -48,3 +48,8 @@ end # For further information see the following documentation: # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only # Rails.application.config.content_security_policy_report_only = true + +PgHero::HomeController.content_security_policy do |p| + p.script_src :self, :unsafe_inline, assets_host + p.style_src :self, :unsafe_inline, assets_host +end diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb index 9d7b16e69..7a9b7b86d 100644 --- a/config/initializers/http_client_proxy.rb +++ b/config/initializers/http_client_proxy.rb @@ -1,24 +1,22 @@ Rails.application.configure do config.x.http_client_proxy = {} + if ENV['http_proxy'].present? proxy = URI.parse(ENV['http_proxy']) + raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme raise "No proxy host" unless proxy.host host = proxy.host host = host[1...-1] if host[0] == '[' # for IPv6 address - config.x.http_client_proxy[:proxy] = { proxy_address: host, proxy_port: proxy.port, proxy_username: proxy.user, proxy_password: proxy.password }.compact + + config.x.http_client_proxy[:proxy] = { + proxy_address: host, + proxy_port: proxy.port, + proxy_username: proxy.user, + proxy_password: proxy.password, + }.compact end config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' end - -module Goldfinger - def self.finger(uri, opts = {}) - to_hidden = /\.(onion|i2p)(:\d+)?$/.match(uri) - raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && to_hidden - opts = { ssl: !to_hidden, headers: {} }.merge(Rails.configuration.x.http_client_proxy).merge(opts) - opts[:headers]['User-Agent'] ||= Mastodon::Version.user_agent - Goldfinger::Client.new(uri, opts).finger - end -end diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index c65153b0a..0667a542c 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -19,4 +19,6 @@ ActiveSupport::Inflector.inflections(:en) do |inflect| inflect.acronym 'ActivityStreams' inflect.acronym 'JsonLd' inflect.acronym 'NodeInfo' + + inflect.singular 'data', 'data' end diff --git a/config/locales/en.yml b/config/locales/en.yml index edb7bb684..5b61c9106 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -858,12 +858,14 @@ en: invalid_token: Keybase tokens are hashes of signatures and must be 66 hex characters verification_failed: Keybase does not recognize this token as a signature of Keybase user %{kb_username}. Please retry from Keybase. wrong_user: Cannot create a proof for %{proving} while logged in as %{current}. Log in as %{proving} and try again. - explanation_html: Here you can cryptographically connect your other identities, such as a Keybase profile. This lets other people send you encrypted messages and trust content you send them. + explanation_html: Here you can cryptographically connect your other identities from other platforms, such as Keybase. This lets other people send you encrypted messages on those platforms and allows them to trust that the content you send them comes from you. i_am_html: I am %{username} on %{service}. identity: Identity inactive: Inactive publicize_checkbox: 'And toot this:' publicize_toot: 'It is proven! I am %{username} on %{service}: %{url}' + remove: Remove proof from account + removed: Successfully removed proof from account status: Verification status view_proof: View proof imports: diff --git a/config/pghero.yml b/config/pghero.yml index 244245d0d..84d0d7eef 100644 --- a/config/pghero.yml +++ b/config/pghero.yml @@ -38,4 +38,4 @@ databases: # aws_secret_access_key: ... # aws_region: us-east-1 -override_csp: true +override_csp: false diff --git a/config/routes.rb b/config/routes.rb index 2ebe12f5c..42f2f0f7f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -130,7 +130,7 @@ Rails.application.routes.draw do resource :confirmation, only: [:new, :create] end - resources :identity_proofs, only: [:index, :show, :new, :create, :update] + resources :identity_proofs, only: [:index, :new, :create, :destroy] resources :applications, except: [:edit] do member do |