diff options
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | Gemfile.lock | 17 | ||||
| -rw-r--r-- | app/controllers/api_controller.rb | 8 | ||||
| -rw-r--r-- | app/views/layouts/application.html.haml | 5 | ||||
| -rw-r--r-- | config/application.rb | 6 | ||||
| -rw-r--r-- | config/database.yml | 2 | ||||
| -rw-r--r-- | config/environments/production.rb | 7 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 2 | ||||
| -rw-r--r-- | config/puma.rb | 8 | ||||
| -rw-r--r-- | public/android-chrome-192x192.png | bin | 0 -> 14577 bytes | |||
| -rw-r--r-- | public/apple-touch-icon.png | bin | 0 -> 11810 bytes | |||
| -rw-r--r-- | public/browserconfig.xml | 9 | ||||
| -rw-r--r-- | public/manifest.json | 14 | ||||
| -rw-r--r-- | public/mstile-150x150.png | bin | 0 -> 6916 bytes |
14 files changed, 72 insertions, 7 deletions
diff --git a/Gemfile b/Gemfile index 1cab16a39..f97d42cdf 100644 --- a/Gemfile +++ b/Gemfile @@ -69,4 +69,5 @@ end group :production do gem 'rails_12factor' gem 'lograge' + gem 'redis-rails' end diff --git a/Gemfile.lock b/Gemfile.lock index be3f699ee..9afb47788 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -256,6 +256,22 @@ GEM railties (>= 3.2) tilt redis (3.3.1) + redis-actionpack (5.0.0) + actionpack (>= 4.0.0, < 6) + redis-rack (~> 2.0.0.pre) + redis-store (~> 1.2.0.pre) + redis-activesupport (5.0.1) + activesupport (>= 3, < 6) + redis-store (~> 1.2.0) + redis-rack (2.0.0) + rack (~> 2.0) + redis-store (~> 1.2.0) + redis-rails (5.0.1) + redis-actionpack (~> 5.0.0) + redis-activesupport (~> 5.0.0) + redis-store (~> 1.2.0) + redis-store (1.2.0) + redis (>= 2.2) ref (2.0.0) responders (2.3.0) railties (>= 4.2.0, < 5.1) @@ -396,6 +412,7 @@ DEPENDENCIES rails_autolink react-rails redis (~> 3.2) + redis-rails rspec-rails rspec-sidekiq rubocop diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index 0776f4ce8..273aaff85 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -4,6 +4,7 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token before_action :set_rate_limit_headers + before_action :set_cors_headers rescue_from ActiveRecord::RecordInvalid do |e| render json: { error: e.to_s }, status: 422 @@ -46,6 +47,13 @@ class ApiController < ApplicationController response.headers['X-RateLimit-Reset'] = (now + (match_data[:period] - now.to_i % match_data[:period])).to_s end + def set_cors_headers + response.headers['Access-Control-Allow-Origin'] = '*' + response.headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS' + response.headers['Access-Control-Request-Method'] = '*' + response.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization' + end + def current_resource_owner User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 89c7b14c4..3ec743768 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -5,6 +5,11 @@ %meta{:name => 'viewport', :content => 'width=device-width, initial-scale=1'}/ %meta{'http-equiv' => 'X-UA-Compatible', :content => 'IE=edge'}/ + %link{:rel => "apple-touch-icon", :sizes => "180x180", :href => "/assets/apple-touch-icon.png"}/ + %link{:rel => "manifest", :href => "/assets/manifest.json"}/ + %meta{:name => "msapplication-config", :content => "/assets/browserconfig.xml"}/ + %meta{:name => "theme-color", :content => "#ffffff"}/ + %title = "#{yield(:page_title)} - " if content_for?(:page_title) Mastodon diff --git a/config/application.rb b/config/application.rb index d6a3aab15..552f4ec11 100644 --- a/config/application.rb +++ b/config/application.rb @@ -36,5 +36,11 @@ module Mastodon config.to_prepare do Doorkeeper::AuthorizationsController.layout 'auth' end + + config.action_dispatch.default_headers = { + 'X-Frame-Options' => 'DENY', + 'X-Content-Type-Options' => 'nosniff', + 'X-XSS-Protection' => '1; mode=block' + } end end diff --git a/config/database.yml b/config/database.yml index e0df97ad2..52c26f599 100644 --- a/config/database.yml +++ b/config/database.yml @@ -1,6 +1,6 @@ default: &default adapter: postgresql - pool: 17 + pool: <%= ENV["DB_POOL"] || ENV['RAILS_MAX_THREADS'] || 5 %> timeout: 5000 encoding: unicode diff --git a/config/environments/production.rb b/config/environments/production.rb index b90505f68..f2071f7a2 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -45,7 +45,12 @@ Rails.application.configure do # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) # Use a different cache store in production. - config.cache_store = :memory_store, { size: 128.megabytes } + config.cache_store = :redis_store, { + host: ENV['REDIS_HOST'] || 'localhost', + port: ENV['REDIS_PORT'] || 6379, + db: 0, + namespace: 'cache' + } # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.action_controller.asset_host = 'http://assets.example.com' diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 85983d259..ef61543a8 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,3 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cookie_store, key: '_mastodon_session' +Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (ENV['LOCAL_HTTPS'] == 'true') diff --git a/config/puma.rb b/config/puma.rb index e8212125f..ad2dbfffd 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -30,7 +30,7 @@ workers ENV.fetch("WEB_CONCURRENCY") { 2 } # you need to make sure to reconnect any threads in the `on_worker_boot` # block. # -# preload_app! +preload_app! # The code in the `on_worker_boot` will be called if you are using # clustered mode by specifying a number of `workers`. After each worker @@ -39,9 +39,9 @@ workers ENV.fetch("WEB_CONCURRENCY") { 2 } # or connections that may have been created at application boot, Ruby # cannot share connections between processes. # -# on_worker_boot do -# ActiveRecord::Base.establish_connection if defined?(ActiveRecord) -# end +on_worker_boot do + ActiveRecord::Base.establish_connection if defined?(ActiveRecord) +end # Allow puma to be restarted by `rails restart` command. plugin :tmp_restart diff --git a/public/android-chrome-192x192.png b/public/android-chrome-192x192.png new file mode 100644 index 000000000..f059bbc46 --- /dev/null +++ b/public/android-chrome-192x192.png Binary files differdiff --git a/public/apple-touch-icon.png b/public/apple-touch-icon.png new file mode 100644 index 000000000..c1a191302 --- /dev/null +++ b/public/apple-touch-icon.png Binary files differdiff --git a/public/browserconfig.xml b/public/browserconfig.xml new file mode 100644 index 000000000..77318233c --- /dev/null +++ b/public/browserconfig.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="utf-8"?> +<browserconfig> + <msapplication> + <tile> + <square150x150logo src="/assets/mstile-150x150.png"/> + <TileColor>#2b5797</TileColor> + </tile> + </msapplication> +</browserconfig> diff --git a/public/manifest.json b/public/manifest.json new file mode 100644 index 000000000..173270f03 --- /dev/null +++ b/public/manifest.json @@ -0,0 +1,14 @@ +{ + "name": "Mastodon", + "description": "Mastodon is a free, open-source social network server.", + "icons": [ + { + "src": "\/assets\/android-chrome-192x192.png", + "sizes": "192x192", + "type": "image\/png" + } + ], + "theme_color": "#ffffff", + "display": "standalone", + "start_url": "/#/statuses/home" +} diff --git a/public/mstile-150x150.png b/public/mstile-150x150.png new file mode 100644 index 000000000..57eae8355 --- /dev/null +++ b/public/mstile-150x150.png Binary files differ |
