diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/api/web/base_controller.rb | 9 | ||||
-rw-r--r-- | app/controllers/api/web/embeds_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/api/web/push_subscriptions_controller.rb | 3 | ||||
-rw-r--r-- | app/controllers/api/web/settings_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/home_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/statuses_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/stream_entries_controller.rb | 3 |
7 files changed, 25 insertions, 6 deletions
diff --git a/app/controllers/api/web/base_controller.rb b/app/controllers/api/web/base_controller.rb new file mode 100644 index 000000000..8da549b3a --- /dev/null +++ b/app/controllers/api/web/base_controller.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +class Api::Web::BaseController < Api::BaseController + protect_from_forgery with: :exception + + rescue_from ActionController::InvalidAuthenticityToken do + render json: { error: "Can't verify CSRF token authenticity." }, status: 422 + end +end diff --git a/app/controllers/api/web/embeds_controller.rb b/app/controllers/api/web/embeds_controller.rb index 2ed516161..f2fe74b17 100644 --- a/app/controllers/api/web/embeds_controller.rb +++ b/app/controllers/api/web/embeds_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Web::EmbedsController < Api::BaseController +class Api::Web::EmbedsController < Api::Web::BaseController respond_to :json before_action :require_user! diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb index c611031ab..249e7c186 100644 --- a/app/controllers/api/web/push_subscriptions_controller.rb +++ b/app/controllers/api/web/push_subscriptions_controller.rb @@ -1,10 +1,9 @@ # frozen_string_literal: true -class Api::Web::PushSubscriptionsController < Api::BaseController +class Api::Web::PushSubscriptionsController < Api::Web::BaseController respond_to :json before_action :require_user! - protect_from_forgery with: :exception def create active_session = current_session diff --git a/app/controllers/api/web/settings_controller.rb b/app/controllers/api/web/settings_controller.rb index f6739d506..e3178bf48 100644 --- a/app/controllers/api/web/settings_controller.rb +++ b/app/controllers/api/web/settings_controller.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -class Api::Web::SettingsController < Api::BaseController +class Api::Web::SettingsController < Api::Web::BaseController respond_to :json before_action :require_user! diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index a8ec0dcc9..6e331dd2d 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -2,7 +2,9 @@ class HomeController < ApplicationController before_action :authenticate_user! + before_action :set_pack + before_action :set_referrer_policy_header before_action :set_initial_state_json def index @@ -67,4 +69,8 @@ class HomeController < ApplicationController about_path end end + + def set_referrer_policy_header + response.headers['Referrer-Policy'] = 'origin' + end end diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 17fbaa62c..3237a15b9 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -13,6 +13,7 @@ class StatusesController < ApplicationController before_action :set_link_headers before_action :check_account_suspension before_action :redirect_to_original, only: [:show] + before_action :set_referrer_policy_header, only: [:show] before_action :set_cache_headers def show @@ -83,4 +84,9 @@ class StatusesController < ApplicationController def redirect_to_original redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog? end + + def set_referrer_policy_header + return if @status.public_visibility? || @status.unlisted_visibility? + response.headers['Referrer-Policy'] = 'origin' + end end diff --git a/app/controllers/stream_entries_controller.rb b/app/controllers/stream_entries_controller.rb index e2ea45c83..44e9c0bb8 100644 --- a/app/controllers/stream_entries_controller.rb +++ b/app/controllers/stream_entries_controller.rb @@ -16,8 +16,7 @@ class StreamEntriesController < ApplicationController respond_to do |format| format.html do use_pack 'public' - @ancestors = @stream_entry.activity.reply? ? cache_collection(@stream_entry.activity.ancestors(current_account), Status) : [] - @descendants = cache_collection(@stream_entry.activity.descendants(current_account), Status) + redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) if @type == 'status' end format.atom do |