about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/application.rb5
-rw-r--r--config/environments/production.rb11
-rw-r--r--config/routes.rb2
-rw-r--r--config/settings.yml2
4 files changed, 14 insertions, 6 deletions
diff --git a/config/application.rb b/config/application.rb
index 6bd47cd6c..ed5fdb7f7 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -68,12 +68,17 @@ module Mastodon
 
     config.active_job.queue_adapter = :sidekiq
 
+    #config.middleware.insert_before 0, Rack::Cors, debug: true, logger: (-> { Rails.logger }) do
     config.middleware.insert_before 0, Rack::Cors do
       allow do
         origins  '*'
         resource '/@:username',  headers: :any, methods: [:get], credentials: false
         resource '/api/*',       headers: :any, methods: [:post, :put, :delete, :get, :patch, :options], credentials: false, expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
         resource '/oauth/token', headers: :any, methods: [:post], credentials: false
+        resource '/assets/*', headers: :any, methods: [:get, :head, :options]
+        resource '/stylesheets/*', headers: :any, methods: [:get, :head, :options]
+        resource '/javascripts/*', headers: :any, methods: [:get, :head, :options]
+        resource '/packs/*', headers: :any, methods: [:get, :head, :options]
       end
     end
 
diff --git a/config/environments/production.rb b/config/environments/production.rb
index d9c9da684..d71e410bf 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -95,9 +95,12 @@ Rails.application.configure do
   end
 
   config.action_dispatch.default_headers = {
-    'Server'                 => 'Mastodon',
-    'X-Frame-Options'        => 'DENY',
-    'X-Content-Type-Options' => 'nosniff',
-    'X-XSS-Protection'       => '1; mode=block',
+    'Server'                  => 'Mastodon',
+    'X-Frame-Options'         => 'DENY',
+    'X-Content-Type-Options'  => 'nosniff',
+    'X-XSS-Protection'        => '1; mode=block',
+    'Content-Security-Policy' => "frame-ancestors 'none'; object-src 'none'; script-src 'self' https://dev-static.glitch.social 'unsafe-inline'; base-uri 'none';" , 
+    'Referrer-Policy'         => 'no-referrer, strict-origin-when-cross-origin',
+    'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload'
   }
 end
diff --git a/config/routes.rb b/config/routes.rb
index dda3534eb..33077986c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -175,7 +175,7 @@ Rails.application.routes.draw do
         end
       end
 
-      resources :notifications, only: [:index, :show] do
+      resources :notifications, only: [:index, :show, :destroy] do
         collection do
           post :clear
           post :dismiss
diff --git a/config/settings.yml b/config/settings.yml
index d239fb6a6..d677e1f84 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -7,7 +7,7 @@
 # For more information, see docs/Running-Mastodon/Administration-guide.md
 #
 defaults: &defaults
-  site_title: Mastodon
+  site_title: 'dev.glitch.social'
   site_description: ''
   site_extended_description: ''
   site_terms: ''
generated by cgit-pink (git 2.37.1) at 2024-11-25 22:39:09 +0000