about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/environments/production.rb10
-rw-r--r--config/initializers/content_security_policy.rb4
-rw-r--r--config/locales/simple_form.en.yml2
3 files changed, 8 insertions, 8 deletions
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 00571a35a..d617a297a 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -105,11 +105,11 @@ Rails.application.configure do
 
   config.action_dispatch.default_headers = {
     'Server'                  => 'Mastodon',
-    'X-Frame-Options'         => 'DENY',
-    'X-Content-Type-Options'  => 'nosniff',
-    'X-XSS-Protection'        => '1; mode=block',
-    'Referrer-Policy'         => 'same-origin',
-    'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
+    #'X-Frame-Options'         => 'DENY',
+    #'X-Content-Type-Options'  => 'nosniff',
+    #'X-XSS-Protection'        => '1; mode=block',
+    #'Referrer-Policy'         => 'same-origin',
+    #'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
     'X-Clacks-Overhead' => 'GNU Natalie Nguyen'
 
   }
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 269a7d1c9..221afab93 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -33,9 +33,9 @@ if Rails.env.production?
     p.frame_ancestors :none
     p.script_src      :self, assets_host
     p.font_src        :self, assets_host
-    p.img_src         :self, :data, :blob, *data_hosts
+    p.img_src         :self, :data, :blob, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com"
     p.style_src       :self, :unsafe_inline, assets_host
-    p.media_src       :self, :data, *data_hosts
+    p.media_src       :self, :data, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com"
     p.frame_src       :self, :https
     p.worker_src      :self, :blob, assets_host
     p.connect_src     :self, :blob, :data, Rails.configuration.x.streaming_api_base_url, *data_hosts
diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml
index ca105defa..c6a301804 100644
--- a/config/locales/simple_form.en.yml
+++ b/config/locales/simple_form.en.yml
@@ -65,7 +65,7 @@ en:
       imports:
         data: CSV file exported from another Mastodon server
       invite_request:
-        text: This will help us review your application
+        text: 'If you are interested in signing up, please put whether you are a plural system or singlet in the "Why do you want to join" box. This is purely to ward off spam bots. If this is not answered, your request to join the instance will be rejected.'
       sessions:
         otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:'
       tag: