diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/environments/production.rb | 10 | ||||
-rw-r--r-- | config/initializers/content_security_policy.rb | 4 | ||||
-rw-r--r-- | config/locales/simple_form.en.yml | 2 |
3 files changed, 8 insertions, 8 deletions
diff --git a/config/environments/production.rb b/config/environments/production.rb index c2e8210f8..60219dae1 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -106,11 +106,11 @@ Rails.application.configure do config.action_dispatch.default_headers = { 'Server' => 'Mastodon', - 'X-Frame-Options' => 'DENY', - 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1; mode=block', - 'Referrer-Policy' => 'same-origin', - 'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload', + #'X-Frame-Options' => 'DENY', + #'X-Content-Type-Options' => 'nosniff', + #'X-XSS-Protection' => '1; mode=block', + #'Referrer-Policy' => 'same-origin', + #'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload', 'X-Clacks-Overhead' => 'GNU Natalie Nguyen' } diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 68d3751fc..a0d48eafd 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -33,9 +33,9 @@ if Rails.env.production? p.frame_ancestors :none p.script_src :self, assets_host p.font_src :self, assets_host - p.img_src :self, :data, :blob, *data_hosts + p.img_src :self, :data, :blob, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com" p.style_src :self, assets_host - p.media_src :self, :data, *data_hosts + p.media_src :self, :data, *data_hosts, "pool.jortage.com", "blob.jortage.com", "s3-us-east-2.amazonaws.com" p.frame_src :self, :https p.child_src :self, :blob, assets_host p.worker_src :self, :blob, assets_host diff --git a/config/locales/simple_form.en.yml b/config/locales/simple_form.en.yml index 0a8a6fd62..78735e9c3 100644 --- a/config/locales/simple_form.en.yml +++ b/config/locales/simple_form.en.yml @@ -64,7 +64,7 @@ en: imports: data: CSV file exported from another Mastodon server invite_request: - text: This will help us review your application + text: 'If you are interested in signing up, please put whether you are a plural system or singlet in the "Why do you want to join" box. This is purely to ward off spam bots. If this is not answered, your request to join the instance will be rejected.' sessions: otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:' tag: |