Age | Commit message (Collapse) | Author |
|
Right now, this includes three endpoints: host-meta, webfinger, and change-password.
host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser.
change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled.
The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.
|
|
|
|
* Add consistent interpolations check to CircleCI
* Fix locale strings using wrong variables
|
|
|
|
* Update i18n-tasks to feature-missing-plural-keys
* Fix pluralizations with missing keys in Arabic
Fix #8554
* Add i18n-tasks missing-plural-keys to CircleCI
|
|
Fix #2350
|
|
Fix #8918
|
|
Bumps [capybara](https://github.com/teamcapybara/capybara) from 3.9.0 to 3.10.0.
- [Release notes](https://github.com/teamcapybara/capybara/releases)
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md)
- [Commits](https://github.com/teamcapybara/capybara/compare/3.9.0...3.10.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 3.8.0 to 3.8.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v3.8.0...v3.8.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.26 to 0.9.27.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.26...v0.9.27)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
Fix #9057
|
|
Bumps [i18n-tasks](https://github.com/glebm/i18n-tasks) from 0.9.25 to 0.9.26.
- [Release notes](https://github.com/glebm/i18n-tasks/releases)
- [Changelog](https://github.com/glebm/i18n-tasks/blob/master/CHANGES.md)
- [Commits](https://github.com/glebm/i18n-tasks/compare/v0.9.25...v0.9.26)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.23.0 to 2.24.0.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.23.0...v2.24.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
|
|
Fix #9034
|
|
Reminder: Suggestions were added in #7918 and are based on who you
interact with who you do not follow. E.g. if you boost someone a lot
from seeing other people's boosts of that person, it makes sense you
might be interested in following the original source; or if you reply
to someone a lot, maybe you'd want to follow them
Each suggestion can be dismissed
|
|
Too many databases were lost to this
|
|
This reverts commit c7e9f9ff1ed1def7f14f6ca4ac2836005eeefa47.
|
|
Fix #8889
|
|
Fix #8741
|
|
* RTL: remove blank character inside bdi
* Update app/javascript/mastodon/components/display_name.js
Co-Authored-By: mabkenar <ampbox@gmail.com>
|
|
* Delete first 9 accounts on dead servers
* Clean up code by moving dead server culling to the end
|
|
Fixes #9045
|
|
|
|
* RTL: fix admin account avatar margin in about page
* fix code style
|
|
|
|
|
|
|
|
* Fix position of the domain label
* Fix position of the domain label for RTL
- Fix color mismatch of linear gradient which assigned to "::after" pseudo class
|
|
* Bump version to 2.6.0rc1
* Update AUTHORS.md
* Update CHANGELOG.md
|
|
and use 'if' option of context block
|
|
|
|
* Do not test PAM authentication by default
* Disable PAM tests if PAM is not enabled
|
|
* Add "disable" button to report screen
* i18n-tasks remove-unused
|
|
Previously, the server would attempt taking port/socket in worker
process, and if it was taken, fail, which made the master process
create a new worker. This led to really high CPU usage if the
streaming API was started when the port or socket were not
available.
Now, before clustering (forking) into worker processes, a test
server is created and then removed to check if it can be done.
|
|
|
|
|
|
|
|
Bumps [strong_migrations](https://github.com/ankane/strong_migrations) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/ankane/strong_migrations/releases)
- [Changelog](https://github.com/ankane/strong_migrations/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ankane/strong_migrations/compare/v0.3.0...v0.3.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
* Improve README
* Update README.md
* Update README.md
* Update README.md
* Update README.md
|
|
* Update CONTRIBUTING.md
* Update CONTRIBUTING.md
* Update CONTRIBUTING.md
* Update CONTRIBUTING.md
|
|
Bumps [tzinfo-data](https://github.com/tzinfo/tzinfo-data) from 1.2018.5 to 1.2018.6.
- [Release notes](https://github.com/tzinfo/tzinfo-data/releases)
- [Commits](https://github.com/tzinfo/tzinfo-data/compare/v1.2018.5...v1.2018.6)
Signed-off-by: dependabot[bot] <support@dependabot.com>
|
|
|
|
|
|
|
|
* Use Ruby 2.5.2
* Specify 2.5.2p104 as RUBY VERSION
Heorku refers to RUBY VERSION in Gemfile.lock
* Use ruby-2.5.3
|
|
|
|
|
|
|
|
* Do not show "limited" visibility in default visibility preference
Fix regression from #8950
* Fix code style issue
|