about summary refs log tree commit diff
path: root/app/controllers/oauth/authorizations_controller.rb
AgeCommit message (Collapse)Author
2022-11-17Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-11-17Fix OAuth flow being broken by recent CSP change (#20958)Claire
2022-11-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
Conflicts: - `config/initializers/content_security_policy.rb`: Our config file is pretty different from upstream. Upstream changed CSP directive `script-src` to include `wasm-unsafe-eval` instead of `unsafe-eval`, which we did not include. Added `wasm-unsafe-eval` to `script-src` to fix execution of the OCR web worker. - `package.json`: Upstream updated a dependency (`array-includes`) textually adjacent to a glitch-soc-only dependency (`atrament`). Updated `array-includes` as upstream did.
2022-11-16Add 'private' to Cache-Control, match Rails expectations (#20608)Daniel Axtens
Several controlers set quite intricate Cache-Control headers in order to hopefully not be cached by any intermediate proxies or local caches. Unfortunately, these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes and discards any values set alongside no-store other than private: https://github.com/rails/rails/blob/8015c2c2cf5c8718449677570f372ceb01318a32/actionpack/lib/action_dispatch/http/cache.rb#L207-L209 We want to preserve no-store on these responses, but we might as well remove parts that are going to be dropped anyway. As many of the endpoints in these controllers are private to a particular user, we should also add "private", which will be preserved alongside no-store.
2020-01-04Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/application_controller.rb`: Conflict due to theming system. - `app/controllers/oauth/authorizations_controller.rb`: Conflict due to theming system.
2019-12-30Fix settings pages being cacheable by the browser (#12714)Eugen Rochko
Fix #12255
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-09Add force_login option to OAuth authorize page (#8655)Eugen Rochko
* Add force_login option to OAuth authorize page For when a user needs to sign into an app from multiple accounts on the same server * When logging out from modal header, redirect back after re-login
2017-12-11change pack to 'auth'cwm
2017-12-11load packcwm
2017-04-08Fix #1165 - before_action was called before protect_from_forgeryEugen Rochko
2017-04-07Allow setting of default language through configEugen Rochko
Setting of locale in controller extracted to Localized concern, the doorkeeper authorized applications controller moved under custom namespace with inclusion of Localized, which resolves the "it sometimes appears in a different random language" bug
2017-04-04Only call regeneration worker after first login after a 14 day breakEugen Rochko
2016-11-15Fix rubocop issues, introduce usage of frozen literal to improve performanceEugen Rochko
2016-10-23Fix OAuth authorization redirectEugen Rochko
2016-10-22Adding OAuth access scopes, fixing OAuth authorization UI, adding rate limitingEugen Rochko
to the API
generated by cgit-pink (git 2.37.1) at 2024-07-06 01:14:34 +0000