about summary refs log tree commit diff
path: root/app/controllers/statuses_controller.rb
AgeCommit message (Collapse)Author
2020-08-30[Filtering, Bug] Remove duplicate or unnecessary permission checks, add ↵Fire Demon
missing filter_options argument
2020-08-30[Privacy] Check permissions of boosts and dereference boosts before sending ↵Fire Demon
to public timelines
2020-08-30[Federation] Allow users to access ActivityPub representation of their own ↵Fire Demon
posts without a signature
2020-08-30[Privacy] Add options for private accountsFire Demon
2020-08-30[Feature, Privacy] Add base support for per-domain post privacyFire Demon
2020-08-30[Privacy, Transparency] Reduce allowlist mode restrictions; make publishing ↵Fire Demon
trusted servers to about page possible.
2020-06-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/concerns/sign_in_token_authentication_concern.rb`: Conflict due to glitch-soc's theming system. Ported upstream changes. - `app/controllers/concerns/two_factor_authentication_concern.rb`: Conflict due to glitch-soc's theming system. Ported upstream changes.
2020-06-19Fix functional user requirements in whitelist mode (#14093)ThibG
Fixes #14092
2020-06-09Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/activitypub/collections_controller.rb`: Conflict due to glitch-soc having to take care of local-only pinned toots in that controller. Took upstream's changes and restored the local-only special handling. - `app/controllers/auth/sessions_controller.rb`: Minor conflicts due to the theming system, applied upstream changes, adapted the following two files for glitch-soc's theming system: - `app/controllers/concerns/sign_in_token_authentication_concern.rb` - `app/controllers/concerns/two_factor_authentication_concern.rb` - `app/services/backup_service.rb`: Minor conflict due to glitch-soc having to handle local-only toots specially. Applied upstream changes and restored the local-only special handling. - `app/views/admin/custom_emojis/index.html.haml`: Minor conflict due to the theming system. - `package.json`: Upstream dependency updated, too close to a glitch-soc-only dependency in the file. - `yarn.lock`: Upstream dependency updated, too close to a glitch-soc-only dependency in the file.
2020-06-02Add E2EE API (#13820)Eugen Rochko
2020-05-03Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Upstream disabled the embed controller for reblogs. Not a real conflict, but glitch-soc has an extra line to deal with its theming system. Ported upstream changes. - `app/javascript/packs/public.js`: Upstream made changes to get rid of most inline CSS, this changes javascript for public pages, which in glitch are split between different files. Ported those changes. - `app/models/status.rb`: Upstream changed the block check in `Status#permitted_for` to include domain-block checks. Not a real conflict with glitch-soc, but our scope is slightly different, as our scope for unauthenticated access do not include instance-local toots. Ported upstream changes. - `app/serializers/rest/instance_serializer.rb`: Not a real conflict, upstream added a new field to the instance serializer, the conflict is one line above since we added more of that. Ported upstream changes. - `app/views/settings/profiles/show.html.haml`: Upstream got rid of most inline CSS and moved hidden elements to data attributes in the process, in fields were we have different values. Ported upstream changes while keeping our glitch-specific values. - `app/views/statuses/_simple_status.html.haml`: Upstream got rid of inline CSS on an HAML line we treat differently, stripping empty text nodes. Ported upstream changes to the style attribute, keeping the empty text node stripping behavior.
2020-05-03Add more tests for ActivityPub controllers (#13585)Eugen Rochko
2020-01-24Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - `app/controllers/statuses_controller.rb`: Minor conflict due to theming system
2020-01-24Fix OEmbed leaking information about existence of non-public statuses (#12930)Eugen Rochko
2019-09-30Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile - Gemfile.lock - app/controllers/about_controller.rb - app/controllers/auth/sessions_controller.rb
2019-09-28Fix redirecting non-functional accounts on public pages (#11978)Eugen Rochko
Fix #11969
2019-08-12Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-08-11Fix ActivityPub and REST API queries setting cookies and preventing caching ↵ThibG
(#11539) Regression from #8657
2019-07-23Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/application_controller.rb - app/controllers/auth/confirmations_controller.rb - app/controllers/auth/sessions_controller.rb - app/controllers/settings/deletes_controller.rb - app/controllers/settings/two_factor_authentication/recovery_codes_controller.rb
2019-07-21Add (back) rails-level JSON caching (#11333)Eugen Rochko
2019-07-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - Gemfile.lock - app/controllers/accounts_controller.rb - app/controllers/admin/dashboard_controller.rb - app/controllers/follower_accounts_controller.rb - app/controllers/following_accounts_controller.rb - app/controllers/remote_follow_controller.rb - app/controllers/stream_entries_controller.rb - app/controllers/tags_controller.rb - app/javascript/packs/public.js - app/lib/sanitize_config.rb - app/models/account.rb - app/models/form/admin_settings.rb - app/models/media_attachment.rb - app/models/stream_entry.rb - app/models/user.rb - app/serializers/initial_state_serializer.rb - app/services/batched_remove_status_service.rb - app/services/post_status_service.rb - app/services/process_mentions_service.rb - app/services/reblog_service.rb - app/services/remove_status_service.rb - app/views/admin/settings/edit.html.haml - config/locales/simple_form.pl.yml - config/settings.yml - docker-compose.yml
2019-07-11Add ActivityPub secure mode (#11269)Eugen Rochko
* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
2019-07-08Refactor controllers for statuses, accounts, and more (#11249)Eugen Rochko
2019-07-07Remove Atom feeds and old URLs in the form of `GET /:username/updates/:id` ↵Eugen Rochko
(#11247)
2019-06-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/statuses_controller.rb - app/controllers/stream_entries_controller.rb
2019-06-05Cleanup various controllers (#10972)ThibG
* Remove skip_session! as it is not supported in Rails 5 * Minor cleanup in StreamEntriesController * Remove redundant mark_cacheable! calls
2019-06-05Fix potential private status leak (#10969)ThibG
2019-05-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/statuses_controller.rb minor conflict because of glitch-soc's theming system - app/controllers/stream_entries_controller.rb minor conflict because of glitch-soc's theming system
2019-05-09Add some caching for HTML versions of statuses pages (#10701)ThibG
2019-03-18Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/controllers/accounts_controller.rb - app/controllers/follower_accounts_controller.rb - app/controllers/statuses_controller.rb All conflicts caused by the additional `use_pack` used for glitch-soc's theming system.
2019-03-17Reduce server load caused by anonymous viewing. (#9059)Ben Lubar
Do not start a session if the current user is not logged in for public-facing pages. Mark pages that don't care about sessions as publicly cacheable. Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow. Fixes #9035.
2019-02-28Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-02-28Give the `replies` collection an identifier and enable pagination (#10128)ThibG
2018-12-06Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-12-05Fix thread depth computation in statuses_controller (#9426)ThibG
* Add test that should currently fail * Fix depth computation (will still fail if statuses have been filtered out) * Fix handling of broken threads
2018-10-11Set Content-Security-Policy rules through RoR's config (#8957)ThibG
* Set CSP rules in RoR's configuration * Override CSP setting in the embed controller to allow frames
2018-08-31Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - app/views/stream_entries/_simple_status.html.haml - config/locales/nl.yml Deleted unused translation strings (themes) and adapted minor changes to _simple_status.html.haml
2018-08-30Add animate custom emoji param to embed pages (#8507)Renato "Lond" Cerqueira
* Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning
2018-08-22Override CSP setting in the embed controller to allow framesThibaut Girka
2018-08-21Merge branch 'master' into glitch-soc/masterThibaut Girka
Conflicts: config/routes.rb Added the “endorsements” route from upstream.
2018-08-19Unuse ActiveRecord::Base#cache_key (#8185)abcang
* Unuse ActiveRecord::Base#cache_key * Enable cache_versioning * Call cache_collection
2018-08-01Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Manually-resolved conflicts: .circleci/config.yml app/controllers/accounts_controller.rb app/controllers/auth/passwords_controller.rb app/controllers/statuses_controller.rb app/javascript/packs/public.js app/models/media_attachment.rb app/views/stream_entries/_content_spoiler.html.haml app/views/stream_entries/_media.html.haml config/locales/en.yml config/locales/ja.yml config/locales/pl.yml lib/mastodon/version.rb Some content from app/javascript/packs/public.js has been split to app/javascript/core/settings.js. Translation strings for glitch-soc's keyword mutes were dropped. Everything else was mostly “take both”.
2018-07-31Compensate for scrollbar disappearing when media modal visible (#8100)Eugen Rochko
* Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo
2018-07-28Redesign public profiles and toots (#8068)Eugen Rochko
2018-07-09Merge branch 'master' into glitch-soc/tentative-mergeThibaut Girka
Conflicts: README.md app/controllers/statuses_controller.rb app/lib/feed_manager.rb config/navigation.rb spec/lib/feed_manager_spec.rb Conflicts were resolved by taking both versions for each change. This means the two filter systems (glitch-soc's keyword mutes and tootsuite's custom filters) are in place, which will be changed in a follow-up commit.
2018-07-01Improve embeds (#7919)Eugen Rochko
* Make embeds cacheable by reverse proxy * Make follow button on embeds open remote follow modal Instead of web+mastodon://, also, turn the button blue, and add a sign up prompt to the remote follow modal
2018-05-03Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: .travis.yml Gemfile.lock README.md app/controllers/settings/follower_domains_controller.rb app/controllers/statuses_controller.rb app/javascript/mastodon/locales/ja.json app/lib/feed_manager.rb app/models/media_attachment.rb app/models/mute.rb app/models/status.rb app/services/mute_service.rb app/views/home/index.html.haml app/views/stream_entries/_simple_status.html.haml config/locales/ca.yml config/locales/en.yml config/locales/es.yml config/locales/fr.yml config/locales/nl.yml config/locales/pl.yml config/locales/pt-BR.yml config/themes.yml
2018-04-30Fix "Show more" URL on paginated threads for remote statuses (#7285)Eugen Rochko
* Fix URL of "Show more" link in paginated threads (ancestors side) Increase item limits in threads Fix #7268 * Fix "Show more" link in paginated threads (descendants side)
2018-04-23Paginate descendant statuses in public page (#7148)Akihiko Odaki
2018-04-18Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: app/controllers/home_controller.rb app/controllers/stream_entries_controller.rb app/javascript/mastodon/locales/ja.json app/javascript/mastodon/locales/pl.json