Age | Commit message (Collapse) | Author |
|
* Fix anonymous access to outbox not being cached by the reverse proxy
Up until now, anonymous access to outbox was marked as public, but with a
0 duration for caching, which means remote proxies would only serve from cache
when the server was completely overwhelmed.
Changed that cache duration to one minute, so that repeated anonymous access
to one account's outbox can be appropriately cached.
Also added `Signature` to the `Vary` header in case a page is requested, so
that authenticated fetches are never served from cache (which only contains
public toots).
* Remove Vary: Accept header from webfinger controller
Indeed, we have stopped returning xrd, and only ever return jrd, so the
Accept request header does not matter anymore.
* Cache negative webfinger hits for 3 minutes
|
|
|
|
|
|
network (#16418)
* Add tests
* Fix serialization of followers/following counts when user hides their network
Fixes #16382
Signed-off-by: Claire <claire.github-309c@sitedethib.com>
|
|
|
|
|
|
* Fix e-mail confirmations API not working correctly
* Fix typo
|
|
|
|
|
|
* Remove set-cookie header on custom.css
* Additional fix for set-cookie
|
|
Conflicts:
- `README.md`:
Upstream's README got updated, but we have a completely different one.
Kept ours.
|
|
Follow-up to #16276
|
|
- `app/views/statuses/_simple_status.html.haml`:
Small markup change in glitch-soc, on a line that has been modified by
upstream. Ported upstream changes.
|
|
If a status with a hashtag becomes very popular, it stands to
reason that the hashtag should have a chance at trending
Fix no stats being recorded for hashtags that are not allowed
to trend, and stop ignoring bots
Remove references to hashtags in profile directory from the code
and the admin UI
|
|
* Fix issues with POSIX::Spawn, Terrapin and Ruby 3.0
Also improve the Terrapin monkey-patch for the stderr/stdout issue.
* Fix keyword argument handling throughout the codebase
* Monkey-patch Paperclip to fix keyword arguments handling in validators
* Change validation_extensions to please CodeClimate
* Bump microformats from 4.2.1 to 4.3.1
* Allow Ruby 3.0
* Add Ruby 3.0 test target to CircleCI
* Add test for admin dashboard warnings
* Fix admin dashboard warnings on Ruby 3.0
|
|
* Add management of delivery availavility in Federation settings
* fix translate
* Remove useless object creation
* Fix DeepSource issue
* Add shortcut for all
* Fix DeepSource(skipcq)
* Change 'remove' to 'clear'
* Fix style
* Change class method name (exhausted_deliveries_key_by)
|
|
|
|
Database serialization failure occurs when a read-replica is used
and a query takes long enough that rows on the primary database
become unavailable. It should return HTTP 503 as it is temporary.
Re-order rescue definitions according to their status codes
|
|
Clicking the confirmation link multiple times currently leads to entering
account settings, which can be confusing. This commit changes that so that
it redirects to the root path, so it behaves the same way as clicking only
once in most cases.
|
|
|
|
|
|
|
|
Conflicts:
- `README.md`:
Upstream updated copyright year, we don't mention it so kept our version.
- `app/controllers/admin/dashboard_controller.rb`:
Not really a conflict, upstream change (removing the spam checker) too close
to glitch-soc changes. Ported upstream changes.
- `app/models/form/admin_settings.rb`:
Same.
- `app/services/remove_status_service.rb`:
Same.
- `app/views/admin/settings/edit.html.haml`:
Same.
- `config/settings.yml`:
Same.
- `config/environments/production.rb`:
Not a real conflict, upstream added a default HTTP header, but we have
extra headers in glitch-soc.
Added the header.
|
|
With possible values `all`, `followed`, `follower`, and `none`,
control from whom notifications will generate a Web Push alert
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Raw SQL passed to `pluck` now has to be explicitly marked as SQL via
Arel.sql, see https://github.com/rails/rails/pull/27947
|
|
|
|
Allow changing e-mail as long as the account is unconfirmed
|
|
|
|
* Update devise-two-factor to unreleased fork for Rails 6 support
Update tests to match new `rotp` version.
* Update nsa gem to unreleased fork for Rails 6 support
* Update rails to 6.1.3 and rails-i18n to 6.0
* Update to unreleased fork of pluck_each for Ruby 6 support
* Run "rails app:update"
* Add missing ActiveStorage config file
* Use config.ssl_options instead of removed ApplicationController#force_ssl
Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.
* Fix nonce directives by removing Rails 5 specific monkey-patching
* Fix fixture_file_upload deprecation warning
* Fix yield-based test failing with Rails 6
* Use Rails 6's index_with when possible
* Use ActiveRecord::Cache::Store#delete_multi from Rails 6
This will yield better performances when deleting an account
* Disable Rails 6.1's automatic preload link headers
Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.
In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.
* Switch to Rails 6.0 default config
* Switch to Rails 6.1 default config
* Do not include autoload paths in the load path
|
|
|
|
* Use ActiveRecord::Result#to_ary instead of deprecated to_hash
They do the same thing, and to_hash has been removed from Rails 6.1
* Explicitly name polymorphic indexes to workaround a bug in Rails 6.1
cf. https://github.com/rails/rails/issues/41693
* Fix incorrect usage of “foreign_key” in migration script
* Use `ActiveModel::Errors#delete` instead of deprecated clear method
* Fix link headers tests on Rails 6.1
Rails 6.1 adds values to the Link header by default, thus it is not a
LinkHeader object anymore. Fix the test to parse the Link header instead
of assuming it is a LinkHeader.
|
|
* Fix cache_collection crashing when given an empty collection
* Add tests
|
|
Conflicts:
- `app/validators/status_length_validator.rb`:
Upstream changes too close to glitch-soc MAX_CHARS changes, but not a real
conflict.
Applied upstream changes.
- `package.json`:
glitch-soc-only dependency textually too close to a dependency updated
upstream, not a real conflict.
Applied upstream changes.
|
|
Only available to the application the user originally signed-up with
|
|
|
|
* Fix crash on receiving requests with missing Digest header
Return an error pointing out that Digest is missing, instead of crashing.
Fixes #15743
* Fix from review feedback
|
|
|
|
|
|
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
|
|
|
|
Conflicts:
- `app/javascript/styles/mastodon/modal.scss`:
For some reason we changed the file loading path in glitch-soc,
but now upstream has completely changed how the logo is loaded.
Applied upstream changes.
|
|
|
|
* Enable secure cookie flag for https only
* Disable force_ssl for .onion hosts only
Co-authored-by: Aiden McClelland <me@drbonez.dev>
|
|
An uncommon but somewhat difficult to digagnose issue is dealing with
improperly-seeded databases. In such cases, instance-signed fetches will
fail with a ActiveRecord::RecordNotFound error, usually caught and handled
as generic 404, leading people to think the remote resource itself has not
been found, while it's the local instance actor that does not exist.
This commit changes the code so that failure to find the instance actor
automatically creates a new one, so that improperly-seeded databases do
not cause any issue.
|