about summary refs log tree commit diff
path: root/app/controllers
AgeCommit message (Collapse)Author
2018-01-17implement web share target (#6278)りんすき
* web share target * fix * fix
2018-01-15Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-15Suppress CSRF token warnings (#6240)Patrick Figel
CSRF token checking was enabled for API controllers in #6223, producing "Can't verify CSRF token authenticity" log spam. This disables logging of failed CSRF checks. This also changes the protection strategy for PushSubscriptionsController to use exceptions, making it consistent with other controllers that use sessions.
2018-01-10Thank you, Officer MurphyDavid Yip
2018-01-10The flavour parameter is unused, so omit it (#317)David Yip
2018-01-10Allow for user object to be empty. Fixes #317.David Yip
If a flavour has only one skin, the skin selector will be omitted. This omits the user[setting_skin] field, and because that's the only user[...] field on the page, the entire user object will not be present in the request handler's params object. This commit accounts for that scenario by avoiding params.require(:user) and instead picking out what we need from the params hash.
2018-01-09Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-08Refactor /api/web APIs to use the centralized axios instance (#6223)nightpool
Also adds the ability to decouple the centralized axios logic from the state dispatcher
2018-01-08Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-08Revert #5772 (#6221)Eugen Rochko
2018-01-07Merge remote-tracking branch 'personal/merge/tootsuite/master' into gs-masterDavid Yip
2018-01-07Use error pack when rendering error pages. Fixes #305.David Yip
2018-01-07Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-07Fix force_ssl conditional (#6201)Yamagishi Kazutoshi
2018-01-07Fix unintended cache (#6214)Yamagishi Kazutoshi
2018-01-07Merge remote-tracking branch 'ykzts/fix-unintended-cache' into gs-masterDavid Yip
2018-01-07Fix unintended cacheYamagishi Kazutoshi
2018-01-05Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-05Represent numbers by strings in instance activity API (#6198)TheKinrar
Fixes #6197.
2018-01-04Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-04Make sure private toots remain private and do not end up in HTTP caches (#6175)ThibG
2018-01-04Cache JSON of immutable ActivityPub representations (#6171)Eugen Rochko
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow to dereference Follow object for ActivityPub (#5772)Akihiko Odaki
* Allow to dereference Follow object for ActivityPub * Accept IRI as object representation for Accept activity
2018-01-03Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-01-03Allow HTTP caching of json view of public statuses (#6115)ThibG
* Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots
2018-01-02Add confirmation step for email changes (#6071)Patrick Figel
* Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes
2018-01-02Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/controllers/authorize_follows_controller.rb app/javascript/styles/mastodon/components.scss
2018-01-02Show mastodon on modal (#6129)Akihiko Odaki
2017-12-30Merge remote-tracking branch 'origin/master' into merge-upstreamDavid Yip
Conflicts: app/controllers/auth/confirmations_controller.rb
2017-12-30keep the same filters and page when doing custom emojo stuff (fixes #6112) ↵beatrix
(#6114)
2017-12-29Add more instance stats APIs (#6125)Eugen Rochko
* Add GET /api/v1/instance/peers API to reveal known domains * Add GET /api/v1/instance/activity API * Make new APIs disableable, exclude private statuses from activity stats * Fix code style issue * Fix week timestamps
2017-12-27Make host_meta/webfinger replies cacheable (fixes #6100) (#6101)ThibG
* Make host_meta/webfinger replies cacheable (fixes #6100) Drop common code for handling users and sessions as webfinger queries are very basic, public APIs. Also explicitly mark results as cacheable with “expires_in”. * Add “Vary: Accept” header for caching since content-negociation is used
2017-12-20Set packs on 2FA-related pages. Fixes #271.David Yip
Specifically, this commit: - changes S::TFA::{Confirmations,RecoveryCodes}Controller to derive from S::BaseController, because this gives us the necessary actions and packs - prepends set_pack to Auth::SessionsController's action chain so that it takes effect in time for render :two_factor
2017-12-15Merge branch 'gs-master' into prevent-local-only-federationDavid Yip
Conflicts: db/schema.rb
2017-12-15Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2017-12-14Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026)Eugen Rochko
2017-12-13Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2017-12-13Add filters to admin UI for custom emojis (#6003)Eugen Rochko
2017-12-13Clean up admin UI for accounts (#6004)Eugen Rochko
* Add staff filter to admin UI for accounts, remove obsolete columns * Only display OStatus section in admin UI for accounts when OStatus data
2017-12-12Merge remote-tracking branch 'tootsuite/master' into merge-upstreamDavid Yip
2017-12-12Fix #5953 - Add GET /api/v1/accounts/:id/lists (#5983)Eugen Rochko
2017-12-11change pack to 'auth'cwm
2017-12-11load packcwm
2017-12-11move outbox filtering to Status#permitted_for (as per @ekiru)Erin
2017-12-11Merge pull request #254 from glitch-soc/new-theme-uxbeatrix
New flavour/skin UX
2017-12-11Apply a 25x rate limit by IP even to authenticated requests (#5948)Eugen Rochko
2017-12-11Add missing set_pack def/filter in OAuth::AuthorizedApplicationsController.David Yip
2017-12-10Moved flavour UI into own prefs tabkibigo!
2017-12-10filter local-only toots from AP outboxesErin