Age | Commit message (Collapse) | Author |
|
|
|
|
|
Because the file name was set after loading the file, Paperclip
was flagging the differing file extension as content type spoofing
Fix #12938
|
|
Port c31d61d7f2d576b42ea82ab01470bce7e6e5a3a7 to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
|
|
If the “Why do you want to join?” textarea is left empty and the entered params
do not validate, the textarea isn't shown again, unlike other fields.
This commit fixes that by populating an empty `UserInviteRequest` when needed.
|
|
web UI
Port 1314bba68a5f2d271312bad08f108e1ff56c2c00 to glitch-soc
Signed-off-by: Thibaut Girka <thib@sitedethib.com>
|
|
(#13116)
`request.format` is not a symbol but a `Mime::Type`, so the condition actually
never matched, and a session was created even for those requests, preventing
caching.
|
|
being possible
Fix #3804, Fix #5776
|
|
|
|
upstream privacy improvements
|
|
|
|
support subdomains
* Change domain blocks to automatically support subdomains
If a more authoritative domain is blocked (example.com), then the
same block will be applied to a subdomain (foo.example.com)
* Match subdomains of existing accounts when blocking/unblocking domains
* Improve code style
|
|
|
|
mode
|
|
… posting to the AP inbox required a logged-in local user…
|
|
whitelist/secure mode
Fix relays UI referencing relay that is not functional
|
|
leaving media behind for a day
The reason for unattaching media instead of removing it is to support
delete & redraft functionality, but remote or staff-removed statuses
will never be redrafted, so the media should be deleted immediately
|
|
being enabled in the admin dashboard
|
|
* Add automatic blocklist display in /about/blocks
Inspired by https://github.com/Gargron/mastodon.social-misc
* Add admin option to set who can see instance blocks
* Normalize locales files
* Rename “Sandbox” to “Silence” for consistency
* Disable /about/blocks when in whitelist mode
* Optionally display rationale for domain blocks
* Only display domain blocks that have user-facing limitations, and order them
* Redesign table of blocked domains to better handle long domain names and rationales
* Change domain blocks ordering now that rationales aren't displayed right away
* Only show explanation for block severities actually in use
* Reword instance block explanations and add disclaimer for public fetch mode
|
|
federation page in admin UI
|
|
|
|
Allow access to account settings, 2FA, authorized applications, and
account deletions to unconfirmed and pending users, as well as
users who had their accounts disabled. Suspended users cannot update
their e-mail or password or delete their account.
Display account status on account settings page, for example, when
an account is frozen, limited, unconfirmed or pending review.
After sign up, login users straight away and show a simple page that
tells them the status of their account with links to account settings
and logout, to reduce onboarding friction and allow users to correct
wrongly typed e-mail addresses.
Move the final sign-up step of SSO integrations to be the same
as above to reduce code duplication.
|
|
|
|
exceptions and missing error templates
|
|
|
|
Fix #12509
See also #12214
|
|
non-HTML requests
|
|
Fix #6462
|
|
|
|
|
|
Fix #12034
|
|
on public pages
Fix #11969
|
|
|
|
(#11539)
Regression from #8657
|
|
profile page
* Add featured tag support to rss feed on public account page
* fix codeing style
|
|
|
|
even if file is not stored
Change the behaviour of remotable concern. Previously, it would skip
downloading an attachment if the stored remote URL is identical to
the new one. Now it would not be skipped if the attachment is not
actually currently stored by Paperclip.
|
|
|
|
Fix #12551
Fix #12547
|
|
followers/following from REST API when user has network hidden
Fix #12510
|
|
|
|
Instead of returning a signature verification error, pretend there
was no signature (i.e., this does not allow access to resources that
need a valid signature), so public resources can still be fetched
Fix #13011
|
|
Fix OEmbed preview API leaking existence of private statuses (see #12930)
|
|
|
|
|
|
* Add nodeinfo endpoint
* dont commit stuff from my local dev
* consistant naming since we implimented 2.1 schema
* Add some additional node info stuff
* Add nodeinfo endpoint
* dont commit stuff from my local dev
* consistant naming since we implimented 2.1 schema
* expanding this to include federation info
* codeclimate feedback
* CC feedback
* using activeserializers seems like a good idea...
* get rid of draft 2.1 version
* Reimplement 2.1, also fix metaData -> metadata
* Fix metaData -> metadata here too
* Fix nodeinfo 2.1 tests
* Implement cache for monthly user aggregate
* Useless
* Remove ostatus from the list of supported protocols
* Fix nodeinfo's open_registration reading obsolete setting variable
* Only serialize domain blocks with user-facing limitations
* Do not needlessly list noop severity in nodeinfo
* Only serialize domain blocks info in nodeinfo when they are set to be displayed to everyone
* Enable caching for nodeinfo endpoints
* Fix rendering nodeinfo
* CodeClimate fixes
* Please CodeClimate
* Change InstancePresenter#active_user_count_months for clarity
* Refactor NodeInfoSerializer#metadata
* Remove nodeinfo 2.1 support as the schema doesn't exist
* Clean-up
|
|
410 when account is suspended
|
|
|
|
existence of non-public statuses
|