about summary refs log tree commit diff
path: root/config/environments
AgeCommit message (Collapse)Author
2023-01-10Fix CSRF protection (#23037)Claire
Fix regression from #23014
2023-01-10Change referrer-policy to no-referrer application-wide (#23014)Claire
2022-11-17Fix style for hashes (#20518)Rose
* Fix style for hashes Make the style for hashes consistent. * New style More consistency
2022-11-11Fix `ENV` (#20377)Yamagishi Kazutoshi
2022-11-10Make enable_starttls configurable by envvars (#20321)F
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting three values: 'auto' (the default), 'always', and 'never'. If ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In this way, this change should be fully backwards compatible. Resolves #20311
2022-08-25Fix I2P HTTPS redirect (#18929)Arya K
2022-04-19Fix parsing `TRUSTED_PROXY_IP` (#18051)Yamagishi Kazutoshi
2022-04-07Fix unset `SMTP_RETURN_PATH` environment variable causing e-mail not to send ↵Eugen Rochko
(#17982)
2022-03-28Add `SMTP_RETURN_PATH` environment variable to set bounce domain (#17886)Eugen Rochko
2022-01-28Fix Sidekiq warnings about JSON serialization (#17381)Claire
* Fix Sidekiq warnings about JSON serialization This occurs on every symbol argument we pass, and every symbol key in hashes, because Sidekiq expects strings instead. See https://github.com/mperham/sidekiq/pull/5071 We do not need to change how workers parse their arguments because this has not changed and we were already converting to symbols adequately or using `with_indifferent_access`. * Set Sidekiq to raise on unsafe arguments in test mode In order to more easily catch issues that would produce warnings in production code.
2022-01-24disable legacy XSS filtering (#17289)Wonderfall
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-01-13Fix SMTP_ENABLE_STARTTLS_AUTO/SMTP_TLS/SMTP_SSL environment variables don't ↵tkr
work (#17216) #17215
2021-12-27Fix warnings on Rails boot (#16946)Eugen Rochko
2021-10-14Default to system ca-certificates.crt if none is specified (#10857)Sandro
Co-Authored-By: Yamagishi Kazutoshi <ykzts@desire.sh> Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-04-19Add Message-ID header to outgoing emails (#16076)Claire
* Add Message-ID header to outgoing emails * Use email domain name from SMTP_FROM_ADDRESS, fallback on WEB_DOMAIN on failure * Use notifications@localhost as fallback for SMTP_FROM_ADDRESS, do not catch parse errors
2021-04-13Add HTTP header to explicitly opt out of FLoC by default (#16036)Claire
Fixes #16034
2021-03-24Update Mastodon to Rails 6.1 (#15910)Claire
* Update devise-two-factor to unreleased fork for Rails 6 support Update tests to match new `rotp` version. * Update nsa gem to unreleased fork for Rails 6 support * Update rails to 6.1.3 and rails-i18n to 6.0 * Update to unreleased fork of pluck_each for Ruby 6 support * Run "rails app:update" * Add missing ActiveStorage config file * Use config.ssl_options instead of removed ApplicationController#force_ssl Disabled force_ssl-related tests as they do not seem to be easily testable anymore. * Fix nonce directives by removing Rails 5 specific monkey-patching * Fix fixture_file_upload deprecation warning * Fix yield-based test failing with Rails 6 * Use Rails 6's index_with when possible * Use ActiveRecord::Cache::Store#delete_multi from Rails 6 This will yield better performances when deleting an account * Disable Rails 6.1's automatic preload link headers Since Rails 6.1, ActionView adds preload links for javascript files in the Links header per default. In our case, that will bloat headers too much and potentially cause issues with reverse proxies. Furhermore, we don't need those links, as we already output them as HTML link tags. * Switch to Rails 6.0 default config * Switch to Rails 6.1 default config * Do not include autoload paths in the load path
2021-03-17Prepare Mastodon for Rails 6 (#15911)Claire
* Fix misuse of foreign_type * Fix use of removed "add_template_helper" * Use response.media_type instead of response.content_type in tests * Fix CSV export controller test on Rails 6 Rails 6 sets a "filename*" field in the Content-Disposition header to explicitly encode the filename as UTF-8. This changes checks the first part of the Content-Disposition header so it matches in both Rails 5 and Rails 6. * Fix emoji formatting with Rails 6 * Make emoji output more idiomatic and robust * Switch from redis-rails gem to built-in Rails redis cache storage
2020-07-15add ssl option in smtp setting (#14309)Tdxdxoz
2019-09-02Add SMTP reply_to option (#11718)Hugo Gameiro
* Add SMTP_REPLY_TO in .env.production.sample * Set reply_to in SMTP options
2019-08-18Add HTTP signature keyId to request log (#11591)Eugen Rochko
2018-10-12Fix missing protocol in dns-prefetch, improve code style (#8963)Eugen Rochko
Regression from #8942
2018-10-07Add conversations API (#8832)Eugen Rochko
* Add conversations API * Add web UI for conversations * Add test for conversations API * Add tests for ConversationAccount * Improve web UI * Rename ConversationAccount to AccountConversation * Remove conversations on block and mute * Change last_status_id to be a denormalization of status_ids * Add optimistic locking
2018-10-04lint pass 2 (#8878)aus-social
* Code quality pass * Typofix * Update applications_controller_spec.rb * Update applications_controller_spec.rb
2018-09-14Misc. typos (#8694)luzpaz
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-04-27Add support for separate Redis for cache (#7272)Eugen Rochko
* Add support for separate Redis for cache CACHE_REDIS_URL to allow using a different Redis server for cache purposes, with cache-specific configuration such as key eviction * Fix code style issues
2018-04-12Upgrade Rails to version 5.2.0 (#5898)Yamagishi Kazutoshi
2018-04-11update gem, test pam authentication (#7028)Alexander
* update gem, test pam authentication * add description for test parameters * fix inclusion of optional group
2018-03-20Fix i18n fallback configuration conflicts with environment configurations ↵Akihiko Odaki
(#6843)
2018-03-04Provide default OTP_SECRET value for development environment (#6617)Akihiko Odaki
2018-03-04Set the default locale in config (#6580)Akihiko Odaki
Previously the default locale was set by Localized concern for controllers, but it was not enforced for mailers. config is enforced throughout the application and an appropriate place to set the default locale.
2018-02-27remove Uglifier call from production.rb (#6568)beatrix
2018-02-24Raise Mastodon::HostValidationError when host for HTTP request is private ↵Akihiko Odaki
(#6410)
2018-02-17Isolate each specs for cache store (#6450)Akihiko Odaki
The cache store is explicitly used by some specs, but they were not isolated and therefore not reliable. This fixes the issue by clearing the cache after each specs.
2017-09-29Replace self-rolled statsd instrumention with localshred/nsa (#5118)Eugen Rochko
2017-09-09Set fallback address when empty notification address (#4868)Yamagishi Kazutoshi
2017-08-30Update status embeds (#4742)Eugen Rochko
- Use statuses controller for embeds instead of stream entries controller - Prefer /@:username/:id/embed URL for embeds - Use /@:username as author_url in OEmbed - Add follow link to embeds which opens web intent in new window - Use redis cache in development - Cache entire embed
2017-07-16Add SMTP_TLS variable for configuring TLS when server uses non-standard port ↵Eugen Rochko
(#4227)
2017-07-13Web Push Notifications (#3243)Sorin Davidoi
* feat: Register push subscription * feat: Notify when mentioned * feat: Boost, favourite, reply, follow, follow request * feat: Notification interaction * feat: Handle change of public key * feat: Unsubscribe if things go wrong * feat: Do not send normal notifications if push is enabled * feat: Focus client if open * refactor: Move push logic to WebPushSubscription * feat: Better title and body * feat: Localize messages * chore: Fix lint errors * feat: Settings * refactor: Lazy load * fix: Check if push settings exist * feat: Device-based preferences * refactor: Simplify logic * refactor: Pull request feedback * refactor: Pull request feedback * refactor: Create /api/web/push_subscriptions endpoint * feat: Spec PushSubscriptionController * refactor: WebPushSubscription => Web::PushSubscription * feat: Spec Web::PushSubscription * feat: Display first media attachment * feat: Support direction * fix: Stuff broken while rebasing * refactor: Integration with session activations * refactor: Cleanup * refactor: Simplify implementation * feat: Set VAPID keys via environment * chore: Comments * fix: Crash when no alerts * fix: Set VAPID keys in testing environment * fix: Follow link * feat: Notification actions * fix: Delete previous subscription * chore: Temporary logs * refactor: Move migration to a later date * fix: Fetch the correct session activation and misc bugs * refactor: Move migration to a later date * fix: Remove follow request (no notifications) * feat: Send administrator contact to push service * feat: Set time-to-live * fix: Do not show sensitive images * fix: Reducer crash in error handling * feat: Add badge * chore: Fix lint error * fix: Checkbox label overlap * fix: Check for payload support * fix: Rename action "type" (crash in latest Chrome) * feat: Action to expand notification * fix: Lint errors * fix: Unescape notification body * fix: Do not allow boosting if the status is hidden * feat: Add VAPID keys to the production sample environment * fix: Strip HTML tags from status * refactor: Better error messages * refactor: Handle browser not implementing the VAPID protocol (Samsung Internet) * fix: Error when target_status is nil * fix: Handle lack of image * fix: Delete reference to invalid subscriptions * feat: Better error handling * fix: Unescape HTML characters after tags are striped * refactor: Simpify code * fix: Modify to work with #4091 * Sort strings alphabetically * i18n: Updated Polish translation it annoys me that it's not fully localized :P * refactor: Use current_session in PushSubscriptionController * fix: Rebase mistake * fix: Set cacheName to mastodon * refactor: Pull request feedback * refactor: Remove logging statements * chore(yarn): Fix conflicts with master * chore(yarn): Copy latest from master * chore(yarn): Readd offline-plugin * refactor: Use save! and update! * refactor: Send notifications async * fix: Allow retry when push fails * fix: Save track for failed pushes * fix: Minify sw.js * fix: Remove account_id from fabricator
2017-07-07Set default From address in config (#3756)Akihiko Odaki (@fn_aki@pawoo.net)
The old implementation sets default From address in mailers. It sets the address from SMTP_FROM_ADDRESS, or notifications@localhost. The behavior is occasionally undesired results. In production environment, notifications@localhost is likely to be incorrect. In testing environment, the email address should not be varied by a environment variable. After appling this change, In production environment, it will throw an exception when launching Mastodon. In testing environment, the address will be fixed with notifications@localhost.
2017-06-08Support multiple trusted proxy ip addresses (#3639)nullkal
* Support multiple trusted proxy ip addresses * correct coding style
2017-06-01Update Rails to version 5.1.1 (#3121)Matt Jankowski
* Update rails to version 5.1.1 * Run `rails app:update` * Remove the override of polymorphic activity relationship * Silence warning about otp_secret attribute being unknown to rails * We will only introduce form_with where we want to use remote data
2017-05-22Set config.cache_store in environments file. (#3219)Clworld
* Set config.cache_store in application.rb * Set config.cache_store in environments. * fix code format.
2017-05-12Add back stdout logging to development environment after rails_12factor was ↵Eugen Rochko
removed (#3011)
2017-05-09Remove rails_12factor (#2901)alpaca-tc
2017-05-06Fix Scheduler::SubscriptionsScheduler (#2834)Eugen Rochko
* Fix Scheduler::SubscriptionsScheduler, add worker test for it * Change production log level of Sidekiq to "warn" instead of "info"
2017-05-05More robust PuSH subscription refreshes (#2799)Eugen Rochko
* Fix #2473 - Use sidekiq scheduler to refresh PuSH subscriptions instead of cron Fix an issue where / in domain would raise exception in TagManager#normalize_domain PuSH subscriptions refresh done in a round-robin way to avoid hammering a single server's hub in sequence. Correct handling of failures/retries through Sidekiq (see also #2613). Optimize Account#with_followers scope. Also, since subscriptions are now delegated to Sidekiq jobs, an uncaught exception will not stop the entire refreshing operation halfway through Fix #2702 - Correct user agent header on outgoing http requests * Add test for SubscribeService * Extract #expiring_accounts into method * Make mastodon:push:refresh no-op * Queues are now defined in sidekiq.yml * Queues are now in sidekiq.yml
2017-05-03Clean up redis configuration. Allow using REDIS_URL to set advanced (#2732)Eugen Rochko
connection options instead of setting REDIS_HOST etc individually Close #1986
2017-05-03Replace sprockets/browserify with Webpack (#2617)Eugen Rochko
* Replace browserify with webpack * Add react-intl-translations-manager * Do not minify in development, add offline-plugin for ServiceWorker background cache updates * Adjust tests and dependencies * Fix production deployments * Fix tests * More optimizations * Improve travis cache for npm stuff * Re-run travis * Add back support for custom.scss as before * Remove offline-plugin and babili * Fix issue with Immutable.List().unshift(...values) not working as expected * Make travis load schema instead of running all migrations in sequence * Fix missing React import in WarningContainer. Optimize rendering performance by using ImmutablePureComponent instead of React.PureComponent. ImmutablePureComponent uses Immutable.is() to compare props. Replace dynamic callback bindings in <UI /> * Add react definitions to places that use JSX * Add Procfile.dev for running rails, webpack and streaming API at the same time
2017-05-03Allow to set CA file for SMTP (#2713)Akihiko Odaki