Age | Commit message (Collapse) | Author |
|
|
|
This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:
Refused to send form data to 'https://bridge.joinmastodon.org/'
because it violates the following Content Security Policy
directive: "form-action 'self'".
Thread: https://vulpine.club/@digifox/101230933751352042
|
|
|
|
Conflicts:
- .github/ISSUE_TEMPLATE/bug_report.md
Took our version.
- CONTRIBUTING.md
Updated the embedded copy of upstream's version.
- README.md
Took our version.
- app/policies/status_policy.rb
Not a real conflict, took code from both.
- app/views/layouts/embedded.html.haml
Added upstream's changes (dns-prefetch) and fixed
`%body.embed`
- app/views/settings/preferences/show.html.haml
Reverted some of upstream changes, as we have a
page dedicated for flavours and skins.
- config/initializers/content_security_policy.rb
Kept our version of the CSP.
- config/initializers/doorkeeper.rb
Not a real conflict, took code from both.
|
|
|
|
Regression from #8957
|
|
* Set CSP rules in RoR's configuration
* Override CSP setting in the embed controller to allow frames
|
|
Fixes manifest.json not being loaded because of CSP violation
h/t https://vulpine.club/@binary/100662852252438648
|
|
|
|
|
|
|
|
|
|
Also drop dev-static.glitch.social reference.
|
|
|