Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-02-06 | Add environment variable to specify extra data hosts | Thibaut Girka | |
Fixes #1276 | |||
2020-01-15 | merge upstream csp changes | multiple creatures | |
2019-11-29 | remove img tag proxy from csp cause a: we don't use that anymore & b: it's ↵ | multiple creatures | |
breaking stuff | |||
2019-09-14 | add jortage proxy to csp | multiple creatures | |
2019-05-21 | update csp for img proxy | multiple creatures | |
2019-05-04 | Fix CSP when PAPERCLIP_ROOT_URL is set to a different host | Thibaut Girka | |
2019-05-04 | Fix CSP when dealing with S3 hosts | Thibaut Girka | |
2018-12-14 | Remove form_action from CSP | Rey Tucker | |
This trips an issue when trying to authenticate through to third-party sites, e.g. bridge.joinmastodon.org: Refused to send form data to 'https://bridge.joinmastodon.org/' because it violates the following Content Security Policy directive: "form-action 'self'". Thread: https://vulpine.club/@digifox/101230933751352042 | |||
2018-11-12 | Tighten CSP a bit | Thibaut Girka | |
2018-10-22 | Merge branch 'master' into glitch-soc/merge-upstream | Thibaut Girka | |
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both. | |||
2018-10-12 | Add manifest_src to CSP, add blob to connect_src (#8967) | ThibG | |
2018-10-12 | Fix CSP headers blocking media and development environment (#8962) | Eugen Rochko | |
Regression from #8957 | |||
2018-10-11 | Set Content-Security-Policy rules through RoR's config (#8957) | ThibG | |
* Set CSP rules in RoR's configuration * Override CSP setting in the embed controller to allow frames | |||
2018-09-03 | Add manifest_src to CSP | Rey Tucker | |
Fixes manifest.json not being loaded because of CSP violation h/t https://vulpine.club/@binary/100662852252438648 | |||
2018-08-28 | Fix CSP with S3/SWIFT hosts | Thibaut Girka | |
2018-08-28 | Adjust CSP to fix image resizing | Thibaut Girka | |
2018-08-23 | Only apply CSP in production mode | Thibaut Girka | |
2018-08-23 | Tighten CSP while allowing CDN hosts | Thibaut Girka | |
2018-08-22 | Move CSP headers to the appropriate Rails configuration | Thibaut Girka | |
Also drop dev-static.glitch.social reference. | |||
2018-04-12 | Upgrade Rails to version 5.2.0 (#5898) | Yamagishi Kazutoshi | |