about summary refs log tree commit diff
path: root/config/initializers
AgeCommit message (Collapse)Author
2018-09-11Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/controllers/oauth/authorizations_controller.rb Just two changes being too close to one another. Took both.
2018-09-08feat(cookies): Use the same-site attribute to lax (#8626)Sorin Davidoi
CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site.
2018-09-03Add manifest_src to CSPRey Tucker
Fixes manifest.json not being loaded because of CSP violation h/t https://vulpine.club/@binary/100662852252438648
2018-08-28Fix CSP with S3/SWIFT hostsThibaut Girka
2018-08-28Adjust CSP to fix image resizingThibaut Girka
2018-08-26Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/views/layouts/application.html.haml Edited: app/helpers/application_helper.rb app/views/admin/domain_blocks/new.html.haml Conflict wasn't really one, just two changes too close to one another. Edition was to adapt the class names for themes to class names for skins and flavours. Also edited app/views/admin/domain_blocks/new.html.haml to strip the duplicate admin pack inclusion thing.
2018-08-25Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423)M Somerville
Still check for S3_CLOUDFRONT_HOST for existing installs.
2018-08-23Only apply CSP in production modeThibaut Girka
2018-08-23Tighten CSP while allowing CDN hostsThibaut Girka
2018-08-22Move CSP headers to the appropriate Rails configurationThibaut Girka
Also drop dev-static.glitch.social reference.
2018-08-21Merge branch 'master' into glitch-soc/masterThibaut Girka
Conflicts: config/routes.rb Added the “endorsements” route from upstream.
2018-08-21Revert to using Paperclip's filesystem storage, and fix dangling records in ↵ThibG
remove_remote (#8339) * Fix uncaching worker * Revert to using Paperclip's filesystem backend instead of fog-local fog-local has lots of concurrency issues, causing failure to delete files, dangling file records, and spurious errors UncacheMediaWorker
2018-08-17Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/models/status.rb db/migrate/20180528141303_fix_accounts_unique_index.rb db/schema.rb Resolved by taking upstream changes (no real conflicts, just glitch-soc specific code too close to actual changes).
2018-08-15Add ldap search filter (#8151)Immae
2018-08-13Add post-deployment migration system (#8182)Eugen Rochko
Adopted from GitLab CE. Generate new migration with: rails g post_deployment_migration name_of_migration_here By default they are run together with db:migrate. To not run them, the env variable SKIP_POST_DEPLOYMENT_MIGRATIONS must be set Code by Yorick Peterse <yorickpeterse@gmail.com>, see also: https://gitlab.com/gitlab-org/gitlab-ce/commit/83c8241160ed48ab066e2c5bd58d0914a745197c
2018-08-13Add post-deployment migration system (#8182)Eugen Rochko
Adopted from GitLab CE. Generate new migration with: rails g post_deployment_migration name_of_migration_here By default they are run together with db:migrate. To not run them, the env variable SKIP_POST_DEPLOYMENT_MIGRATIONS must be set Code by Yorick Peterse <yorickpeterse@gmail.com>, see also: https://gitlab.com/gitlab-org/gitlab-ce/commit/83c8241160ed48ab066e2c5bd58d0914a745197c
2018-08-10Introduce OAuth scopes for bookmarksThibaut Girka
2018-07-26Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-07-25Add secure option to additional cookie (#8069)abcang
2018-07-09Merge branch 'master' into glitch-soc/tentative-mergeThibaut Girka
Conflicts: README.md app/controllers/statuses_controller.rb app/lib/feed_manager.rb config/navigation.rb spec/lib/feed_manager_spec.rb Conflicts were resolved by taking both versions for each change. This means the two filter systems (glitch-soc's keyword mutes and tootsuite's custom filters) are in place, which will be changed in a follow-up commit.
2018-07-05Add more granular OAuth scopes (#7929)Eugen Rochko
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
2018-06-29Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into ↵MIYAGI Hikaru
`ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address. I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
2018-06-15Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: app/javascript/mastodon/initial_state.js db/schema.rb Upstream added a new field to initial_state. Not too sure about what happened with db/schema.rb though…
2018-06-15Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810)Eugen Rochko
* Add dat:// and gopher:// to URL extractor Fix #6072 * Fix comment indent * Add dweb, ipfs, ipns, ssb
2018-06-15Remove rack-timeout (#7809)Eugen Rochko
Timeout considered harmful due to leaving the app in a broken state, including unreaped database connections
2018-05-27Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: config/locales/ca.yml config/locales/nl.yml config/locales/oc.yml config/locales/pt-BR.yml Resolved conflicts by removing upstream-specific changes
2018-05-26Disable AMS logging (#7623)Eugen Rochko
Especially in production it's just noise and doesn't mix well with the log format
2018-05-18Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-05-18User agent for WebFinger (#7531)MIYAGI Hikaru
* User agent for WebFinger * local_domain → web_domain * 'http' is away accidentally...
2018-05-11Merge branch 'master' into glitch-soc/mergeThibaut Girka
Conflicts: app/controllers/invites_controller.rb app/serializers/initial_state_serializer.rb config/locales/ko.yml
2018-05-11Add REST API for Web Push Notifications subscriptions (#7445)Eugen Rochko
- POST /api/v1/push/subscription - PUT /api/v1/push/subscription - DELETE /api/v1/push/subscription - New OAuth scope: "push" (required for the above methods)
2018-05-10Merge branch 'master' into glitch-soc/masterThibaut Girka
Conflicts: app/models/account.rb app/views/accounts/_header.html.haml
2018-05-07Improve OpenStack v3 compatibility (#7392)Hugo Gameiro
* Update paperclip.rb * Update .env.production.sample * Update paperclip.rb
2018-05-03Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: .travis.yml Gemfile.lock README.md app/controllers/settings/follower_domains_controller.rb app/controllers/statuses_controller.rb app/javascript/mastodon/locales/ja.json app/lib/feed_manager.rb app/models/media_attachment.rb app/models/mute.rb app/models/status.rb app/services/mute_service.rb app/views/home/index.html.haml app/views/stream_entries/_simple_status.html.haml config/locales/ca.yml config/locales/en.yml config/locales/es.yml config/locales/fr.yml config/locales/nl.yml config/locales/pl.yml config/locales/pt-BR.yml config/themes.yml
2018-05-03Add a missing question mark in rack_attack.rb (#7338)Akihiko Odaki
2018-05-03Throttle media post (#7337)Akihiko Odaki
The previous rate limit allowed to post media so fast that it is possible to fill up the disk space even before an administrator notices. The new rate limit is configured so that it takes 24 hours to eat 10 gigabytes: 10 * 1024 / 8 / (24 * 60 / 30) = 27 (which rounded to 30) The period is set long so that it does not prevent from attaching several media to one post, which would happen in a short period. For example, if the period is 5 minutes, the rate limit would be: 10 * 1024 / 8 / (24 * 60 / 5) = 4 This long period allows to lift the limit up.
2018-05-02Slightly reduce RAM usage (#7301)Eugen Rochko
* No need to re-require sidekiq plugins, they are required via Gemfile * Add derailed_benchmarks tool, no need to require TTY gems in Gemfile * Replace ruby-oembed with FetchOEmbedService Reduce startup by 45382 allocated objects * Remove preloaded JSON-LD in favour of caching HTTP responses Reduce boot RAM by about 6 MiB * Fix tests * Fix test suite by stubbing out JSON-LD contexts
2018-04-25HTTP proxy support for outgoing request, manage access to hidden service (#7134)MIYAGI Hikaru
* Add support for HTTP client proxy * Add access control for darknet Supress error when access to darknet via transparent proxy * Fix the codes pointed out * Lint * Fix an omission + lint * any? -> include? * Change detection method to regexp to avoid test fail
2018-04-13Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: Gemfile.lock config/application.rb
2018-04-12Upgrade Rails to version 5.2.0 (#5898)Yamagishi Kazutoshi
2018-04-11Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-04-10Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079)Eugen Rochko
Fix #3565 (oops)
2018-04-10Log rate limit hits (#7096)Eugen Rochko
Fix #7095
2018-04-08Merge remote-tracking branch 'origin/master' into gs-masterDavid Yip
Conflicts: app/serializers/initial_state_serializer.rb The glitch flavour isn't yet pulling custom emoji data on its own (see https://github.com/tootsuite/mastodon/pull/7047). Once that gets into the glitch flavour, we can eliminate the custom_emojis load.
2018-04-07Add a circuit breaker for ActivityPub deliveries (#7053)Eugen Rochko
2018-03-25Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-03-24Revert "Revert "Upgrade Paperclip to version 6.0.0" (#6807)" (#6808)Yamagishi Kazutoshi
This reverts commit 40871caa4b06c7ee1c3b07f439ed984ead295ced.
2018-03-20Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins
2018-03-20Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845)Eugen Rochko
Fix #6816, fix #6790
2018-03-19Merge remote-tracking branch 'tootsuite/master' into glitchsoc/masterJenkins