Age | Commit message (Collapse) | Author |
|
Fixes #1714
|
|
|
|
|
|
|
|
|
|
|
|
This simplifies the implementation considerably, and while not providing
ideal UX, it's the most flexible approach.
|
|
Upshot of CAPTCHA on e-mail validation is it does not need to break the in-band
registration API.
|
|
This is to avoid apps trying and failing at using the registrations API,
which does not let us require a CAPTCHA and cannot be clearly signaled as
unavailable.
|
|
Fixes #1649
This requires setting `HCAPTCHA_SECRET_KEY` and `HCAPTCHA_SITE_KEY`, then
enabling the admin setting at
`/admin/settings/edit#form_admin_settings_captcha_enabled`
Subsequently, a hCaptcha widget will be displayed on `/about` and
`/auth/sign_up` unless:
- the user is already signed-up already
- the user has used an invite link
- the user has already solved the captcha (and registration failed for another
reason)
The Content-Security-Policy headers are altered automatically to allow the
third-party hCaptcha scripts on `/about` and `/auth/sign_up` following the same
rules as above.
|
|
Conflicts:
- `.env.production.sample`:
Copied upstream changes.
- `app/controllers/settings/identity_proofs_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `app/controllers/well_known/keybase_proof_config_controller.rb`:
Minor conflict due to glitch-soc's extra “enable_keybase” setting.
Upstream removed keybase support altogether, so did the same.
- `lib/mastodon/statuses_cli.rb`:
Minor conflict due to an optimization that wasn't shared between
the two versions. Copied upstream's version.
|
|
|
|
|
|
|
|
|
|
glitch-soc-specific translation to 'es' language
|
|
|
|
|