Age | Commit message (Collapse) | Author |
|
CSFR-prevention is already implemented but adding this doesn't hurt.
A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
|
|
* No need to re-require sidekiq plugins, they are required via Gemfile
* Add derailed_benchmarks tool, no need to require TTY gems in Gemfile
* Replace ruby-oembed with FetchOEmbedService
Reduce startup by 45382 allocated objects
* Remove preloaded JSON-LD in favour of caching HTTP responses
Reduce boot RAM by about 6 MiB
* Fix tests
* Fix test suite by stubbing out JSON-LD contexts
|
|
The cache store is explicitly used by some specs, but they were not
isolated and therefore not reliable. This fixes the issue by clearing
the cache after each specs.
|
|
|
|
|
|
* Fix #4058 - Use a long-lived cookie to keep track of user-level sessions
* Fix tests, smooth migrate from previous session-based identifier
|
|
|
|
* Add overview of active sessions
* Better display of browser/platform name
* Improve how browser information is stored and displayed for sessions overview
* Fix test
|
|
* feat: Revocable sessions
* fix: Tests using sign_in
* feat: Configuration entry for the maximum number of session activations
|
|
|
|
* Dont use raise_error by itself (avoids warning)
* Add coverage for AccountFilter
* Improve coverage and refactor for Subscription#lease_seconds
* Improve coverage and refactor for NotificationMailer
* Simplify assignment of min/max threshold on subscription
|
|
* Make private toots get PuSHed to subscription URLs that belong to domains where you have approved followers
* Authorized followers controller, stub for bulk action
* Soft block in the background
* Add simple test for new controller
* Rename Settings::FollowersController to Settings::FollowerDomainsController, paginate results,
rename "private" post setting to "followers-only", fix pagination style, improve post privacy
preferences style, improve warning style
* Extract compose form warnings into own container, show warning when posting to followers-only with unlocked account
|
|
Devise changed their approach -
https://github.com/plataformatec/devise/commit/3f3ec236bb50a2ae8b0eede90d8f7ecd201d7dbb
This change silences a deprecation warning about `TestHelpers`
|
|
This commit introduces Capybara and the first feature spec.
I focused on coverage for log in for the first feature spec because that would
have prevented 624a9a7136159d460228a0c2f5df18a9ead3b7f2 causing #1236.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
behaviour with Turbolinks enabled, optimizing Rabl for production
|
|
|
|
|
|
|
|
|