From b46b7c3d5e4e932d61d74418957c824ce7c5f9f7 Mon Sep 17 00:00:00 2001 From: prplecake Date: Mon, 14 Nov 2022 20:22:38 -0600 Subject: Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606) * Add "unsafe-eval" to script-src CSP * Use 'unsafe-wasm-eval' instead of 'unsafe-eval' --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/initializers') diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index be4ef50fc..0212b9d95 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p| p.worker_src :self, :blob, assets_host else p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url - p.script_src :self, assets_host, :unsafe_eval + p.script_src :self, assets_host, "'unsafe-wasm-eval'" p.child_src :self, :blob, assets_host p.worker_src :self, :blob, assets_host end -- cgit From 43b0b2f3f477e5eac9e135ea28af95484ecc63f0 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 15 Nov 2022 03:39:06 +0100 Subject: Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729) --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config/initializers') diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 0212b9d95..6b62e6f33 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p| p.worker_src :self, :blob, assets_host else p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url - p.script_src :self, assets_host, "'unsafe-wasm-eval'" + p.script_src :self, assets_host, "'wasm-unsafe-eval'" p.child_src :self, :blob, assets_host p.worker_src :self, :blob, assets_host end -- cgit From 8c56441b4a52f23d4793f35fdf27a815cced0d61 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 16 Nov 2022 16:28:48 +0100 Subject: Add form-action CSP directive (#1948) --- config/initializers/content_security_policy.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'config/initializers') diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 0174e0636..ce8aa7af2 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -41,6 +41,7 @@ if Rails.env.production? p.worker_src :self, :blob, assets_host p.connect_src :self, :blob, :data, Rails.configuration.x.streaming_api_base_url, *data_hosts p.manifest_src :self, assets_host + p.form_action :self end end -- cgit From a2931d19ae93ff4f465ac9e328abd63748daa905 Mon Sep 17 00:00:00 2001 From: trwnh Date: Thu, 17 Nov 2022 03:50:21 -0600 Subject: Add missing admin scopes (fix #20892) (#20918) --- config/initializers/doorkeeper.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'config/initializers') diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 84b649f5c..43aac5769 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -98,9 +98,19 @@ Doorkeeper.configure do :'admin:read', :'admin:read:accounts', :'admin:read:reports', + :'admin:read:domain_allows', + :'admin:read:domain_blocks', + :'admin:read:ip_blocks', + :'admin:read:email_domain_blocks', + :'admin:read:canonical_email_blocks', :'admin:write', :'admin:write:accounts', :'admin:write:reports', + :'admin:write:domain_allows', + :'admin:write:domain_blocks', + :'admin:write:ip_blocks', + :'admin:write:email_domain_blocks', + :'admin:write:canonical_email_blocks', :crypto # Change the way client credentials are retrieved from the request object. -- cgit From 7955d4b9592a099a8da3374175461b3aa3057c61 Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 17 Nov 2022 10:55:03 +0100 Subject: Add form-action CSP directive (#20781) --- config/initializers/content_security_policy.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'config/initializers') diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 6b62e6f33..cb5629337 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -26,6 +26,7 @@ Rails.application.config.content_security_policy do |p| p.media_src :self, :https, :data, assets_host p.frame_src :self, :https p.manifest_src :self, assets_host + p.form_action :self if Rails.env.development? webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" } -- cgit From d587a268fdcee4ab8795fe4f03dff683e668ae15 Mon Sep 17 00:00:00 2001 From: Claire Date: Sun, 27 Nov 2022 20:37:37 +0100 Subject: Add logging for Rails cache timeouts (#21667) * Reduce redis cache store connect timeout from default 20 seconds to 5 seconds * Log cache store errors --- config/initializers/cache_logging.rb | 3 +++ lib/mastodon/redis_config.rb | 1 + 2 files changed, 4 insertions(+) create mode 100644 config/initializers/cache_logging.rb (limited to 'config/initializers') diff --git a/config/initializers/cache_logging.rb b/config/initializers/cache_logging.rb new file mode 100644 index 000000000..08aa80742 --- /dev/null +++ b/config/initializers/cache_logging.rb @@ -0,0 +1,3 @@ +# Log cache errors with Rail's logger +# This used to be the default in old Rails versions: https://github.com/rails/rails/commit/7fcf8590e788cef8b64cc266f75931c418902ca9#diff-f0748f0be8a653eea13369ebb1cadabcad71ede7cfaf20282447e64329817befL86 +Rails.cache.logger = Rails.logger diff --git a/lib/mastodon/redis_config.rb b/lib/mastodon/redis_config.rb index 98dc4788d..3522fa11e 100644 --- a/lib/mastodon/redis_config.rb +++ b/lib/mastodon/redis_config.rb @@ -37,6 +37,7 @@ REDIS_CACHE_PARAMS = { namespace: cache_namespace, pool_size: Sidekiq.server? ? Sidekiq.options[:concurrency] : Integer(ENV['MAX_THREADS'] || 5), pool_timeout: 5, + connect_timeout: 5, }.freeze REDIS_SIDEKIQ_PARAMS = { -- cgit