mastodon

Author	SHA1	Message	Date
Claire	49407e7623	Fix Content-Security-Policy when using sso-redirect (#32241 )	2024-10-04 08:50:36 +00:00
Renaud Chaput	3dc4ddc663	Fix search params being dropped when redirected to non-deck path (#31984 )	2024-09-25 13:35:37 +00:00
Claire	a496aeabcb	Change form-action Content-Security-Policy directive to be more restrictive (#26897 )	2024-09-12 13:24:19 +00:00
Matt Jankowski	7efe0bde9d	Add `have_http_link_header` matcher and set header values as strings (#31010 )	2024-09-05 20:05:38 +00:00
Claire	2ec1181ee5	Fix contrast between background and form elements on some pages (#31266 )	2024-08-02 13:55:31 +00:00
Matt Jankowski	85d9053b36	Move `pagination_params` into `API::BaseController` (#28845 )	2024-05-30 14:56:48 +00:00
Matt Jankowski	65e82211cd	Rename `cache_` methods to `preload_` in controller concern (#30209 )	2024-05-16 08:03:46 +00:00
Matt Jankowski	1d3ecd3fba	Add `API::Pagination` concern (#28826 )	2024-04-17 09:22:45 +00:00
Claire	babbf6017d	Remove caching in `cache_collection` (#29862 )	2024-04-08 13:46:13 +00:00
Matt Jankowski	edde54e991	Update stoplight to version 4.1.0 (#28366 )	2024-04-02 15:47:40 +00:00
Matt Jankowski	f9100743ec	Add `Api::ErrorHandling` concern for api/base controller (#29574 )	2024-03-14 09:09:47 +00:00
Claire	7efc33b909	Move HTTP Signature parsing code to its own class (#28932 )	2024-02-07 13:35:37 +00:00
Claire	1726085db5	Merge pull request from GHSA-3fjr-858r-92rw * Fix insufficient origin validation * Bump version to 4.3.0-alpha.1	2024-02-01 15:56:46 +01:00
Eugen Rochko	b19ae521b7	Add confirmation when redirecting logged-out requests to permalink (#27792 ) Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2024-01-24 10:49:19 +00:00
Claire	3593ee2e36	Add rate-limit of TOTP authentication attempts at controller level (#28801 )	2024-01-19 12:19:49 +00:00
Jean Boussier	5a6d533c53	Enable Rails 7.1 Marshalling format (#28609 )	2024-01-05 21:57:47 +00:00
Claire	092bb8a27a	Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476 )	2024-01-03 11:29:26 +00:00
Claire	963354978a	Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases (#28053 )	2023-11-30 15:43:26 +00:00
Matt Jankowski	1f1c75bba5	File cleanup/organization in `controllers/concerns` (#27846 )	2023-11-30 14:39:41 +00:00
Matt Jankowski	291dc04e67	Remove un-needed `action` and `template` options to `render` in controllers (#28022 )	2023-11-29 10:38:05 +00:00
Matt Jankowski	d562fb8459	Specs for minimal CSP policy in `Api::` controllers (#27845 )	2023-11-14 14:34:30 +00:00
Ricardo Trindade	33f8c1c5eb	Remove version check from update cache_concern.rb (#27592 )	2023-10-30 14:04:12 +00:00
Claire	379115e601	Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439 )	2023-10-23 15:46:21 +00:00
Matt Jankowski	d4c2dca874	Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… (#27372 )	2023-10-12 09:44:20 +02:00
Claire	40ba6e119b	Fix Vary headers not being set on some redirects (#27272 )	2023-10-05 09:50:08 +02:00
Matt Jankowski	340f1a68be	Simplify instance presenter view access (#26046 )	2023-09-28 16:52:37 +02:00
CSDUMMI	9a70cac9de	Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857 )	2023-09-12 13:04:51 +02:00
Claire	09ec9c6aa5	Downgrade signature verification debug logging from `warn` to `debug` (#26812 )	2023-09-06 12:17:22 +02:00
Claire	25bf640629	Add debug logging on signature verification failure (#26637 )	2023-08-29 10:29:07 +02:00
Claire	8b37dd2c86	Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388 )	2023-08-08 15:41:38 +02:00
CSDUMMI	120f5802c0	Add direct link to the Single-Sign On provider if there is only one sign up method available (#26083 )	2023-08-03 16:43:15 +02:00
Emelia Smith	e258b4cb64	Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252 )	2023-08-02 19:32:48 +02:00
Matt Jankowski	2e1391fdd2	Fix `Naming/MemoizedInstanceVariableName` cop (#25928 )	2023-07-12 10:08:51 +02:00
Matt Jankowski	5134fc65e2	Fix `Naming/AccessorMethodName` cop (#25924 )	2023-07-12 10:03:19 +02:00
Eugen Rochko	39110d1d0a	Fix CAPTCHA page not following design pattern of sign-up flow (#25395 )	2023-06-13 22:30:40 +02:00
Claire	bec6a1cad4	Add hCaptcha support (#25019 )	2023-05-16 23:27:35 +02:00
Nick Schonning	d5a185d721	Autofix Rubocop Style/CaseLikeIf (#23756 )	2023-05-04 05:51:18 +02:00
Matt Jankowski	668a19a2f3	Fix Performance/DeletePrefix cop (#24796 )	2023-05-02 21:07:45 +02:00
Claire	b0bf6216e6	Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662 )	2023-04-26 11:42:47 +02:00
Claire	276c39361b	Fix anonymous visitors getting a session cookie on first visit (#24584 )	2023-04-25 16:51:38 +02:00
Eugen Rochko	6084461cd0	Change unauthenticated responses to be cached in REST API (#24348 )	2023-04-25 15:41:34 +02:00
Claire	58a1b2e330	Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604 )	2023-04-23 22:27:24 +02:00
Eugen Rochko	e98c86050a	Refactor `Cache-Control` and `Vary` definitions (#24347 )	2023-04-19 16:07:29 +02:00
Matt Jankowski	0663803348	Move link header setting to after_action (#24251 )	2023-03-26 00:40:01 +01:00
Claire	2626097869	Fix Rails cache namespace being overriden with `v2` for cached statuses (#24202 )	2023-03-22 15:47:44 +01:00
Jean byroot Boussier	160f38f03d	Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142 ) Co-authored-by: Jean Boussier <jean.boussier@gmail.com>	2023-03-17 14:37:30 +01:00
Nick Schonning	25d36b6edd	Autofix Rubocop Style/RedundantArgument (#23798 )	2023-03-16 10:34:00 +09:00
Nick Schonning	717683d1c3	Autofix Rubocop remaining Layout rules (#23679 )	2023-02-20 06:58:28 +01:00
Nick Schonning	aef0051fd0	Enable Rubocop HTTP status rules (#23717 )	2023-02-20 11:16:40 +09:00
Nick Schonning	2177daeae9	Autofix Rubocop Style/RedundantBegin (#23703 )	2023-02-19 07:09:40 +09:00

1 2 3 4

161 Commits