mastodon

mirror of https://github.com/mastodon/mastodon.git synced 2024-10-17 03:48:35 +02:00

Author	SHA1	Message	Date
Matt Jankowski	e56fb9e489	Fix `Style/SymbolProc` cop (#28386 )	2023-12-18 09:32:02 +00:00
Matt Jankowski	e5717c9bc6	Fix `Style/Lambda` cop (#28378 )	2023-12-15 14:34:24 +00:00
Matt Jankowski	1ee8d1e50e	Assign a proc to `Rack::Request.ip_filter` instead of patching method (#28380 )	2023-12-15 14:33:56 +00:00
Claire	f37c93f3d7	Change cookie rotator to use SHA1 digest for new cookies (#27392 )	2023-12-12 12:01:08 +00:00
Matt Jankowski	42afd30324	Replace Sprockets with Propshaft (#28239 )	2023-12-06 10:19:24 +00:00
Matt Jankowski	a8473f582d	Add zeitwerk inflector for cli->CLI (#27635 )	2023-11-30 13:55:20 +00:00
Claire	85662a5a57	Change `img-src` and `media-src` CSP directives to not include `https:` (#28025 )	2023-11-30 13:47:01 +00:00
Matt Jankowski	31bef99b9e	Move lib/mastodon/premailer_webpack_strategy to lib/ (#27636 )	2023-11-29 10:08:55 +00:00
Matt Jankowski	9429e30d75	Disable sidekiq unique jobs in test env (#27737 )	2023-11-09 16:19:04 +00:00
Matt Jankowski	c875dfc90b	Fix `Lint/UnusedBlockArgument` cop (#27777 )	2023-11-09 09:43:26 +00:00
Matt Jankowski	33cc3ae8fa	Fix `Style/StabbyLambdaParentheses` cop (#27771 )	2023-11-08 12:01:18 +00:00
Matt Jankowski	02d27de5ce	Move i18n locale configuration to separate initializer (#27571 )	2023-11-07 15:22:14 +00:00
Matt Jankowski	d6f50839e1	Fix `RSpec/SpecFilePathFormat` cops (#27730 )	2023-11-06 16:25:40 +00:00
Matt Jankowski	7ef56d6e50	Move json_ld context loaders to `config/initializers` (#27590 )	2023-10-31 15:21:23 +00:00
Matt Jankowski	3107a9410c	Silence deprecation warning about secrets/credentials with Devise patch (#27578 )	2023-10-31 11:10:15 +00:00
Matt Jankowski	eae5c7334a	Extract class from CSP configuration/initialization (#26905 )	2023-10-27 16:20:40 +00:00
Matt Jankowski	4aa05d45fc	Capture minimum postgres version 12 (#27528 )	2023-10-26 20:35:15 +00:00
Matt Jankowski	9a3d047f3e	Run `bin/rails app:update` with Rails 7.1 (#27522 )	2023-10-25 13:56:09 +00:00
Claire	379115e601	Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439 )	2023-10-23 15:46:21 +00:00
Claire	c3e0eb3699	Change Content-Security-Policy to be tighter on media paths (#26889 )	2023-10-23 14:27:07 +02:00
Matt Jankowski	bcd0171e5e	Fix `Lint/UselessAssignment` cop (#27472 )	2023-10-19 16:55:06 +02:00
Wladimir Palant	23f8e93c64	Fixes #23135 - Allow cross origin request for /nodeinfo/2.0 API (#27413 )	2023-10-16 13:39:25 +02:00
Renaud Chaput	e0da64bb4e	Fix empty ENV variables not using default nil value (#27400 )	2023-10-13 19:00:53 +02:00
Nick Schonning	85db392464	Autofix Rubocop cops for config/ (#24145 )	2023-10-03 15:24:12 +02:00
Matt Jankowski	56c0babc0b	Fix rubocop `Layout/ArgumentAlignment` cop (#26060 )	2023-09-28 15:48:47 +02:00
Claire	8acc75435b	Change S3 checksum mode to be disabled by default (#27007 )	2023-09-21 14:00:51 +02:00
Claire	a04ae16201	Fix CSP when using `ONE_CLICK_SSO_LOGIN` (#26901 )	2023-09-13 19:54:04 +02:00
CSDUMMI	9a70cac9de	Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857 )	2023-09-12 13:04:51 +02:00
Christian Schmidt	ea31929776	Fix invalid Content-Type header for WebP images (#26773 )	2023-09-04 09:46:33 +02:00
Claire	9e26cd5503	Add `authorized_fetch` server setting in addition to env var (#25798 )	2023-09-01 15:41:10 +02:00
Christian Schmidt	286a21afdc	Support webpacker live-reloading on Docker (#26419 )	2023-08-29 10:17:57 +02:00
Renaud Chaput	b95867ad1f	Allow setting a custom HTTP method in CacheBuster (#26528 ) Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com>	2023-08-18 08:18:40 +02:00
Claire	dd049fc37a	Fix ES_PRESET not being applied to Chewy's internal index (#26489 )	2023-08-14 19:00:56 +02:00
Claire	f5778caa3a	Add `ES_PRESET` option to customize numbers of shards and replicas (#26483 ) Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>	2023-08-14 17:46:16 +02:00
Claire	4bc0dd751c	Add `S3_DISABLE_CHECKSUM_MODE` environment variable for compatibility with some S3-compatible providers (#26435 )	2023-08-10 14:15:18 +02:00
Claire	12c43e4ab5	Re-add StatsD support through the `nsa` gem (#26310 )	2023-08-03 20:28:14 +02:00
Emelia Smith	e258b4cb64	Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252 )	2023-08-02 19:32:48 +02:00
Matt Jankowski	ad81be6c8e	Update rubocop rules for linelength (#26190 )	2023-07-28 23:11:45 +02:00
Matt Jankowski	bada7a65aa	Ignore long line in regex initializer (#26182 )	2023-07-26 09:45:27 +02:00
Claire	e5f1000ad1	Fix CSP headers being unintendedly wide (#26105 )	2023-07-21 13:34:15 +02:00
Claire	934c7b33d1	Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades (#26023 )	2023-07-21 13:17:43 +02:00
Misty De Méo	b848ba3867	Paperclip: add support for Azure blob storage (#23607 )	2023-07-19 09:02:49 +02:00
Matt Jankowski	ce43ed144c	Rails 7.0 update (#25668 )	2023-07-13 09:36:07 +02:00
Matt Jankowski	2e1391fdd2	Fix `Naming/MemoizedInstanceVariableName` cop (#25928 )	2023-07-12 10:08:51 +02:00
Nick Schonning	1d557305d2	Enable Rubocop Style/FrozenStringLiteralComment (#23793 )	2023-07-12 09:47:08 +02:00
Kurtis Rainbolt-Greene	e4cfe4b3db	First pass at multi-database for read replica using Rails native adapter (#25693 ) Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>	2023-07-08 19:45:36 +02:00
Claire	dc8f1fbd97	Merge pull request from GHSA-9928-3cp5-93fm * Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged	2023-07-06 15:05:05 +02:00
Eugen Rochko	ba06a2f104	Revert "Rails 7 update" (#25667 )	2023-07-02 11:14:22 +02:00
Matt Jankowski	50c2a03695	Rails 7 update (#24241 )	2023-07-02 10:38:53 +02:00
Claire	f378f10404	Fix compatibility of recent migration with PostgreSQL 10 (#25324 )	2023-06-07 01:53:50 +02:00
Nick Schonning	c66250abf1	Autofix Rubocop Regex Style rules (#23690 ) Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2023-06-06 14:50:51 +02:00
Claire	e428670e61	Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273 )	2023-06-05 17:35:05 +02:00
Matt Jankowski	e49819142f	Remove unmaintained `nsa` gem (#25265 )	2023-06-05 01:57:05 +02:00
Claire	94329f28e1	Change wording of “Content cache retention period” setting to highlight destructive implications (#23261 )	2023-06-02 18:09:08 +02:00
Renaud Chaput	942d850b0a	Allow carets in URL search params (#25216 )	2023-06-01 12:14:49 +02:00
Nick Schonning	c0b9664a31	Autofix Rubocop spacing in config (#25022 )	2023-05-22 13:17:56 +02:00
Nick Schonning	cee4369cf5	Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#25002 )	2023-05-16 10:51:59 +02:00
Matt Jankowski	d9a958fcf7	Fix Performance/RedundantMerge cop (#24817 )	2023-05-04 05:25:43 +02:00
Matt Jankowski	d902a707a3	Fix Rails/CompactBlank cop (#24690 )	2023-04-30 14:07:21 +02:00
Matt Jankowski	5a2aa06a51	Fix Rails/Present cop (#24688 )	2023-04-30 06:47:50 +02:00
Nick Schonning	49fad26eca	Drop EOL Ruby 2.7 (#24237 )	2023-04-27 01:46:18 +02:00
Nick Schonning	4687967176	Autofix Rubocop Style/NumericLiterals (#24468 )	2023-04-23 22:30:07 +02:00
Claire	5c499f54e3	Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327 )	2023-04-03 15:05:39 +02:00
Nick Schonning	500d6f93be	Autofix Rubocop Style/IdenticalConditionalBranches (#24322 )	2023-03-31 09:33:52 +02:00
Eugen Rochko	a9b5598c97	Change user settings to be stored in a more optimal way (#23630 ) Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2023-03-30 14:44:00 +02:00
Claire	e084b5b82d	Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200 )	2023-03-27 17:07:37 +02:00
Claire	f432db7b9f	Fix sidekiq jobs not triggering Elasticsearch index updates (#24046 )	2023-03-12 23:47:55 +01:00
Jean byroot Boussier	922837dc96	Upgrade to latest redis-rb 4.x and fix deprecations (#23616 ) Co-authored-by: Jean Boussier <jean.boussier@gmail.com>	2023-03-04 16:38:28 +01:00
Jamie Hoyle	de137e6bb0	Added support for specifying S3 storage classes in environment (#22480 )	2023-03-03 20:53:37 +01:00
Eugen Rochko	c6ef56fd5e	Change rate limits to 1,500/5m per user, 300/5m per app (#23347 )	2023-02-02 00:07:49 +01:00
luzpaz	596923da4a	Fix typos in source documentation (#21046 ) Fixed 2 source comment/documentation typos	2022-12-15 15:57:26 +01:00
Claire	d587a268fd	Add logging for Rails cache timeouts (#21667 ) * Reduce redis cache store connect timeout from default 20 seconds to 5 seconds * Log cache store errors	2022-11-27 20:37:37 +01:00
Claire	7955d4b959	Add form-action CSP directive (#20781 )	2022-11-17 10:55:03 +01:00
trwnh	a2931d19ae	Add missing admin scopes (fix #20892 ) (#20918 )	2022-11-17 10:50:21 +01:00
Eugen Rochko	43b0b2f3f4	Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729 )	2022-11-15 03:39:06 +01:00
prplecake	b46b7c3d5e	Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606 ) * Add "unsafe-eval" to script-src CSP * Use 'unsafe-wasm-eval' instead of 'unsafe-eval'	2022-11-15 03:22:38 +01:00
Eugen Rochko	21fd25a269	Fix rate limiting for paths with formats (#20675 )	2022-11-14 20:26:31 +01:00
Matt Corallo	9d039209cc	Add `Cache-Control` header to openstack-stored files (#20610 ) When storing files in S3, paperclip is configured with a Cache-Control header indicating the file is immutable, however no such header was added when using OpenStack storage. Luckily Paperclip's fog integration makes this trivial, with a simple `fog_file` `Cache-Control` default doing the trick.	2022-11-14 05:26:49 +01:00
David Hewitt	290d78cea4	Allow unsetting x-amz-acl S3 Permission headers (#20510 ) Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent. This is tested as working with Cloudflare R2.	2022-11-13 06:57:10 +01:00
prplecake	aafbc82d88	Add "unsafe-eval" to script-src CSP (#18817 )	2022-10-26 19:23:16 +02:00
Eugen Rochko	bf0ab3e0fa	Fix vacuum scheduler missing lock, locks never expiring (#19458 ) Remove vacuuming of orphaned preview cards	2022-10-26 12:10:48 +02:00
Eugen Rochko	0d6b878808	Add user content translations with configurable backends (#19218 )	2022-09-23 23:00:12 +02:00
Eugen Rochko	546672e292	Change "Allow trends without prior review" setting to include statuses (#17977 ) * Change "Allow trends without prior review" setting to include posts * Fix i18n-tasks	2022-08-28 04:00:39 +02:00
Jeong Arm	861b35dd54	Support "http_hidden_proxy" ENV var for hidden service only proxy (#18427 ) * Support "http_hidden_proxy" ENV var for hidden service only proxy * Fallback to http_proxy if http_hidden_proxy is not set	2022-08-25 04:41:14 +02:00
Eugen Rochko	e7aa2be828	Change how hashtags are normalized (#18795 ) * Change how hashtags are normalized * Fix tests	2022-07-13 15:03:28 +02:00
Claire	ae4f068a84	Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored (#18568 )	2022-06-01 19:22:55 +02:00
Eugen Rochko	96129c2f10	Fix confirmation redirect to app without `Location` header (#18523 )	2022-05-26 22:03:54 +02:00
Eugen Rochko	679b7158e3	Change search indexing to use batches to minimize resource usage (#18451 )	2022-05-18 23:29:14 +02:00
Eugen Rochko	7b0fe4aef9	Fix opening and closing Redis connections instead of using a pool (#18171 ) * Fix opening and closing Redis connections instead of using a pool * Fix Redis connections not being returned to the pool in CLI commands	2022-04-29 22:43:07 +02:00
Claire	8284110c55	Fix stoplight not using REDIS_NAMESPACE (#18160 )	2022-04-28 18:11:31 +02:00
Eugen Rochko	3917353645	Fix single Redis connection being used across all threads (#18135 ) * Fix single Redis connection being used across all Sidekiq threads * Fix tests	2022-04-28 17:47:34 +02:00
Eugen Rochko	6e418bf346	Fix cookies secure flag being set when served over Tor (#17992 )	2022-04-08 12:47:18 +02:00
Holger	39b489ba4c	fix: `s3_force_single_request` not parsed (#17922 )	2022-04-01 23:56:23 +02:00
Eugen Rochko	cefa526c6d	Refactor formatter (#17828 ) * Refactor formatter * Move custom emoji pre-rendering logic to view helpers * Move more methods out of Formatter * Fix code style issues * Remove Formatter * Add inline poll options to RSS feeds * Remove unused helper method * Fix code style issues * Various fixes and improvements * Fix test	2022-03-26 02:53:34 +01:00
Claire	895212bb2f	Fix PgHero suggesting migrations (#17807 ) * Fix PgHero suggesting migrations Fixes #17768 * Keep migration suggestions in development env	2022-03-15 20:27:49 +01:00
Yamagishi Kazutoshi	eb9a7e3626	Fix LetterOpennerWeb CSP (#17770 )	2022-03-14 19:20:40 +01:00
dependabot[bot]	46ad7fea9d	Bump rack-attack from 6.5.0 to 6.6.0 (#17405 ) * Bump rack-attack from 6.5.0 to 6.6.0 Bumps [rack-attack](https://github.com/rack/rack-attack) from 6.5.0 to 6.6.0. - [Release notes](https://github.com/rack/rack-attack/releases) - [Changelog](https://github.com/rack/rack-attack/blob/master/CHANGELOG.md) - [Commits](https://github.com/rack/rack-attack/compare/v6.5.0...v6.6.0) --- updated-dependencies: - dependency-name: rack-attack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix usage of deprecated API Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>	2022-03-12 09:23:53 +01:00
chandrn7	a6ed6845c9	Allow login through OpenID Connect (#16221 ) * added OpenID Connect as an SSO option * minor fixes * added comments, removed an option that shouldn't be set * fixed Gemfile.lock * added newline to end of Gemfile.lock * removed tab from Gemfile.lock * remove chomp * codeclimate changes and small name change to make function's purpose clearer * codeclimate fix * added SSO buttons to /about page * minor refactor * minor style change * removed spurious change * removed unecessary conditional from ensure_valid_username and added support for auth.info.name in user_params_from_auth * minor changes	2022-03-09 12:07:35 +01:00
Josh Soref	b5329e0035	Spelling (#17705 ) * spelling: account Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: affiliated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: appearance Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: autosuggest Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: cacheable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: component Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: conversations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: domain.example Clarify what's distinct and use RFC friendly domain space. Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: environment Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: exceeds Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: functional Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: inefficiency Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: not Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: notifications Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: occurring Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: position Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: progress Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: promotable Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: reblogging Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: repetitive Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: resolve Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: saturated Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: similar Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: strategies Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: success Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: targeting Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: thumbnails Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unauthorized Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: unsensitizes Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: validations Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * spelling: various Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>	2022-03-06 22:51:40 +01:00
luzpaz	73f5e4a1d9	Fix various typos (#17621 ) Found via `codespell -q 3 -S ./CHANGELOG.md,./AUTHORS.md,./config/locales,./app/javascript/mastodon/locales -L ba,keypair,medias,ro`	2022-02-22 20:14:17 +01:00

1 2 3 4 5 ...

503 Commits