mastodon/initializers at 011437dcb5c4719ad6627f3a4dc07a5ce1bd9db8 - mastodon - Git

mirrors/mastodon

mirror of https://github.com/mastodon/mastodon.git synced 2025-01-18 08:01:57 +01:00

History

Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626 )

CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.

2018-09-08 23:54:28 +02:00

..

0_post_deployment_migrations.rb

Add post-deployment migration system (#8182 )

2018-08-13 13:40:01 +02:00

active_model_serializers.rb

Disable AMS logging (#7623 )

2018-05-26 01:08:31 +02:00

application_controller_renderer.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00

assets.rb

HTML e-mails for UserMailer (#6256 )

2018-01-16 03:29:11 +01:00

backtrace_silencers.rb

Initial commit

2016-02-20 22:53:20 +01:00

blacklists.rb

Quick best practice cleanup of views/helpers (#1546 )

2017-04-12 18:24:18 +02:00

chewy.rb

Fix #6509 : Use pull queue for chewy jobs (#6513 )

2018-02-20 17:25:16 +01:00

content_security_policy.rb

Upgrade Rails to version 5.2.0 (#5898 )

2018-04-12 14:45:17 +02:00

cookies_serializer.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00

cors.rb

Upgrade Rails to version 5.2.0 (#5898 )

2018-04-12 14:45:17 +02:00

devise.rb

feat(cookies): Use the same-site attribute to lax (#8626 )

2018-09-08 23:54:28 +02:00

doorkeeper.rb

Add more granular OAuth scopes (#7929 )

2018-07-05 18:31:35 +02:00

fast_blank.rb

fix can toot whitespace (#2218 )

2017-04-22 19:48:55 +02:00

filter_parameter_logging.rb

Added optional two-factor authentication

2017-01-27 20:35:16 +01:00

http_client_proxy.rb

Merge HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY into ALLOW_ACCESS_TO_HIDDEN_SERVICE (#7901 )

2018-06-29 15:36:02 +02:00

httplog.rb

Version bumps for ruby and misc gems (#1159 )

2017-04-10 22:47:41 +02:00

inflections.rb

Add ActivityPub inbox (#4216 )

2017-08-08 21:52:15 +02:00

instrumentation.rb

Improve StatsD instrumentation

2017-01-26 19:08:05 +01:00

kaminari_config.rb

adjust public profile pages 2 (#5223 )

2017-10-04 22:49:36 +02:00

mime_types.rb

Set correct content-type for ActivityPub JSON (#4592 )

2017-08-14 04:16:43 +02:00

oj.rb

Remove rabl dependency (#5894 )

2017-12-06 15:04:49 +09:00

omniauth.rb

Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669 )

2018-03-07 06:19:10 +01:00

open_uri_redirection.rb

Federate header images, fix open-uri http->https redirection error

2017-03-18 22:51:20 +01:00

ostatus.rb

enforce LOCAL_HTTPS=true in production (#6061 )

2017-12-22 02:17:59 +01:00

pagination.rb

Pagination improvements (#1445 )

2017-04-11 01:11:41 +02:00

paperclip.rb

Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423 )

2018-08-25 13:27:08 +02:00

premailer_rails.rb

HTML e-mails for UserMailer (#6256 )

2018-01-16 03:29:11 +01:00

rack_attack_logging.rb

Log rate limit hits (#7096 )

2018-04-10 01:20:18 +02:00

rack_attack.rb

Add a missing question mark in rack_attack.rb (#7338 )

2018-05-03 18:51:00 +02:00

redis.rb

Set config.cache_store in environments file. (#3219 )

2017-05-22 15:01:02 +02:00

session_activations.rb

Revocable sessions (#3616 )

2017-06-23 18:50:53 +02:00

session_store.rb

feat(cookies): Use the same-site attribute to lax (#8626 )

2018-09-08 23:54:28 +02:00

sidekiq.rb

Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079 )

2018-04-10 16:08:28 +02:00

simple_form.rb

Improve UI of admin site settings (#4163 )

2017-07-12 03:24:04 +02:00

single_user_mode.rb

Add single user mode

2016-12-06 17:19:26 +01:00

statsd.rb

Allow specifying STATSD_NAMESPACE (#5700 )

2017-11-15 07:22:43 +09:00

stoplight.rb

Add a circuit breaker for ActivityPub deliveries (#7053 )

2018-04-07 21:36:58 +02:00

strong_migrations.rb

Fix migration failure due to StrongMigrations on production env (#5283 )

2017-10-09 10:05:35 +02:00

suppress_csrf_warnings.rb

Suppress CSRF token warnings (#6240 )

2018-01-15 06:51:23 +01:00

trusted_proxies.rb

Fix error

2017-01-22 23:07:31 +01:00

twitter_regex.rb

Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810 )

2018-06-15 20:21:47 +02:00

vapid.rb

Add Rake task for generate VAPID key (#4195 )

2017-07-14 12:13:43 +02:00

wrap_parameters.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00