mastodon/initializers at v2.6.0 - mastodon - Git

mirrors/mastodon

mirror of https://github.com/mastodon/mastodon.git synced 2025-01-10 20:17:08 +01:00

History

Ben Lubar 13e049d772 Allow cross-origin requests to /.well-known/* URLs. (#9083 )

Right now, this includes three endpoints: host-meta, webfinger, and change-password.

host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser.

change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled.

The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.

2018-10-25 03:13:35 +02:00

..

0_post_deployment_migrations.rb

Add post-deployment migration system (#8182 )

2018-08-13 13:40:01 +02:00

1_hosts.rb

Set Content-Security-Policy rules through RoR's config (#8957 )

2018-10-11 20:35:46 +02:00

active_model_serializers.rb

Disable AMS logging (#7623 )

2018-05-26 01:08:31 +02:00

application_controller_renderer.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00

assets.rb

HTML e-mails for UserMailer (#6256 )

2018-01-16 03:29:11 +01:00

backtrace_silencers.rb

Initial commit

2016-02-20 22:53:20 +01:00

blacklists.rb

Quick best practice cleanup of views/helpers (#1546 )

2017-04-12 18:24:18 +02:00

chewy.rb

Fix #6509 : Use pull queue for chewy jobs (#6513 )

2018-02-20 17:25:16 +01:00

content_security_policy.rb

Add manifest_src to CSP, add blob to connect_src (#8967 )

2018-10-12 19:07:30 +02:00

cookies_serializer.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00

cors.rb

Allow cross-origin requests to /.well-known/* URLs. (#9083 )

2018-10-25 03:13:35 +02:00

devise.rb

feat(cookies): Use the same-site attribute to lax (#8626 )

2018-09-08 23:54:28 +02:00

doorkeeper.rb

Add unread indicator to conversations (#9009 )

2018-10-19 01:47:29 +02:00

fast_blank.rb

fix can toot whitespace (#2218 )

2017-04-22 19:48:55 +02:00

ffmpeg.rb

add ffmpeg initializer (#8855 )

2018-10-09 03:02:52 +02:00

filter_parameter_logging.rb

Added optional two-factor authentication

2017-01-27 20:35:16 +01:00

http_client_proxy.rb

lint pass 2 (#8878 )

2018-10-04 17:38:04 +02:00

httplog.rb

Version bumps for ruby and misc gems (#1159 )

2017-04-10 22:47:41 +02:00

inflections.rb

Add ActivityPub inbox (#4216 )

2017-08-08 21:52:15 +02:00

instrumentation.rb

Improve StatsD instrumentation

2017-01-26 19:08:05 +01:00

kaminari_config.rb

adjust public profile pages 2 (#5223 )

2017-10-04 22:49:36 +02:00

mime_types.rb

Set correct content-type for ActivityPub JSON (#4592 )

2017-08-14 04:16:43 +02:00

oj.rb

Remove rabl dependency (#5894 )

2017-12-06 15:04:49 +09:00

omniauth.rb

lint pass 2 (#8878 )

2018-10-04 17:38:04 +02:00

open_uri_redirection.rb

rubocop issues - Cleaning up (#8912 )

2018-10-08 04:50:11 +02:00

pagination.rb

Pagination improvements (#1445 )

2017-04-11 01:11:41 +02:00

paperclip.rb

Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423 )

2018-08-25 13:27:08 +02:00

premailer_rails.rb

HTML e-mails for UserMailer (#6256 )

2018-01-16 03:29:11 +01:00

rack_attack_logging.rb

Log rate limit hits (#7096 )

2018-04-10 01:20:18 +02:00

rack_attack.rb

lint pass 2 (#8878 )

2018-10-04 17:38:04 +02:00

redis.rb

Set config.cache_store in environments file. (#3219 )

2017-05-22 15:01:02 +02:00

session_activations.rb

Revocable sessions (#3616 )

2017-06-23 18:50:53 +02:00

session_store.rb

feat(cookies): Use the same-site attribute to lax (#8626 )

2018-09-08 23:54:28 +02:00

sidekiq.rb

lint pass 2 (#8878 )

2018-10-04 17:38:04 +02:00

simple_form.rb

Redesign forms, verify link ownership with rel="me" (#8703 )

2018-09-18 16:45:58 +02:00

single_user_mode.rb

Add single user mode

2016-12-06 17:19:26 +01:00

statsd.rb

Fix that Rails.cache information could not be sent via StatsD (#8831 )

2018-09-30 00:05:59 +02:00

stoplight.rb

Add a circuit breaker for ActivityPub deliveries (#7053 )

2018-04-07 21:36:58 +02:00

strong_migrations.rb

Fix migration failure due to StrongMigrations on production env (#5283 )

2017-10-09 10:05:35 +02:00

suppress_csrf_warnings.rb

Suppress CSRF token warnings (#6240 )

2018-01-15 06:51:23 +01:00

trusted_proxies.rb

Fix error

2017-01-22 23:07:31 +01:00

twitter_regex.rb

Lint pass (#8876 )

2018-10-04 12:36:53 +02:00

vapid.rb

Lint pass (#8876 )

2018-10-04 12:36:53 +02:00

wrap_parameters.rb

Upgrade to Rails 5.0.0.1

2016-08-17 17:58:00 +02:00