Commit Graph

161 Commits (51769e06708f79a485c444d139cbdbdd7249b0cb)

Author SHA1 Message Date
Claire 49407e7623
Fix Content-Security-Policy when using sso-redirect ()
Renaud Chaput 3dc4ddc663
Fix search params being dropped when redirected to non-deck path ()
Claire a496aeabcb
Change form-action Content-Security-Policy directive to be more restrictive ()
Matt Jankowski 7efe0bde9d
Add `have_http_link_header` matcher and set header values as strings ()
Claire 2ec1181ee5
Fix contrast between background and form elements on some pages ()
Matt Jankowski 85d9053b36
Move `pagination_params` into `API::BaseController` ()
Matt Jankowski 65e82211cd
Rename `cache_*` methods to `preload_*` in controller concern ()
Matt Jankowski 1d3ecd3fba
Add `API::Pagination` concern ()
Claire babbf6017d
Remove caching in `cache_collection` ()
Matt Jankowski edde54e991
Update stoplight to version 4.1.0 ()
Matt Jankowski f9100743ec
Add `Api::ErrorHandling` concern for api/base controller ()
Claire 7efc33b909
Move HTTP Signature parsing code to its own class ()
Claire 1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
Eugen Rochko b19ae521b7
Add confirmation when redirecting logged-out requests to permalink ()
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Claire 3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level ()
Jean Boussier 5a6d533c53
Enable Rails 7.1 Marshalling format ()
Claire 092bb8a27a
Fix Mastodon not correctly processing HTTP Signatures with query strings ()
Claire 963354978a
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases ()
Matt Jankowski 1f1c75bba5
File cleanup/organization in `controllers/concerns` ()
Matt Jankowski 291dc04e67
Remove un-needed `action` and `template` options to `render` in controllers ()
Matt Jankowski d562fb8459
Specs for minimal CSP policy in `Api::` controllers ()
Ricardo Trindade 33f8c1c5eb
Remove version check from update cache_concern.rb ()
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background ()
Matt Jankowski d4c2dca874
Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… ()
Claire 40ba6e119b
Fix Vary headers not being set on some redirects ()
Matt Jankowski 340f1a68be
Simplify instance presenter view access ()
CSDUMMI 9a70cac9de
Fix by adding the domain of the current SSO provider to the form-action CSP ()
Claire 09ec9c6aa5
Downgrade signature verification debug logging from `warn` to `debug` ()
Claire 25bf640629
Add debug logging on signature verification failure ()
Claire 8b37dd2c86
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts ()
CSDUMMI 120f5802c0
Add direct link to the Single-Sign On provider if there is only one sign up method available ()
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode ()
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop ()
Matt Jankowski 5134fc65e2
Fix `Naming/AccessorMethodName` cop ()
Eugen Rochko 39110d1d0a
Fix CAPTCHA page not following design pattern of sign-up flow ()
Claire bec6a1cad4
Add hCaptcha support ()
Nick Schonning d5a185d721
Autofix Rubocop Style/CaseLikeIf ()
Matt Jankowski 668a19a2f3
Fix Performance/DeletePrefix cop ()
Claire b0bf6216e6
Fix /api/v1/instance/domain_blocks being unconditionally cached ()
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit ()
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API ()
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature ()
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions ()
Matt Jankowski 0663803348
Move link header setting to after_action ()
Claire 2626097869
Fix Rails cache namespace being overriden with `v2` for cached statuses ()
Jean byroot Boussier 160f38f03d
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 ()
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
Nick Schonning 25d36b6edd
Autofix Rubocop Style/RedundantArgument ()
Nick Schonning 717683d1c3
Autofix Rubocop remaining Layout rules ()
Nick Schonning aef0051fd0
Enable Rubocop HTTP status rules ()
Nick Schonning 2177daeae9
Autofix Rubocop Style/RedundantBegin ()