aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,296 Commits
135 Branches
278 Tags
1.0 GiB
Commit Graph

6 Commits (7d9a8c959692fb7121d154412312a7f8e3005186)

Author SHA1 Message Date
Claire 3fa0dd0b88
Merge pull request from GHSA-c2r5-cfqr-c553 
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
Eugen Rochko 6e418bf346
Fix cookies secure flag being set when served over Tor ()
Justin Tracey c9e8e1739c
replace all instances of "ends_with?" with "end_with?" () 
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
Justin Tracey 3f8523130d
use host instead of headers to make Rack happy () 
"headers" is provided by Rails, Rack can't rely on it
Cecylia Bocovich 3447bd2f80
Monkey patch Rack::Session to send secure cookies to onions ()
Claire 21fb3f3684
Drop dependency on secure_headers, fix response headers () 
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch