aiden
/
mastodon
mirror of https://github.com/mastodon/mastodon
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,874 Commits
144 Branches
281 Tags
1.0 GiB
Commit Graph

514 Commits (fa2e7b1708385c4277a67f04e540cc39fc661390)

Author SHA1 Message Date
Claire 8125dae5a8
Rename `ES_CA_CERT` to `ES_CA_FILE` for consistency ()
Claire 2912829411
Add support for specifying custom CA cert for Elasticsearch ()
Claire 64300e0fe3
Fix self-destruct schedule not actually replacing initial schedule ()
Matt Jankowski c523a9601b
Rename local webpack* var in development env CSP config ()
Matt Jankowski 0ce081fe49
Remove monkey patch in favor of supported Devise config value ()
HTeuMeuLeu 7f471e70c0
Update new email templates () 
Co-authored-by: Matt Jankowski <matt@jankowski.online>
Matt Jankowski 4e02838832
Enable "low risk" Rails 7.1 setting defaults ()
gunchleoc 173953c23e
Fix ISO code for Canadian French () 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Matt Jankowski e09419f22a
Move old framework defaults file to regular config value ()
Matt Jankowski a27a82939d
Remove the 7.1 marshalling format "todo" from new_framework_defaults ()
Claire bd415af9a1
Change streaming API host to not be overridden to localhost in development mode ()
Matt Jankowski e56fb9e489
Fix `Style/SymbolProc` cop ()
Matt Jankowski e5717c9bc6
Fix `Style/Lambda` cop ()
Matt Jankowski 1ee8d1e50e
Assign a proc to `Rack::Request.ip_filter` instead of patching method ()
Claire f37c93f3d7
Change cookie rotator to use SHA1 digest for new cookies ()
Matt Jankowski 42afd30324
Replace Sprockets with Propshaft ()
Matt Jankowski a8473f582d
Add zeitwerk inflector for cli->CLI ()
Claire 85662a5a57
Change `img-src` and `media-src` CSP directives to not include `https:` ()
Matt Jankowski 31bef99b9e
Move lib/mastodon/premailer_webpack_strategy to lib/ ()
Matt Jankowski 9429e30d75
Disable sidekiq unique jobs in test env ()
Matt Jankowski c875dfc90b
Fix `Lint/UnusedBlockArgument` cop ()
Matt Jankowski 33cc3ae8fa
Fix `Style/StabbyLambdaParentheses` cop ()
Matt Jankowski 02d27de5ce
Move i18n locale configuration to separate initializer ()
Matt Jankowski d6f50839e1
Fix `RSpec/SpecFilePathFormat` cops ()
Matt Jankowski 7ef56d6e50
Move json_ld context loaders to `config/initializers` ()
Matt Jankowski 3107a9410c
Silence deprecation warning about secrets/credentials with Devise patch ()
Matt Jankowski eae5c7334a
Extract class from CSP configuration/initialization ()
Matt Jankowski 4aa05d45fc
Capture minimum postgres version 12 ()
Matt Jankowski 9a3d047f3e
Run `bin/rails app:update` with Rails 7.1 ()
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background ()
Claire c3e0eb3699
Change Content-Security-Policy to be tighter on media paths ()
Matt Jankowski bcd0171e5e
Fix `Lint/UselessAssignment` cop ()
Wladimir Palant 23f8e93c64
Fixes - Allow cross origin request for /nodeinfo/2.0 API ()
Renaud Chaput e0da64bb4e
Fix empty ENV variables not using default nil value ()
Nick Schonning 85db392464
Autofix Rubocop cops for config/ ()
Matt Jankowski 56c0babc0b
Fix rubocop `Layout/ArgumentAlignment` cop ()
Claire 8acc75435b
Change S3 checksum mode to be disabled by default ()
Claire a04ae16201
Fix CSP when using `ONE_CLICK_SSO_LOGIN` ()
CSDUMMI 9a70cac9de
Fix by adding the domain of the current SSO provider to the form-action CSP ()
Christian Schmidt ea31929776
Fix invalid Content-Type header for WebP images ()
Claire 9e26cd5503
Add `authorized_fetch` server setting in addition to env var ()
Christian Schmidt 286a21afdc
Support webpacker live-reloading on Docker ()
Renaud Chaput b95867ad1f
Allow setting a custom HTTP method in CacheBuster () 
Co-authored-by: Jorijn Schrijvershof <jorijn@jorijn.com>
Claire dd049fc37a
Fix ES_PRESET not being applied to Chewy's internal index ()
Claire f5778caa3a
Add `ES_PRESET` option to customize numbers of shards and replicas () 
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Claire 4bc0dd751c
Add `S3_DISABLE_CHECKSUM_MODE` environment variable for compatibility with some S3-compatible providers ()
Claire 12c43e4ab5
Re-add StatsD support through the `nsa` gem ()
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode ()
Matt Jankowski ad81be6c8e
Update rubocop rules for linelength ()
Matt Jankowski bada7a65aa
Ignore long line in regex initializer ()
Claire e5f1000ad1
Fix CSP headers being unintendedly wide ()
Claire 934c7b33d1
Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades ()
Misty De Méo b848ba3867
Paperclip: add support for Azure blob storage ()
Matt Jankowski ce43ed144c
Rails 7.0 update ()
Matt Jankowski 2e1391fdd2
Fix `Naming/MemoizedInstanceVariableName` cop ()
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment ()
Kurtis Rainbolt-Greene e4cfe4b3db
First pass at multi-database for read replica using Rails native adapter () 
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
Eugen Rochko ba06a2f104
Revert "Rails 7 update" ()
Matt Jankowski 50c2a03695
Rails 7 update ()
Claire f378f10404
Fix compatibility of recent migration with PostgreSQL 10 ()
Nick Schonning c66250abf1
Autofix Rubocop Regex Style rules () 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Claire e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component ()
Matt Jankowski e49819142f
Remove unmaintained `nsa` gem ()
Claire 94329f28e1
Change wording of “Content cache retention period” setting to highlight destructive implications ()
Renaud Chaput 942d850b0a
Allow carets in URL search params ()
Nick Schonning c0b9664a31
Autofix Rubocop spacing in config ()
Nick Schonning cee4369cf5
Autofix Rubocop Lint/AmbiguousOperatorPrecedence ()
Matt Jankowski d9a958fcf7
Fix Performance/RedundantMerge cop ()
Matt Jankowski d902a707a3
Fix Rails/CompactBlank cop ()
Matt Jankowski 5a2aa06a51
Fix Rails/Present cop ()
Nick Schonning 49fad26eca
Drop EOL Ruby 2.7 ()
Nick Schonning 4687967176
Autofix Rubocop Style/NumericLiterals ()
Claire 5c499f54e3
Change root Chewy strategy to emit a warning instead of erroring out in production mode ()
Nick Schonning 500d6f93be
Autofix Rubocop Style/IdenticalConditionalBranches ()
Eugen Rochko a9b5598c97
Change user settings to be stored in a more optimal way () 
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Claire e084b5b82d
Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support ()
Claire f432db7b9f
Fix sidekiq jobs not triggering Elasticsearch index updates ()
Jean byroot Boussier 922837dc96
Upgrade to latest redis-rb 4.x and fix deprecations () 
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
Jamie Hoyle de137e6bb0
Added support for specifying S3 storage classes in environment ()
Eugen Rochko c6ef56fd5e
Change rate limits to 1,500/5m per user, 300/5m per app ()
luzpaz 596923da4a
Fix typos in source documentation () 
Fixed 2 source comment/documentation typos
Claire d587a268fd
Add logging for Rails cache timeouts () 
* Reduce redis cache store connect timeout from default 20 seconds to 5 seconds

* Log cache store errors
Claire 7955d4b959
Add form-action CSP directive ()
trwnh a2931d19ae
Add missing admin scopes (fix ) ()
Eugen Rochko 43b0b2f3f4
Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` ()
prplecake b46b7c3d5e
Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP () 
* Add "unsafe-eval" to script-src CSP

* Use 'unsafe-wasm-eval' instead of 'unsafe-eval'
Eugen Rochko 21fd25a269
Fix rate limiting for paths with formats ()
Matt Corallo 9d039209cc
Add `Cache-Control` header to openstack-stored files () 
When storing files in S3, paperclip is configured with a Cache-Control header
indicating the file is immutable, however no such header was added when using
OpenStack storage.

Luckily Paperclip's fog integration makes this trivial, with a simple
`fog_file` `Cache-Control` default doing the trick.
David Hewitt 290d78cea4
Allow unsetting x-amz-acl S3 Permission headers () 
Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent.

This is tested as working with Cloudflare R2.
prplecake aafbc82d88
Add "unsafe-eval" to script-src CSP ()
Eugen Rochko bf0ab3e0fa
Fix vacuum scheduler missing lock, locks never expiring () 
Remove vacuuming of orphaned preview cards
Eugen Rochko 0d6b878808
Add user content translations with configurable backends ()
Eugen Rochko 546672e292
Change "Allow trends without prior review" setting to include statuses () 
* Change "Allow trends without prior review" setting to include posts

* Fix i18n-tasks
Jeong Arm 861b35dd54
Support "http_hidden_proxy" ENV var for hidden service only proxy () 
* Support "http_hidden_proxy" ENV var for hidden service only proxy

* Fallback to http_proxy if http_hidden_proxy is not set
Eugen Rochko e7aa2be828
Change how hashtags are normalized () 
* Change how hashtags are normalized

* Fix tests
Claire ae4f068a84
Fix CAS_DISPLAY_NAME, SAML_DISPLAY_NAME and OIDC_DISPLAY_NAME being ignored ()
Eugen Rochko 96129c2f10
Fix confirmation redirect to app without `Location` header ()
Eugen Rochko 679b7158e3
Change search indexing to use batches to minimize resource usage ()
Eugen Rochko 7b0fe4aef9
Fix opening and closing Redis connections instead of using a pool () 
* Fix opening and closing Redis connections instead of using a pool

* Fix Redis connections not being returned to the pool in CLI commands