Matt Jankowski
|
97b18d10b4
|
Move hcaptcha service config to `config_for` yml (#30662)
|
2024-10-23 14:25:43 +00:00 |
Matt Jankowski
|
258dce1256
|
Add `OpenSSL::SSL::SSLError` to http connection errors wrapper (#32307)
|
2024-10-08 14:59:51 +00:00 |
Matt Jankowski
|
e8ec6667bd
|
Extract wrapper constant for `HTTP::*` error classes (#32285)
|
2024-10-08 13:53:35 +00:00 |
Claire
|
49407e7623
|
Fix Content-Security-Policy when using sso-redirect (#32241)
|
2024-10-04 08:50:36 +00:00 |
Renaud Chaput
|
3dc4ddc663
|
Fix search params being dropped when redirected to non-deck path (#31984)
|
2024-09-25 13:35:37 +00:00 |
Claire
|
a496aeabcb
|
Change form-action Content-Security-Policy directive to be more restrictive (#26897)
|
2024-09-12 13:24:19 +00:00 |
Matt Jankowski
|
7efe0bde9d
|
Add `have_http_link_header` matcher and set header values as strings (#31010)
|
2024-09-05 20:05:38 +00:00 |
Claire
|
2ec1181ee5
|
Fix contrast between background and form elements on some pages (#31266)
|
2024-08-02 13:55:31 +00:00 |
Matt Jankowski
|
85d9053b36
|
Move `pagination_params` into `API::BaseController` (#28845)
|
2024-05-30 14:56:48 +00:00 |
Matt Jankowski
|
65e82211cd
|
Rename `cache_*` methods to `preload_*` in controller concern (#30209)
|
2024-05-16 08:03:46 +00:00 |
Matt Jankowski
|
1d3ecd3fba
|
Add `API::Pagination` concern (#28826)
|
2024-04-17 09:22:45 +00:00 |
Claire
|
babbf6017d
|
Remove caching in `cache_collection` (#29862)
|
2024-04-08 13:46:13 +00:00 |
Matt Jankowski
|
edde54e991
|
Update stoplight to version 4.1.0 (#28366)
|
2024-04-02 15:47:40 +00:00 |
Matt Jankowski
|
f9100743ec
|
Add `Api::ErrorHandling` concern for api/base controller (#29574)
|
2024-03-14 09:09:47 +00:00 |
Claire
|
7efc33b909
|
Move HTTP Signature parsing code to its own class (#28932)
|
2024-02-07 13:35:37 +00:00 |
Claire
|
1726085db5
|
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation
* Bump version to 4.3.0-alpha.1
|
2024-02-01 15:56:46 +01:00 |
Eugen Rochko
|
b19ae521b7
|
Add confirmation when redirecting logged-out requests to permalink (#27792)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2024-01-24 10:49:19 +00:00 |
Claire
|
3593ee2e36
|
Add rate-limit of TOTP authentication attempts at controller level (#28801)
|
2024-01-19 12:19:49 +00:00 |
Jean Boussier
|
5a6d533c53
|
Enable Rails 7.1 Marshalling format (#28609)
|
2024-01-05 21:57:47 +00:00 |
Claire
|
092bb8a27a
|
Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476)
|
2024-01-03 11:29:26 +00:00 |
Claire
|
963354978a
|
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases (#28053)
|
2023-11-30 15:43:26 +00:00 |
Matt Jankowski
|
1f1c75bba5
|
File cleanup/organization in `controllers/concerns` (#27846)
|
2023-11-30 14:39:41 +00:00 |
Matt Jankowski
|
291dc04e67
|
Remove un-needed `action` and `template` options to `render` in controllers (#28022)
|
2023-11-29 10:38:05 +00:00 |
Matt Jankowski
|
d562fb8459
|
Specs for minimal CSP policy in `Api::` controllers (#27845)
|
2023-11-14 14:34:30 +00:00 |
Ricardo Trindade
|
33f8c1c5eb
|
Remove version check from update cache_concern.rb (#27592)
|
2023-10-30 14:04:12 +00:00 |
Claire
|
379115e601
|
Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439)
|
2023-10-23 15:46:21 +00:00 |
Matt Jankowski
|
d4c2dca874
|
Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… (#27372)
|
2023-10-12 09:44:20 +02:00 |
Claire
|
40ba6e119b
|
Fix Vary headers not being set on some redirects (#27272)
|
2023-10-05 09:50:08 +02:00 |
Matt Jankowski
|
340f1a68be
|
Simplify instance presenter view access (#26046)
|
2023-09-28 16:52:37 +02:00 |
CSDUMMI
|
9a70cac9de
|
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)
|
2023-09-12 13:04:51 +02:00 |
Claire
|
09ec9c6aa5
|
Downgrade signature verification debug logging from `warn` to `debug` (#26812)
|
2023-09-06 12:17:22 +02:00 |
Claire
|
25bf640629
|
Add debug logging on signature verification failure (#26637)
|
2023-08-29 10:29:07 +02:00 |
Claire
|
8b37dd2c86
|
Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)
|
2023-08-08 15:41:38 +02:00 |
CSDUMMI
|
120f5802c0
|
Add direct link to the Single-Sign On provider if there is only one sign up method available (#26083)
|
2023-08-03 16:43:15 +02:00 |
Emelia Smith
|
e258b4cb64
|
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252)
|
2023-08-02 19:32:48 +02:00 |
Matt Jankowski
|
2e1391fdd2
|
Fix `Naming/MemoizedInstanceVariableName` cop (#25928)
|
2023-07-12 10:08:51 +02:00 |
Matt Jankowski
|
5134fc65e2
|
Fix `Naming/AccessorMethodName` cop (#25924)
|
2023-07-12 10:03:19 +02:00 |
Eugen Rochko
|
39110d1d0a
|
Fix CAPTCHA page not following design pattern of sign-up flow (#25395)
|
2023-06-13 22:30:40 +02:00 |
Claire
|
bec6a1cad4
|
Add hCaptcha support (#25019)
|
2023-05-16 23:27:35 +02:00 |
Nick Schonning
|
d5a185d721
|
Autofix Rubocop Style/CaseLikeIf (#23756)
|
2023-05-04 05:51:18 +02:00 |
Matt Jankowski
|
668a19a2f3
|
Fix Performance/DeletePrefix cop (#24796)
|
2023-05-02 21:07:45 +02:00 |
Claire
|
b0bf6216e6
|
Fix /api/v1/instance/domain_blocks being unconditionally cached (#24662)
|
2023-04-26 11:42:47 +02:00 |
Claire
|
276c39361b
|
Fix anonymous visitors getting a session cookie on first visit (#24584)
|
2023-04-25 16:51:38 +02:00 |
Eugen Rochko
|
6084461cd0
|
Change unauthenticated responses to be cached in REST API (#24348)
|
2023-04-25 15:41:34 +02:00 |
Claire
|
58a1b2e330
|
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604)
|
2023-04-23 22:27:24 +02:00 |
Eugen Rochko
|
e98c86050a
|
Refactor `Cache-Control` and `Vary` definitions (#24347)
|
2023-04-19 16:07:29 +02:00 |
Matt Jankowski
|
0663803348
|
Move link header setting to after_action (#24251)
|
2023-03-26 00:40:01 +01:00 |
Claire
|
2626097869
|
Fix Rails cache namespace being overriden with `v2` for cached statuses (#24202)
|
2023-03-22 15:47:44 +01:00 |
Jean byroot Boussier
|
160f38f03d
|
Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
2023-03-17 14:37:30 +01:00 |
Nick Schonning
|
25d36b6edd
|
Autofix Rubocop Style/RedundantArgument (#23798)
|
2023-03-16 10:34:00 +09:00 |