Commit Graph

3019 Commits (0ec978f799a76fee7a90eaff6384b037ceab4df2)

Author SHA1 Message Date
Ariadne Conill 5ed4ee3e8a th: config: CSP: allow unsafe-eval (script) and unsafe-inline (style)
th: config: CSP: add unsafe-eval for scripts

th: config: CSP: allow unsafe-inline for CSS

Maintained-by: kouhai <kouhai@treehouse.systems>
2024-07-10 00:29:32 -07:00
Claire 388672ff0d Merge commit '967505ee9bcacf0e5189aa06c654ff586c198a46' into glitch-soc/merge-upstream 2024-07-09 20:39:09 +02:00
David Roetzel 967505ee9b
Add size limit for all PreviewCard URLs (#30973) 2024-07-09 13:11:34 +00:00
Daniel M Brasil 3875bd138d
Fix HTTP 500 in `/api/v1/polls/:id/votes` (#25598) 2024-07-09 12:41:49 +00:00
Claire 6a55232988 Merge commit 'fa8e972722fb8fc056aa348dddaee4005b4a8ac4' into glitch-soc/merge-upstream 2024-07-08 19:41:14 +02:00
David Roetzel fa8e972722
Fix author names as arrays in linked data. (#30957) 2024-07-08 16:04:36 +00:00
Matt Jankowski f1300ad284
Rename jobs/attachments rspec tag names (#29762) 2024-07-08 16:01:08 +00:00
Claire d41b43ed4f
Limit attachments to `MEDIA_ATTACHMENTS_LIMIT` when returning posts through the API (#30932) 2024-07-08 07:41:50 +00:00
Claire 11dd51ef44 Merge commit '63ba69810eca80fc2d10114a79f2988c1b75892f' into glitch-soc/merge-upstream
Conflicts:
- `.env.production.sample`:
  Upstream and glitch-soc had different comments, some comments got updated upstream.
  Updated them in glitch-soc accordingly.
2024-07-06 21:02:42 +02:00
David Roetzel 97eddb5906
Fix details extraction when no title exists. (#30933) 2024-07-05 13:28:52 +00:00
David Roetzel 016c1e4e78
Improve handling of encoding problems when creating link previews (#30929) 2024-07-05 11:54:38 +00:00
Claire e61a7794f8 Merge commit 'df9e26158d9787859b24bdc276af478abf05e1af' into glitch-soc/merge-upstream
Conflicts:
- `lib/sanitize_ext/sanitize_config.rb`:
  Conflict because glitch-soc has a different list of allowed tags.
  Added upstream's new allowed tags while keeping ours.
- `spec/requests/api/v1/timelines/public_spec.rb`:
  Conflict because of glitch-soc's default settings.
  Updated accordingly.
2024-07-04 17:12:14 +02:00
Claire 502cf75b16
Merge pull request from GHSA-58x8-3qxw-6hm7
* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`
2024-07-04 16:26:49 +02:00
Claire 395f17ca17
Merge pull request from GHSA-vp5r-5pgw-jwqx
* Fix streaming sessions not being closed when revoking access to an app

* Add tests for GHSA-7w3c-p9j8-mq3x
2024-07-04 16:11:28 +02:00
Emelia Smith 47f0faebc9
Implement HTML ruby tags for east-asian languages (#30897) 2024-07-03 20:05:59 +00:00
David Roetzel 9be77fc0db
Revert "Add system check for missing database indexes" (#30909) 2024-07-03 13:36:42 +00:00
David Roetzel ebd8e1bbb6
Add system check for missing database indexes (#30888) 2024-07-03 07:19:54 +00:00
Claire d2aea85e6c Merge commit '5d4dbbcc67c98007d417cbe67b5a2261889304dc' into glitch-soc/merge-upstream 2024-06-30 11:25:40 +02:00
Matt Jankowski 836c0477ac
Use vips setting instead of env var in media processing spec (#30859) 2024-06-27 16:03:26 +00:00
David Roetzel ff08d99d4d
Catch encoding errors when creating link previews. (#30853) 2024-06-27 14:41:03 +00:00
David Roetzel 42adb6eaee
Add size limit for link preview URLs (#30854) 2024-06-27 14:40:19 +00:00
Matt Jankowski f6390c3326
Use flatware to parallelize CI specs (#30284) 2024-06-27 07:42:57 +00:00
Claire 7a84b76bb1
Drop favicon.ico generation (#30375) 2024-06-26 13:44:08 +00:00
Claire 6f2771cb32 Merge commit '845fe1c6936a7b386fd74ae567c19600a88e795a' into glitch-soc/merge-upstream 2024-06-25 17:57:39 +02:00
Matt Jankowski 8ef59729a1
Ignore intermittent chrome/manifest/icon interaction failure (#30793) 2024-06-25 13:57:40 +00:00
Emelia Smith 30ae5952d2
Fix: Ensure "With Media" is highlighted from Admin Accounts page (#30812) 2024-06-25 07:46:53 +00:00
Claire 21ca03581a Merge commit '6527d5039141fe4a80645147b581d76952a64f39' into glitch-soc/merge-upstream 2024-06-24 19:39:42 +02:00
Claire 8827cd597e
Fix `/admin/accounts/:account_id/statuses/:id` for edited posts with media attachments (#30819) 2024-06-24 13:11:10 +00:00
Claire 3b4607991d Merge commit '4743657ba24e83c376e9f477fbf49114e6f09a57' into glitch-soc/merge-upstream 2024-06-22 20:59:23 +02:00
Matt Jankowski 72484a194f
Remove `CacheBuster` default options (#30718) 2024-06-21 15:32:49 +00:00
David Roetzel 2cab1c7b09
Improve encoding detection for link cards (#30780) 2024-06-21 12:51:10 +00:00
Claire cabd7c21fc Merge commit '2cda1dd542b20a47245cb8d28a4f6f8750c2284c' into glitch-soc/merge-upstream 2024-06-19 19:37:37 +02:00
Matt Jankowski 84a31319e9
Add `match_json_values` and use in AP worker specs (#30720) 2024-06-19 13:46:52 +00:00
Claire 52e34a6bd6 Merge commit '5f4d231e980665c0946297909df508269fb25dc6' into glitch-soc/merge-upstream 2024-06-19 11:59:06 +02:00
Claire 8098d27f84
Stop calling Webpacker in full-stack tests (#30763) 2024-06-19 09:31:30 +00:00
Claire b0c979af49 Merge commit '58ace2e45e16a69977267d03874568c11043f04c' into glitch-soc/merge-upstream 2024-06-18 18:20:36 +02:00
Claire 58ace2e45e
Fix SQL error in admin measures API (#30753) 2024-06-18 16:04:58 +00:00
Matt Jankowski 38c6825eda
Remove unused `Extractor#extract_cashtags_with_indices` method (#30742) 2024-06-18 12:16:16 +00:00
Claire 395b9011ee Merge commit 'd5f02adad716520b6b9014553bc730dcef5b2f50' into glitch-soc/merge-upstream
Conflicts:
- `app/helpers/application_helper.rb`:
  Not a real conflict, just upstream adding a method textually adjacent to
  glitch-soc only code.
  Ported upstream's change.
2024-06-17 18:30:28 +02:00
Matt Jankowski d7b7617321
Use `class_names` in admin/account_moderation_notes helper (#30719) 2024-06-17 12:20:57 +00:00
Claire 677f73f793 Merge commit '3a191b3797dde1daf79cd748a14b87240532d543' into glitch-soc/merge-upstream 2024-06-17 13:41:58 +02:00
Matt Jankowski f287462f76
Fix repeated Delete/Undo assertion in remove status service spec (#30715) 2024-06-17 10:21:29 +00:00
Claire 45abddb302
Fix pagination attributes not being returned in ungroupable-only pages (#30688) 2024-06-13 14:10:34 +00:00
Claire bf56e982a9
Fix notifications from limited users being outright dropped (#30559) 2024-06-12 13:50:38 +00:00
Claire 1dfd516284
Fix duplicate `@context` attribute in user export (#30653) 2024-06-12 07:28:28 +00:00
Claire f214813919 Adapt settings spec to glitch-soc 2024-06-11 19:54:27 +02:00
Claire 4daed855e5 Merge commit 'd818ddd6870094e89e58ef61f37da4cb73935856' into glitch-soc/merge-upstream 2024-06-11 19:46:11 +02:00
Matt Jankowski d818ddd687
Extract `SIGN_COUNT_LIMIT` constant in `WebauthnCredential` class (#30636) 2024-06-11 15:36:21 +00:00
Matt Jankowski 62d070c438
Check both before/after state in `AccountDomainBlock` spec (#30640) 2024-06-11 13:59:56 +00:00
Matt Jankowski 1622f7aeb9
Remove duplicate fabricator validity checks (#29667) 2024-06-11 07:48:42 +00:00