Commit Graph

98 Commits (a0b525e50b0e53a0def7d5f4abea68737ff327f1)

Author SHA1 Message Date
Nick Schonning 13fb54920b
Enable Style/IfUnlessModifier RuboCop (#30260) 2024-05-13 09:54:15 +00:00
Matt Jankowski 1e7d5d2957
Update `devise-two-factor` to version 5.0.0 (#28325)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-05-02 09:31:41 +00:00
Matt Jankowski 369b2ef0ed
Fix `Style/TrailingCommaInHashLiteral` cop (#30004) 2024-04-19 20:52:01 +00:00
Matt Jankowski 933189887b
Fix `Style/StringLiterals` cop (#30005) 2024-04-19 20:33:00 +00:00
Matt Jankowski 33cc3ae8fa
Fix `Style/StabbyLambdaParentheses` cop (#27771) 2023-11-08 12:01:18 +00:00
Matt Jankowski 9a3d047f3e
Run `bin/rails app:update` with Rails 7.1 (#27522) 2023-10-25 13:56:09 +00:00
Nick Schonning 85db392464
Autofix Rubocop cops for config/ (#24145) 2023-10-03 15:24:12 +02:00
Matt Jankowski ce43ed144c
Rails 7.0 update (#25668) 2023-07-13 09:36:07 +02:00
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Eugen Rochko ba06a2f104
Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski 50c2a03695
Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
mogaminsk e0d075713f
Change i18n-fallbacks to English (#24727) 2023-04-30 02:22:20 +02:00
Eugen Rochko 0ca54a4105
Remove `Permissions-Policy` header from all responses (#24124) 2023-03-20 20:02:09 +01:00
Eugen Rochko f0e727f958
Add cache headers to static files served through Rails (#24120) 2023-03-16 02:55:54 +01:00
Eugen Rochko 8cb2543ee5
Add `SENDFILE_HEADER` environment variable (#24123) 2023-03-16 02:55:13 +01:00
Claire 02c6bad3ca
Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750) 2023-03-03 20:37:22 +01:00
Claire cff7d967f9
Fix CSRF protection (#23037)
Fix regression from #23014
2023-01-10 14:33:40 +01:00
Claire aefefc74c4
Change referrer-policy to no-referrer application-wide (#23014) 2023-01-10 05:18:43 +01:00
Rose 4f15fd0ba1
Fix style for hashes (#20518)
* Fix style for hashes

Make the style for hashes consistent.

* New style

More consistency
2022-11-17 11:05:39 +01:00
Yamagishi Kazutoshi 19a8563905
Fix `ENV` (#20377) 2022-11-11 01:33:32 +01:00
F 9feba112a7
Make enable_starttls configurable by envvars (#20321)
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.

Resolves #20311
2022-11-10 21:06:21 +01:00
Arya K af9c9936dd
Fix I2P HTTPS redirect (#18929) 2022-08-25 04:37:09 +02:00
Yamagishi Kazutoshi 5781d1db84
Fix parsing `TRUSTED_PROXY_IP` (#18051) 2022-04-19 08:11:58 +01:00
Eugen Rochko 8c03b45fff
Fix unset `SMTP_RETURN_PATH` environment variable causing e-mail not to send (#17982) 2022-04-07 13:32:12 +02:00
Eugen Rochko 56edc6552f
Add `SMTP_RETURN_PATH` environment variable to set bounce domain (#17886) 2022-03-28 09:39:31 +02:00
Wonderfall 244726e2e8
disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-01-24 13:14:26 +01:00
tkr b52fdb4c6f
Fix SMTP_ENABLE_STARTTLS_AUTO/SMTP_TLS/SMTP_SSL environment variables don't work (#17216)
#17215
2022-01-13 12:05:22 +01:00
Sandro 085da13933
Default to system ca-certificates.crt if none is specified (#10857)
Co-Authored-By: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-10-14 21:05:50 +02:00
Claire 1efcbb9cfe
Add Message-ID header to outgoing emails (#16076)
* Add Message-ID header to outgoing emails

* Use email domain name from SMTP_FROM_ADDRESS, fallback on WEB_DOMAIN on failure

* Use notifications@localhost as fallback for SMTP_FROM_ADDRESS, do not catch parse errors
2021-04-19 18:41:29 +02:00
Claire 71f335c2fc
Add HTTP header to explicitly opt out of FLoC by default (#16036)
Fixes #16034
2021-04-13 23:43:41 +02:00
Claire cbd0ee1d07
Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire 43eff898a0
Prepare Mastodon for Rails 6 (#15911)
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Tdxdxoz 376b44853f
add ssl option in smtp setting (#14309) 2020-07-15 14:43:49 +02:00
Hugo Gameiro 5466b39c78 Add SMTP reply_to option (#11718)
* Add SMTP_REPLY_TO in .env.production.sample

* Set reply_to in SMTP options
2019-09-02 18:12:40 +02:00
Eugen Rochko 1bc077dc74
Add HTTP signature keyId to request log (#11591) 2019-08-18 18:03:56 +02:00
Eugen Rochko 22de24b8ca
Fix missing protocol in dns-prefetch, improve code style (#8963)
Regression from #8942
2018-10-12 02:19:10 +02:00
aus-social 0a4739c732 lint pass 2 (#8878)
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
2018-10-04 17:38:04 +02:00
Eugen Rochko 63553c6b5c
Add support for separate Redis for cache (#7272)
* Add support for separate Redis for cache

CACHE_REDIS_URL to allow using a different Redis server for cache
purposes, with cache-specific configuration such as key eviction

* Fix code style issues
2018-04-27 01:37:59 +02:00
Yamagishi Kazutoshi 50529cbceb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
Akihiko Odaki 61dcb686a8 Fix i18n fallback configuration conflicts with environment configurations (#6843) 2018-03-20 16:36:20 +01:00
Akihiko Odaki c110fa62ac Provide default OTP_SECRET value for development environment (#6617) 2018-03-04 20:28:24 +01:00
beatrix 4072b68686 remove Uglifier call from production.rb (#6568) 2018-02-27 05:48:11 +01:00
Eugen Rochko 35a8cafa35 Replace self-rolled statsd instrumention with localshred/nsa (#5118) 2017-09-29 03:16:44 +02:00
Yamagishi Kazutoshi 3f333a8d31 Set fallback address when empty notification address (#4868) 2017-09-09 21:31:48 +02:00
Eugen Rochko a3202fd51e Add SMTP_TLS variable for configuring TLS when server uses non-standard port (#4227) 2017-07-16 23:48:35 +02:00
Akihiko Odaki (@fn_aki@pawoo.net) 2083000027 Set default From address in config (#3756)
The old implementation sets default From address in mailers. It sets
the address from SMTP_FROM_ADDRESS, or notifications@localhost. The
behavior is occasionally undesired results.

In production environment, notifications@localhost is likely to be
incorrect.
In testing environment, the email address should not be varied by a
environment variable.

After appling this change,

In production environment, it will throw an exception when launching
Mastodon.
In testing environment, the address will be fixed with
notifications@localhost.
2017-07-07 00:12:12 +02:00
nullkal b8ea28d6d0 Support multiple trusted proxy ip addresses (#3639)
* Support multiple trusted proxy ip addresses

* correct coding style
2017-06-08 14:33:28 +02:00
Matt Jankowski 2212dc4aaa Update Rails to version 5.1.1 (#3121)
* Update rails to version 5.1.1

* Run `rails app:update`

* Remove the override of polymorphic activity relationship

* Silence warning about otp_secret attribute being unknown to rails

* We will only introduce form_with where we want to use remote data
2017-06-01 20:53:37 +02:00
Clworld df92f010ad Set config.cache_store in environments file. (#3219)
* Set config.cache_store in application.rb

* Set config.cache_store in environments.

* fix code format.
2017-05-22 15:01:02 +02:00
alpaca-tc ef226a6f22 Remove rails_12factor (#2901) 2017-05-09 05:15:54 +02:00