Commit Graph

418 Commits (1037c413cf780be493ee114f84d858b818df4d6a)

Author SHA1 Message Date
Claire cb95239c96 Re-add StatsD support through the `nsa` gem (#26310) 2023-08-03 20:28:14 +02:00
Emelia Smith e395939ead Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252) 2023-08-02 19:32:48 +02:00
Matt Jankowski 2e932c05f8 Update rubocop rules for linelength (#26190) 2023-07-28 23:11:45 +02:00
Matt Jankowski 90f77d0112 Ignore long line in regex initializer (#26182) 2023-07-26 09:45:27 +02:00
Claire 5664c5370f Fix CSP headers being unintendedly wide (#26105) 2023-07-21 13:34:15 +02:00
Claire c5b79558e2 Change default KeyGenerator digest to SHA1 to fix cookies in rolling upgrades (#26023) 2023-07-21 13:17:43 +02:00
Misty De Méo 9e19cfdb05 Paperclip: add support for Azure blob storage (#23607) 2023-07-19 09:02:49 +02:00
Matt Jankowski 5cdc196e44 Rails 7.0 update (#25668) 2023-07-13 09:36:07 +02:00
Matt Jankowski 08421e7b90 Fix `Naming/MemoizedInstanceVariableName` cop (#25928) 2023-07-12 10:08:51 +02:00
Nick Schonning 96a8aa32ad Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Kurtis Rainbolt-Greene a27f2686ca First pass at multi-database for read replica using Rails native adapter (#25693)
Co-authored-by: emilweth <7402764+emilweth@users.noreply.github.com>
2023-07-08 19:45:36 +02:00
Claire 3445bdfa45 Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Eugen Rochko edb6aab974 Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski 5cadbaa296 Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Claire 83b03b528b Fix compatibility of recent migration with PostgreSQL 10 (#25324) 2023-06-07 01:53:50 +02:00
Nick Schonning ef344388c5 Autofix Rubocop Regex Style rules (#23690)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-06-06 14:50:51 +02:00
Claire f2dbbcdec5 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-06-05 17:35:05 +02:00
Matt Jankowski c671e23d28 Remove unmaintained `nsa` gem (#25265) 2023-06-05 01:57:05 +02:00
Claire 1c298d97c5 Change wording of “Content cache retention period” setting to highlight destructive implications (#23261) 2023-06-02 18:09:08 +02:00
Renaud Chaput f681f81cbf Allow carets in URL search params (#25216) 2023-06-01 12:14:49 +02:00
Nick Schonning 44b7c24bd0 Autofix Rubocop spacing in config (#25022) 2023-05-22 13:17:56 +02:00
Nick Schonning 67c5ac4971 Autofix Rubocop Lint/AmbiguousOperatorPrecedence (#25002) 2023-05-16 10:51:59 +02:00
Matt Jankowski a8aad4a45a Fix Performance/RedundantMerge cop (#24817) 2023-05-04 05:25:43 +02:00
Matt Jankowski bdbc9d0036 Fix Rails/CompactBlank cop (#24690) 2023-04-30 14:07:21 +02:00
Matt Jankowski 78f29479ab Fix Rails/Present cop (#24688) 2023-04-30 06:47:50 +02:00
Nick Schonning 519ae8c0c6 Drop EOL Ruby 2.7 (#24237) 2023-04-27 01:46:18 +02:00
Nick Schonning 91f0da8563 Autofix Rubocop Style/NumericLiterals (#24468) 2023-04-23 22:30:07 +02:00
Claire e03f9b38c5 Change root Chewy strategy to emit a warning instead of erroring out in production mode (#24327) 2023-04-03 15:05:39 +02:00
Nick Schonning 2a0d2453b0 Autofix Rubocop Style/IdenticalConditionalBranches (#24322) 2023-03-31 09:33:52 +02:00
Eugen Rochko c75fccf033 Change user settings to be stored in a more optimal way (#23630)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-03-30 14:44:00 +02:00
Claire af57bcd3cf Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) 2023-03-27 17:07:37 +02:00
Claire 852eb6ce7a Fix sidekiq jobs not triggering Elasticsearch index updates (#24046) 2023-03-12 23:47:55 +01:00
Jean byroot Boussier 08c2938b4a Upgrade to latest redis-rb 4.x and fix deprecations (#23616)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-04 16:38:28 +01:00
Jamie Hoyle 8f81dba434 Added support for specifying S3 storage classes in environment (#22480) 2023-03-03 20:53:37 +01:00
Eugen Rochko d08bd66f42 Change rate limits to 1,500/5m per user, 300/5m per app (#23347) 2023-02-02 00:07:49 +01:00
luzpaz 11b7735fb3 Fix typos in source documentation (#21046)
Fixed 2 source comment/documentation typos
2022-12-15 15:57:26 +01:00
Claire c863f76a62 Add logging for Rails cache timeouts (#21667)
* Reduce redis cache store connect timeout from default 20 seconds to 5 seconds

* Log cache store errors
2022-11-27 20:37:37 +01:00
Claire d5fad31a45 Add form-action CSP directive (#20781) 2022-11-17 10:55:03 +01:00
trwnh 2e118aa0e6 Add missing admin scopes (fix #20892) (#20918) 2022-11-17 10:50:21 +01:00
Eugen Rochko c0b3ebd307 Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729) 2022-11-15 03:39:06 +01:00
prplecake a4f1043bb3 Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)
* Add "unsafe-eval" to script-src CSP

* Use 'unsafe-wasm-eval' instead of 'unsafe-eval'
2022-11-15 03:22:38 +01:00
Eugen Rochko e18c8537e6 Fix rate limiting for paths with formats (#20675) 2022-11-14 20:26:31 +01:00
Matt Corallo 88b46d0a8f Add `Cache-Control` header to openstack-stored files (#20610)
When storing files in S3, paperclip is configured with a Cache-Control header
indicating the file is immutable, however no such header was added when using
OpenStack storage.

Luckily Paperclip's fog integration makes this trivial, with a simple
`fog_file` `Cache-Control` default doing the trick.
2022-11-14 05:26:49 +01:00
David Hewitt df557906fb Allow unsetting x-amz-acl S3 Permission headers (#20510)
Some "S3 Compatible" storage providers (Cloudflare R2 is one such example) don't support setting ACLs on individual uploads with the `x-amz-acl` header, and instead just have a visibility for the whole bucket. To support uploads to such providers without getting unsupported errors back, lets use a black `S3_PERMISSION` env var to indicate that these headers shouldn't be sent.

This is tested as working with Cloudflare R2.
2022-11-13 06:57:10 +01:00
prplecake d870657f80 Add "unsafe-eval" to script-src CSP (#18817) 2022-10-26 19:23:16 +02:00
Eugen Rochko d53e1fc6d9 Fix vacuum scheduler missing lock, locks never expiring (#19458)
Remove vacuuming of orphaned preview cards
2022-10-26 12:10:48 +02:00
Eugen Rochko a593188ded Add user content translations with configurable backends (#19218) 2022-09-23 23:00:12 +02:00
Eugen Rochko ecddc06474 Change "Allow trends without prior review" setting to include statuses (#17977)
* Change "Allow trends without prior review" setting to include posts

* Fix i18n-tasks
2022-08-28 04:00:39 +02:00
Jeong Arm 30113597e5 Support "http_hidden_proxy" ENV var for hidden service only proxy (#18427)
* Support "http_hidden_proxy" ENV var for hidden service only proxy

* Fallback to http_proxy if http_hidden_proxy is not set
2022-08-25 04:41:14 +02:00
Eugen Rochko 38d04135bf Change how hashtags are normalized (#18795)
* Change how hashtags are normalized

* Fix tests
2022-07-13 15:03:28 +02:00