Commit Graph

21 Commits (f93d4d340d8dddd34eae7a9c6d9d316a13464628)

Author SHA1 Message Date
Eugen 53f6bf067f Fix cross-origin integrity (#1871)
See <https://glitch.social/users/bea/updates/434>
2017-04-15 22:48:30 +02:00
Joachim Viide cbf0e1b1c8 Send initial state in a <script type="application/json"> tag (#1806) 2017-04-15 02:32:42 +02:00
maxypy c06f09dfe2 Implementing Subresource Integrity (#1729)
* Add sprockets-rails to Gemfile

* Add sprockets-rails to Gemfile.lock

* Update show.html.haml

* Update index.html.haml

* Update admin.html.haml

* Update auth.html.haml

* Update embedded.html.haml

* Update public.html.haml
2017-04-14 11:09:20 +02:00
Eugen Rochko 9bd2b6be86 Make the streaming API also handle websockets (because trying to get the browser EventSource interface to
work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead
of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
2017-02-04 00:34:31 +01:00
Eugen Rochko 1a77ccb668 Fix #457 - escape JSON in INITIAL_STATE (this bug only ever allowed a user to xss themselves rather than anyone else) 2017-01-12 03:54:50 +01:00
Eugen Rochko 4293e132d1 Persist UI settings, add missing localizations for German 2017-01-09 14:00:55 +01:00
Eugen Rochko c1c814e6a1 Improve initialState loading 2017-01-09 12:37:53 +01:00
Eugen Rochko 090e3a245d Fix #249 - use window.location hack to let people login from sandboxed iOS homescreen 2016-12-21 00:13:13 +01:00
Eugen Rochko 9d4f96f440 Removing external hub completely, fix #333 fixing digit-only hashtags,
removing web app capability from non-webapp pages
2016-12-18 12:24:37 +01:00
Eugen Rochko db6df6ddb3 Only load JS on homepage, no other page uses it 2016-09-24 13:47:51 +02:00
Eugen Rochko 337462aa5e Re-organizing components to be more modular, adding loading bars 2016-09-19 23:26:21 +02:00
Eugen Rochko 2e7aac793a Adding sense of self to the UI, cleaning up routing, adding third (detail) column 2016-09-13 02:24:40 +02:00
Eugen Rochko 92afd29650 The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko 49520d6e62 Adding React.js, Redux, revamping dashboard 2016-08-24 17:56:44 +02:00
Eugen Rochko 5764d52b04 Fix Sidekiq pooling issues. Remove API docs from homepage, replace with
a basic home timeline
2016-03-25 16:10:14 +01:00
Eugen Rochko f14f462eaf Adding Turbolinks, adding status posting form on homepage 2016-03-21 18:26:47 +01:00
Eugen Rochko 1aa477ac2f Customized more doorkeeper views, only logged in users can create oauth apps 2016-03-12 19:46:06 +01:00
Eugen Rochko aab9f57e36 Adding config for puma, dashboard layout, fixing some queries 2016-03-12 16:21:53 +01:00
Eugen Rochko 3824c58853 Adding GNU Public license, adding home timeline, reblog/favourite counters 2016-03-06 17:52:23 +01:00
Eugen Rochko 6045b6cb18 Customizing devise views and controllers 2016-03-05 22:43:05 +01:00
Eugen Rochko 709c6685a9 Made some progress 2016-02-22 16:00:20 +01:00