Eugen
53f6bf067f
Fix cross-origin integrity ( #1871 )
...
See <https://glitch.social/users/bea/updates/434 >
2017-04-15 22:48:30 +02:00
Joachim Viide
cbf0e1b1c8
Send initial state in a <script type="application/json"> tag ( #1806 )
2017-04-15 02:32:42 +02:00
maxypy
c06f09dfe2
Implementing Subresource Integrity ( #1729 )
...
* Add sprockets-rails to Gemfile
* Add sprockets-rails to Gemfile.lock
* Update show.html.haml
* Update index.html.haml
* Update admin.html.haml
* Update auth.html.haml
* Update embedded.html.haml
* Update public.html.haml
2017-04-14 11:09:20 +02:00
Eugen Rochko
9bd2b6be86
Make the streaming API also handle websockets (because trying to get the browser EventSource interface to
...
work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead
of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
2017-02-04 00:34:31 +01:00
Eugen Rochko
1a77ccb668
Fix #457 - escape JSON in INITIAL_STATE (this bug only ever allowed a user to xss themselves rather than anyone else)
2017-01-12 03:54:50 +01:00
Eugen Rochko
4293e132d1
Persist UI settings, add missing localizations for German
2017-01-09 14:00:55 +01:00
Eugen Rochko
c1c814e6a1
Improve initialState loading
2017-01-09 12:37:53 +01:00
Eugen Rochko
090e3a245d
Fix #249 - use window.location hack to let people login from sandboxed iOS homescreen
2016-12-21 00:13:13 +01:00
Eugen Rochko
9d4f96f440
Removing external hub completely, fix #333 fixing digit-only hashtags,
...
removing web app capability from non-webapp pages
2016-12-18 12:24:37 +01:00
Eugen Rochko
db6df6ddb3
Only load JS on homepage, no other page uses it
2016-09-24 13:47:51 +02:00
Eugen Rochko
337462aa5e
Re-organizing components to be more modular, adding loading bars
2016-09-19 23:26:21 +02:00
Eugen Rochko
2e7aac793a
Adding sense of self to the UI, cleaning up routing, adding third (detail) column
2016-09-13 02:24:40 +02:00
Eugen Rochko
92afd29650
The frontend will now be an OAuth app, auto-authorized. The frontend will use an access token for API requests
...
Adding better errors for the API controllers, posting a simple status works from the frontend now
2016-08-26 19:12:19 +02:00
Eugen Rochko
49520d6e62
Adding React.js, Redux, revamping dashboard
2016-08-24 17:56:44 +02:00
Eugen Rochko
5764d52b04
Fix Sidekiq pooling issues. Remove API docs from homepage, replace with
...
a basic home timeline
2016-03-25 16:10:14 +01:00
Eugen Rochko
f14f462eaf
Adding Turbolinks, adding status posting form on homepage
2016-03-21 18:26:47 +01:00
Eugen Rochko
1aa477ac2f
Customized more doorkeeper views, only logged in users can create oauth apps
2016-03-12 19:46:06 +01:00
Eugen Rochko
aab9f57e36
Adding config for puma, dashboard layout, fixing some queries
2016-03-12 16:21:53 +01:00
Eugen Rochko
3824c58853
Adding GNU Public license, adding home timeline, reblog/favourite counters
2016-03-06 17:52:23 +01:00
Eugen Rochko
6045b6cb18
Customizing devise views and controllers
2016-03-05 22:43:05 +01:00
Eugen Rochko
709c6685a9
Made some progress
2016-02-22 16:00:20 +01:00