AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 167 Pull Requests 16 Packages Projects 2 Releases 13 Wiki Activity
14,817 Commits 25 Branches 104 Tags 320 MiB
Commit Graph

14817 Commits

Author SHA1 Message Date
@r3g_5z@plem.sapphic.site 0e4c201f8d HTTP header improvements (#294)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: #294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
 2022-11-20 21:20:06 +00:00
floatingghost 6453297e9c Merge pull request 'Drop XSS auditor' (#292) from r3g_5z/akkoma:drop-xss-auditor into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #292
 2022-11-20 04:00:25 +00:00
r3g_5z f90552f62e
Drop XSS auditor
ci/woodpecker/pr/woodpecker Pipeline was successful Details 
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
 2022-11-19 20:40:20 -05:00
FloatingGhost fb5f846e8c Add `languages` to cheatsheet
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-18 11:22:30 +00:00
Norm 14c1a4220b docs: Update list of clients (#284)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
In addition to making the page refer to Akkoma instead of Pleroma, I've
also removed clients that were not updated in a year or more and updated
links to websites and the contact links of authors.

Also removed language that suggested these clients are in any way
"officially supported".

Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: #284
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
 2022-11-18 11:19:37 +00:00
floatingghost ab44b82af0 Merge pull request 'Update copyright info' (#285) from norm/akkoma:copyright-stuff into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #285
 2022-11-18 11:17:24 +00:00
floatingghost e1e0d5d759 microblogpub federation fixes (#288)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #288
 2022-11-18 11:14:35 +00:00
Norm e45b242d88
Update copyright info
ci/woodpecker/pr/woodpecker Pipeline is pending Details 
- Bump years to 2022 where appropriate
- Add copyright for Akkoma authors
- Remove references to deleted images
 2022-11-17 22:48:33 -05:00
floatingghost 9deae8c533 Merge pull request 'docs: Update links to list of akkoma instances' (#278) from norm/akkoma:update-akkoma-list-urls into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #278
 2022-11-16 10:16:27 +00:00
FloatingGhost d4ca1217d3 Be very specific about the double-quotes in strings
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-16 10:13:41 +00:00
Haelwenn (lanodan) Monnier 3e0a5851e5 Set instance reachable on fetch
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-15 17:23:47 +00:00
Norm 7a833aff90
docs: Update links to list of akkoma instances
ci/woodpecker/pr/woodpecker Pipeline is pending Details 
The old links were for Pleroma instances and one of them isn't even active anymore.
 2022-11-15 07:51:19 -05:00
floatingghost 2a1f17e3ed and i yoink (#275)
ci/woodpecker/push/woodpecker Pipeline was successful Details 
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #275
 2022-11-14 15:07:26 +00:00
FloatingGhost 893bfde66f Remove references to soykaf
ci/woodpecker/push/woodpecker Pipeline was successful Details 
Fixes #271
 2022-11-14 00:01:31 +00:00
floatingghost c1127e321b Add configurable timeline per oban job (#273)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Heavily inspired by https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3777

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #273
 2022-11-13 23:55:51 +00:00
floatingghost 7d4c4aa16e Merge pull request 'change default redirectRootNoLogin to /main/public' (#272) from nocebo/akkoma:nocebo-default-public-tl into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #272
 2022-11-13 22:45:22 +00:00
astra akari 35cddd7cf7 change default redirectRootNoLogin to /main/public
ci/woodpecker/pr/woodpecker Pipeline is pending Details 
close #268
 2022-11-13 08:43:12 +00:00
floatingghost 19272be0ce Merge pull request 'Chores for 2022.11' (#266) from 2022-11-stable into develop
ci/woodpecker/push/woodpecker Pipeline was successful Details 
Reviewed-on: #266
 2022-11-12 15:16:51 +00:00
FloatingGhost 89dbc7177b Chores for 2022.11
ci/woodpecker/push/woodpecker Pipeline is pending Details
ci/woodpecker/pr/woodpecker Pipeline is pending Details
2022-11-11 16:12:04 +00:00
FloatingGhost 634463ff64 fix requirements
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-11 16:07:07 +00:00
FloatingGhost ac0c00cdee Add media sources to connect-src if media proxy is enabled
ci/woodpecker/push/woodpecker Pipeline failed Details
2022-11-10 17:26:51 +00:00
FloatingGhost 50458a17dc Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-10 11:54:35 +00:00
FloatingGhost bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
FloatingGhost dcc36df8cf add manual deploy for docs 2022-11-10 10:55:57 +00:00
floatingghost 77ed5fc674 Merge pull request 'Fix typo in README' (#262) from eloy/akkoma:develop into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #262
 2022-11-10 10:52:59 +00:00
Eloy Degen f8b4e360a0 Fix typo in README
ci/woodpecker/pr/woodpecker Pipeline is pending Details
2022-11-10 10:00:39 +01:00
FloatingGhost 539c6d6666 update requirements.txt
ci/woodpecker/push/woodpecker Pipeline failed Details
2022-11-10 03:40:36 +00:00
FloatingGhost dc2e9845bb Merge remote-tracking branch 'origin/translations' into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-10 03:38:38 +00:00
FloatingGhost 66eb844bd2 Update documentation builder
ci/woodpecker/push/woodpecker Pipeline failed Details
2022-11-10 03:38:10 +00:00
FloatingGhost c5b6cb746f add requested_by changelog entry
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-10 03:17:00 +00:00
Weblate f2c6749b57 Update translation files
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Updated by "Squash Git commits" hook in Weblate.

Translation: Pleroma fe/Akkoma Backend (Errors)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/
 2022-11-10 03:16:35 +00:00
Weblate f7c1e15d08 Translated using Weblate (Spanish) 
Currently translated at 21.6% (23 of 106 strings)

Co-authored-by: mint <they@mint.lgbt>
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/es/
Translation: Pleroma fe/Akkoma Backend (Errors)
 2022-11-10 03:16:35 +00:00
floatingghost cc6a076202 Include requested_by in relationship (#260)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #260
 2022-11-10 03:16:32 +00:00
FloatingGhost 53fbe26c80 reference "stable" in all URLs
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-09 13:22:44 +00:00
FloatingGhost 0681a26dbb Remove unused pattern
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-08 13:54:43 +00:00
FloatingGhost 4e8ab0deeb fix count of poll voters
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-08 13:50:04 +00:00
FloatingGhost 2e895b6c02 make metdata check a debug log
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-08 11:03:43 +00:00
FloatingGhost 479aacb1b6 Add fallback for reports that don't have attached activities
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-08 11:01:47 +00:00
FloatingGhost a0b8e3c842 Don't mess with the cache on metadata update
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-08 10:39:01 +00:00
FloatingGhost 7bbaa8f8e0 automatically trim loading *. prefixes on domain blocks
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-07 22:33:18 +00:00
FloatingGhost c0eecb55bf Update finch
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-07 13:32:34 +00:00
FloatingGhost e0032e4799 Add rollbacks for associated_object_id
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-07 00:08:20 +00:00
FloatingGhost 48309c141e Add "differences" in readme
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-06 23:57:43 +00:00
floatingghost 31ad09010e Fix regex usage in MRF (#254)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
fixes #235
fixes #228

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #254
 2022-11-06 23:50:32 +00:00
FloatingGhost 5123b3a5dd Add enabled check on /translation/languages
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-06 22:55:26 +00:00
FloatingGhost bbedbaaf5c Changelog
ci/woodpecker/push/woodpecker Pipeline is pending Details
2022-11-06 22:50:11 +00:00
floatingghost b7e8ce2350 Scrape instance nodeinfo (#251)
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: #251
 2022-11-06 22:49:39 +00:00
FloatingGhost ccdf55acff Fix instance name in email test
ci/woodpecker/push/woodpecker Pipeline was successful Details
2022-11-04 18:42:12 +00:00
floatingghost cc6d760814 Merge pull request 'Fix typo in CSP Report-To header name' (#250) from tcit/akkoma:fix-typo-in-csp-report-to-header-name into develop
ci/woodpecker/push/woodpecker Pipeline is pending Details 
Reviewed-on: #250
 2022-11-04 18:41:26 +00:00
Thomas Citharel 4d0a51221a
Fix typo in CSP Report-To header name
ci/woodpecker/pr/woodpecker Pipeline failed Details 
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-11-04 15:02:13 +01:00