6495 commits

Author	SHA1	Message	Date
r3g_5z	413b40b510	Drop X-Download-Options ... It's an IE8-era header where Adobe products used to use the IE engine when making outbound web requests to embed webpages such as Adobe Acrobat. This is something that a secure and modern CSP would protect against. Signed-off-by: r3g_5z <june@terezi.dev>	2022-11-19 23:12:02 -05:00
r3g_5z	f90552f62e	Drop XSS auditor ... It's deprecated, removed in some, by all modern browsers and is known to create XSS vulnerabilities in itself. Signed-off-by: r3g_5z <june@terezi.dev>	2022-11-19 20:40:20 -05:00
floatingghost	e1e0d5d759	microblogpub federation fixes (#288) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #288	2022-11-18 11:14:35 +00:00
floatingghost	2a1f17e3ed	and i yoink (#275) ... Co-authored-by: Mark Felder <feld@feld.me> Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #275	2022-11-14 15:07:26 +00:00
FloatingGhost	89dbc7177b	Chores for 2022.11	2022-11-11 16:12:04 +00:00
FloatingGhost	ac0c00cdee	Add media sources to connect-src if media proxy is enabled	2022-11-10 17:26:51 +00:00
FloatingGhost	bab1ab5b6c	strip \r and \r from content-disposition filenames	2022-11-10 11:54:12 +00:00
floatingghost	cc6a076202	Include requested_by in relationship (#260) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #260	2022-11-10 03:16:32 +00:00
FloatingGhost	4e8ab0deeb	fix count of poll voters	2022-11-08 13:50:04 +00:00
FloatingGhost	479aacb1b6	Add fallback for reports that don't have attached activities	2022-11-08 11:01:47 +00:00
FloatingGhost	7bbaa8f8e0	automatically trim loading *. prefixes on domain blocks	2022-11-07 22:33:18 +00:00
floatingghost	31ad09010e	Fix regex usage in MRF (#254) ... fixes #235 fixes #228 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #254	2022-11-06 23:50:32 +00:00
FloatingGhost	5123b3a5dd	Add enabled check on /translation/languages	2022-11-06 22:55:26 +00:00
floatingghost	b7e8ce2350	Scrape instance nodeinfo (#251) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #251	2022-11-06 22:49:39 +00:00
Thomas Citharel	4d0a51221a	Fix typo in CSP Report-To header name ... The header name was Report-To, not Reply-To. In any case, that's now being changed to the Reporting-Endpoints HTTP Response Header. https://w3c.github.io/reporting/#header https://github.com/w3c/reporting/issues/177 CanIUse says the Report-To header is still supported by current Chrome and friends. https://caniuse.com/mdn-http_headers_report-to It doesn't have any data for the Reporting-Endpoints HTTP header, but this article says Chrome 96 supports it. https://web.dev/reporting-api/ (Even though that's come out one year ago, that's not compatible with Network Error Logging which's still using the Report-To version of the API) Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-11-04 15:02:13 +01:00
floatingghost	9038da01cc	Merge pull request 'Push.Impl: support edits' (#244) from norm/akkoma:push-support-edits into develop ... Reviewed-on: #244	2022-11-01 15:14:08 +00:00
nullobsi	cbc693f832	Fix LDAP user registration (#229) ... Simple fix for LDAP user registration. I'm not sure what changed but I managed to get Akkoma running in a debug session and figured out it was missing a match for an extra value at the end. I don't know Elixir all that well so I'm not sure if this was the correct way to do it... but it works. :) Reviewed-on: #229 Co-authored-by: nullobsi <me@nullob.si> Co-committed-by: nullobsi <me@nullob.si>	2022-11-01 14:17:55 +00:00
marcin mikołajczak	6486211064	Push.Impl: support edits ... Signed-off-by: marcin mikołajczak <git@mkljczk.pl>	2022-10-28 01:20:19 -04:00
floatingghost	f36d14818d	Unilateral remove from followers (#232) ... from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/ Co-authored-by: marcin mikołajczak <git@mkljczk.pl> Co-authored-by: Tusooa Zhu <tusooa@kazv.moe> Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #232	2022-10-19 10:01:14 +00:00
floatingghost	edf7d5089f	Merge pull request 'Check that the signature matches the creator' (#230) from domain-blocks into develop ... Reviewed-on: #230	2022-10-14 11:41:34 +00:00
FloatingGhost	03662501c3	Check that the signature matches the creator	2022-10-14 11:48:32 +01:00
FloatingGhost	856c57208b	Ensure deletes are handled after everything else	2022-10-11 14:30:08 +01:00
FloatingGhost	cb9b0d3720	optimise notifications query	2022-10-11 11:40:43 +01:00
FloatingGhost	ca9e6ffc55	Use inner lateral join to not get dropped in :total	2022-10-10 16:45:02 +01:00
FloatingGhost	574f010bc8	Extract deactivated users query to a join	2022-10-10 15:55:58 +01:00
floatingghost	c6e63aaf6b	Backend settings sync (#226) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #226	2022-10-06 16:22:15 +00:00
Norm	561e1f2470	Make backups require its own scope (#218) ... Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721. This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope. Co-authored-by: Tusooa Zhu <tusooa@kazv.moe> Reviewed-on: #218 Co-authored-by: Norm <normandy@biribiri.dev> Co-committed-by: Norm <normandy@biribiri.dev>	2022-09-19 17:31:35 +00:00
Hélène	1acd38fe7f	OAuthPlug: use user cache instead of joining ... As this plug is called on every request, this should reduce load on the database by not requiring to select on the users table every single time, and to instead use the by-ID user cache whenever possible.	2022-09-11 19:55:55 +01:00
Hélène	8683252fc5	Metadata/Utils: use summary as description if set ... When generating OpenGraph and TwitterCard metadata for a post, the summary field will be used first if it is set to generate the post description.	2022-09-11 19:55:38 +01:00
Hélène	0b14f02ed2	User: generate private keys on user creation ... This fixes a race condition bug where keys could be regenerated post-federation, causing activities and HTTP signatures from an user to be dropped due to key differences.	2022-09-11 19:54:37 +01:00
Hélène	e88f36f72b	ObjectView: do not fetch an object for its ID ... Non-Create/Listen activities had their associated object field normalized and fetched, but only to use their `id` field, which is both slow and redundant. This also failed on Undo activities, which delete the associated object/activity in database. Undo activities will now render properly and database loads should improve ever so slightly.	2022-09-11 19:52:59 +01:00
Norm	a6d85003fe	Remote interaction with posts (#198) ... Grabbed from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3587 Co-authored-by: Tusooa Zhu <tusooa@kazv.moe> Reviewed-on: #198 Co-authored-by: Norm <normandy@biribiri.dev> Co-committed-by: Norm <normandy@biribiri.dev>	2022-09-08 10:19:22 +00:00
floatingghost	2641dcdd15	Post editing (#202) ... Rebased from #103 Co-authored-by: Tusooa Zhu <tusooa@kazv.moe> Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #202	2022-09-06 19:24:02 +00:00
FloatingGhost	6c80977b06	turn inlineQuotePolicy on by default	2022-09-05 17:22:33 +01:00
FloatingGhost	1c7d7845c3	fix compilation warnings	2022-09-05 00:39:32 +01:00
floatingghost	1b826eea54	Allow reacting with remote emoji when they exist on the post (#200) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #200	2022-09-04 23:31:41 +00:00
floatingghost	8e4de118c1	Don't persist local undone follow (#194) ... same deal but backwards this time Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #194	2022-08-31 18:00:36 +00:00
floatingghost	decbca0c91	add seperate source and dest entries in language listing (#193) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #193	2022-08-30 16:59:33 +00:00
floatingghost	c3fde9577d	Allow listing languages, setting source language (#192) ... Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #192	2022-08-30 14:58:54 +00:00
floatingghost	df39cab9c1	Automatic status translation (#187) ... Fixes #115 Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #187	2022-08-29 19:42:22 +00:00
Tusooa Zhu	95e4018c1a	Disconnect streaming sessions when token is revoked ... Use Websockex to replace websocket_client Test that server will disconnect websocket upon token revocation Lint Execute session disconnect in background Refactor streamer test allow multi-streams rebase websocket change	2022-08-27 19:07:48 +01:00
floatingghost	772c209914	GTS: cherry-picks and collection usage (#186) ... https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e what is this, a yoink of a yoink? good times Co-authored-by: Hélène <pleroma-dev@helene.moe> Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk> Reviewed-on: #186	2022-08-27 18:05:48 +00:00
FloatingGhost	85137f591f	Add ability to obfuscate domains in MRF transparency	2022-08-27 11:57:57 +01:00
floatingghost	e4f2251e0f	Add support for setting language in instance metadata (#183) ... Reviewed-on: #183	2022-08-25 16:11:21 +00:00
floatingghost	618cf7ff7f	reuse valid oauth tokens (#182) ... Reviewed-on: #182	2022-08-25 14:37:51 +00:00
FloatingGhost	8d7b63a766	Revert "Fix oauth2 (for real) (#179)" ... This reverts commit aa681d7e15.	2022-08-21 17:52:02 +01:00
floatingghost	aa681d7e15	Fix oauth2 (for real) (#179) ... Reviewed-on: #179	2022-08-21 16:24:37 +00:00
FloatingGhost	b0130bfa7b	Revert "oauth2 fixes (#177)" ... This reverts commit 429e2ac832.	2022-08-21 16:22:15 +01:00
floatingghost	d72f9e39d9	add visibility check on quote (#178) ... Reviewed-on: #178	2022-08-21 15:17:01 +00:00
floatingghost	429e2ac832	oauth2 fixes (#177) ... Reviewed-on: #177	2022-08-21 14:46:52 +00:00