Conflicts:
- `config/initializers/content_security_policy.rb`:
Our config file is pretty different from upstream.
Upstream changed CSP directive `script-src` to include
`wasm-unsafe-eval` instead of `unsafe-eval`, which we
did not include.
Added `wasm-unsafe-eval` to `script-src` to fix
execution of the OCR web worker.
- `package.json`:
Upstream updated a dependency (`array-includes`) textually
adjacent to a glitch-soc-only dependency (`atrament`).
Updated `array-includes` as upstream did.
Several controlers set quite intricate Cache-Control headers in order to
hopefully not be cached by any intermediate proxies or local caches. Unfortunately,
these headers are processed by ActionDispatch::HTTP::Cache in a way that squashes
and discards any values set alongside no-store other than private:
8015c2c2cf/actionpack/lib/action_dispatch/http/cache.rb (L207-L209)
We want to preserve no-store on these responses, but we might as well remove
parts that are going to be dropped anyway. As many of the endpoints in these
controllers are private to a particular user, we should also add "private",
which will be preserved alongside no-store.
Conflicts:
- `app/controllers/application_controller.rb`:
Conflict due to theming system.
- `app/controllers/oauth/authorizations_controller.rb`:
Conflict due to theming system.
* Add force_login option to OAuth authorize page
For when a user needs to sign into an app from multiple accounts
on the same server
* When logging out from modal header, redirect back after re-login
Setting of locale in controller extracted to Localized concern,
the doorkeeper authorized applications controller moved under
custom namespace with inclusion of Localized, which resolves the
"it sometimes appears in a different random language" bug
