distraction.party/lib/pleroma/web/mastodon_api
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
..
views mastodon api: rich media: don't clobber %URI struct with a string 2019-02-06 18:02:15 +00:00
mastodon_api.ex rich media: add helpers module, use instead of MastodonAPI module 2019-01-28 06:04:54 +00:00
mastodon_api_controller.ex OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 2019-02-07 22:14:06 +03:00
websocket_handler.ex update copyright years to 2019 2018-12-31 15:41:47 +00:00