Commit graph

14817 commits

Author SHA1 Message Date
@r3g_5z@plem.sapphic.site
0e4c201f8d HTTP header improvements (#294)
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: AkkomaGang/akkoma#294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
6453297e9c Merge pull request 'Drop XSS auditor' (#292) from r3g_5z/akkoma:drop-xss-auditor into develop
Reviewed-on: AkkomaGang/akkoma#292
2022-11-20 04:00:25 +00:00
r3g_5z
f90552f62e
Drop XSS auditor
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
fb5f846e8c Add languages to cheatsheet 2022-11-18 11:22:30 +00:00
14c1a4220b docs: Update list of clients (#284)
In addition to making the page refer to Akkoma instead of Pleroma, I've
also removed clients that were not updated in a year or more and updated
links to websites and the contact links of authors.

Also removed language that suggested these clients are in any way
"officially supported".

Co-authored-by: Francis Dinh <normandy@biribiri.dev>
Reviewed-on: AkkomaGang/akkoma#284
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-11-18 11:19:37 +00:00
ab44b82af0 Merge pull request 'Update copyright info' (#285) from norm/akkoma:copyright-stuff into develop
Reviewed-on: AkkomaGang/akkoma#285
2022-11-18 11:17:24 +00:00
e1e0d5d759 microblogpub federation fixes (#288)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#288
2022-11-18 11:14:35 +00:00
e45b242d88
Update copyright info
- Bump years to 2022 where appropriate
- Add copyright for Akkoma authors
- Remove references to deleted images
2022-11-17 22:48:33 -05:00
9deae8c533 Merge pull request 'docs: Update links to list of akkoma instances' (#278) from norm/akkoma:update-akkoma-list-urls into develop
Reviewed-on: AkkomaGang/akkoma#278
2022-11-16 10:16:27 +00:00
d4ca1217d3 Be very specific about the double-quotes in strings 2022-11-16 10:13:41 +00:00
Haelwenn (lanodan) Monnier
3e0a5851e5 Set instance reachable on fetch 2022-11-15 17:23:47 +00:00
7a833aff90
docs: Update links to list of akkoma instances
The old links were for Pleroma instances and one of them isn't even active anymore.
2022-11-15 07:51:19 -05:00
2a1f17e3ed and i yoink (#275)
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#275
2022-11-14 15:07:26 +00:00
893bfde66f Remove references to soykaf
Fixes #271
2022-11-14 00:01:31 +00:00
c1127e321b Add configurable timeline per oban job (#273)
Heavily inspired by https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3777

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#273
2022-11-13 23:55:51 +00:00
7d4c4aa16e Merge pull request 'change default redirectRootNoLogin to /main/public' (#272) from nocebo/akkoma:nocebo-default-public-tl into develop
Reviewed-on: AkkomaGang/akkoma#272
2022-11-13 22:45:22 +00:00
35cddd7cf7 change default redirectRootNoLogin to /main/public
close #268
2022-11-13 08:43:12 +00:00
19272be0ce Merge pull request 'Chores for 2022.11' (#266) from 2022-11-stable into develop
Reviewed-on: AkkomaGang/akkoma#266
2022-11-12 15:16:51 +00:00
89dbc7177b Chores for 2022.11 2022-11-11 16:12:04 +00:00
634463ff64 fix requirements 2022-11-11 16:07:07 +00:00
ac0c00cdee Add media sources to connect-src if media proxy is enabled 2022-11-10 17:26:51 +00:00
50458a17dc Merge branch 'develop' of akkoma.dev:AkkomaGang/akkoma into develop 2022-11-10 11:54:35 +00:00
bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
dcc36df8cf add manual deploy for docs 2022-11-10 10:55:57 +00:00
77ed5fc674 Merge pull request 'Fix typo in README' (#262) from eloy/akkoma:develop into develop
Reviewed-on: AkkomaGang/akkoma#262
2022-11-10 10:52:59 +00:00
f8b4e360a0 Fix typo in README 2022-11-10 10:00:39 +01:00
539c6d6666 update requirements.txt 2022-11-10 03:40:36 +00:00
dc2e9845bb Merge remote-tracking branch 'origin/translations' into develop 2022-11-10 03:38:38 +00:00
66eb844bd2 Update documentation builder 2022-11-10 03:38:10 +00:00
c5b6cb746f add requested_by changelog entry 2022-11-10 03:17:00 +00:00
Weblate
f2c6749b57 Update translation files
Updated by "Squash Git commits" hook in Weblate.

Translation: Pleroma fe/Akkoma Backend (Errors)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/
2022-11-10 03:16:35 +00:00
Weblate
f7c1e15d08 Translated using Weblate (Spanish)
Currently translated at 21.6% (23 of 106 strings)

Co-authored-by: mint <they@mint.lgbt>
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-errors/es/
Translation: Pleroma fe/Akkoma Backend (Errors)
2022-11-10 03:16:35 +00:00
cc6a076202 Include requested_by in relationship (#260)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#260
2022-11-10 03:16:32 +00:00
53fbe26c80 reference "stable" in all URLs 2022-11-09 13:22:44 +00:00
0681a26dbb Remove unused pattern 2022-11-08 13:54:43 +00:00
4e8ab0deeb fix count of poll voters 2022-11-08 13:50:04 +00:00
2e895b6c02 make metdata check a debug log 2022-11-08 11:03:43 +00:00
479aacb1b6 Add fallback for reports that don't have attached activities 2022-11-08 11:01:47 +00:00
a0b8e3c842 Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
7bbaa8f8e0 automatically trim loading *. prefixes on domain blocks 2022-11-07 22:33:18 +00:00
c0eecb55bf Update finch 2022-11-07 13:32:34 +00:00
e0032e4799 Add rollbacks for associated_object_id 2022-11-07 00:08:20 +00:00
48309c141e Add "differences" in readme 2022-11-06 23:57:43 +00:00
31ad09010e Fix regex usage in MRF (#254)
fixes #235
fixes #228

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#254
2022-11-06 23:50:32 +00:00
5123b3a5dd Add enabled check on /translation/languages 2022-11-06 22:55:26 +00:00
bbedbaaf5c Changelog 2022-11-06 22:50:11 +00:00
b7e8ce2350 Scrape instance nodeinfo (#251)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: AkkomaGang/akkoma#251
2022-11-06 22:49:39 +00:00
ccdf55acff Fix instance name in email test 2022-11-04 18:42:12 +00:00
cc6d760814 Merge pull request 'Fix typo in CSP Report-To header name' (#250) from tcit/akkoma:fix-typo-in-csp-report-to-header-name into develop
Reviewed-on: AkkomaGang/akkoma#250
2022-11-04 18:41:26 +00:00
4d0a51221a
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00