akkoma/test/pleroma
@r3g_5z@plem.sapphic.site 0e4c201f8d HTTP header improvements (#294)
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: AkkomaGang/akkoma#294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
..
activity/ir Rename Activity.Search to Search.DatabaseSearch 2022-06-29 20:49:44 +01:00
akkoma Backend settings sync (#226) 2022-10-06 16:22:15 +00:00
collections GTS: cherry-picks and collection usage (#186) 2022-08-27 18:05:48 +00:00
config fix_flaky_transfer_task_test.exs (#237) 2022-11-01 14:31:29 +00:00
conversation fix flaky participation_test.exs 2022-10-23 12:33:31 +02:00
docs backend-i18n (#121) 2022-07-27 21:56:59 +00:00
ecto_type/activity_pub/object_validators Pipeline Ingestion: Note 2021-04-05 19:19:11 +02:00
emails Fix instance name in email test 2022-11-04 18:42:12 +00:00
emoji Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
http add finch outbound proxy support (#158) 2022-08-14 23:13:49 +00:00
instances Don't mess with the cache on metadata update 2022-11-08 10:39:01 +00:00
integration Disconnect streaming sessions when token is revoked 2022-08-27 19:07:48 +01:00
mfa Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
migration_helper purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
object microblogpub federation fixes (#288) 2022-11-18 11:14:35 +00:00
password Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
repo/migrations purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
search Fix false error in meilisearch index (#221) 2022-09-20 10:36:21 +00:00
translators add seperate source and dest entries in language listing (#193) 2022-08-30 16:59:33 +00:00
upload Update eblurhash to a non-bugged version (#34) 2022-07-02 14:05:32 +00:00
uploaders Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
user Allow users to create backups without providing email address 2022-08-02 22:16:54 -04:00
web HTTP header improvements (#294) 2022-11-20 21:20:06 +00:00
workers and i yoink (#275) 2022-11-14 15:07:26 +00:00
activity_test.exs Merge branch 'features/validators-note' into 'develop' 2021-06-01 01:51:38 +00:00
announcement_read_relationship_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
announcement_test.exs Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
application_requirements_test.exs Don't crash when email settings are invalid 2021-05-03 14:43:14 -05:00
bookmark_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
captcha_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
config_db_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
config_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
conversation_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
emoji_test.exs Fix emoji qualification (#124) 2022-07-28 12:02:36 +00:00
filter_test.exs support for expires_in/expires_at in filters 2021-01-26 08:27:45 +03:00
following_relationship_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
formatter_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
frontend_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
hashtag_test.exs [#3213] Ignoring of blank elements from objects.data->tag. 2021-01-21 20:50:06 +03:00
healthcheck_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
html_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
http_test.exs mix format 2022-06-11 16:14:31 +01:00
instances_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
job_queue_monitor_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
keys_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
list_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
marker_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
mfa_test.exs Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
moderation_log_test.exs CI: Bump lint stage to elixir-1.12 2021-10-06 08:11:05 +02:00
notification_test.exs optimise notifications query 2022-10-11 11:40:43 +01:00
object_test.exs Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework 2021-01-21 20:20:35 +03:00
otp_version_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
pagination_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
registration_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
repo_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
report_note_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
reverse_proxy_test.exs Use finch everywhere (#33) 2022-07-04 16:30:38 +00:00
runtime_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
safe_jsonb_set_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
scheduled_activity_test.exs Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
signature_test.exs fix resolution of GTS user keys 2022-07-18 15:21:27 +01:00
stats_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
upload_test.exs Post editing (#202) 2022-09-06 19:24:02 +00:00
user_invite_token_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_relationship_test.exs fix flaky test_user_relationship_test.exs:81 2022-10-23 13:31:01 +02:00
user_search_test.exs User: search: exclude deactivated users from user search 2022-09-15 21:21:06 -04:00
user_test.exs microblogpub federation fixes (#288) 2022-11-18 11:14:35 +00:00
utils_test.exs extend custom runtime system (#108) 2022-07-24 16:42:43 +00:00
xml_builder_test.exs Bump Copyright to 2021 2021-01-13 07:49:50 +01:00