Commit graph

2517 commits

Author SHA1 Message Date
kaniini
38f76d964f Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions

Closes #379

See merge request pleroma/pleroma!456
2018-11-16 17:47:22 +00:00
William Pitcock
c07464607d http security: remove form-action from CSP definitions 2018-11-16 17:40:21 +00:00
lambda
4ad0432565 Merge branch 'fix/test' into 'develop'
Reset http security settings to fix plug test

See merge request pleroma/pleroma!455
2018-11-16 15:52:38 +00:00
AkiraFukushima
62944b47fb Reset http security settings to fix plug test 2018-11-17 00:45:21 +09:00
lambda
cc45797f4e Merge branch 'fix-media-proxy-filename' into 'develop'
media_proxy: use path only to retrieve filename

See merge request pleroma/pleroma!450
2018-11-14 18:17:10 +00:00
kaniini
8456675c45 Merge branch 'update/pleroma-fe-20181114' into 'develop'
update pleroma frontend

See merge request pleroma/pleroma!451
2018-11-14 16:10:27 +00:00
William Pitcock
2a75de84e1 update pleroma frontend 2018-11-14 16:08:22 +00:00
kaniini
69d557e86d Merge branch 'twitter-api-direct-messages' into 'develop'
Twitter api direct messages

See merge request pleroma/pleroma!449
2018-11-14 08:52:08 +00:00
href
f52a1d1ec5
media_proxy: use path only to retrieve filename 2018-11-13 23:41:33 +01:00
lain
ea9a776d7b TwitterApi: Add direct message endpoint 2018-11-13 20:08:50 +01:00
lain
2cf40237ff MastodonAPI: Add pagination to private messages. 2018-11-13 19:46:34 +01:00
lambda
a43195bdaa Merge branch 'media-proxy-safety' into 'develop'
media_proxy: CSP, content-disposition

See merge request pleroma/pleroma!448
2018-11-13 15:15:05 +00:00
href
9b553a1087
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
lambda
22d20c497b Merge branch 'security/cookie-hardening' into 'develop'
Add __Host- prefix when secure flag is enabled

See merge request pleroma/pleroma!446
2018-11-13 13:23:04 +00:00
lambda
c3f562a611 Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'
Add MIX_ENV=prod to systemd example file

See merge request pleroma/pleroma!445
2018-11-13 12:24:29 +00:00
lambda
cf35a9dc3d Merge branch 'whalebird' into 'develop'
Add Whalebird as a client application in README

See merge request pleroma/pleroma!447
2018-11-13 12:22:41 +00:00
shibayashi
87c76a9a2f
Add __Host- prefix when secure flag is enabled 2018-11-13 00:32:38 +01:00
shibayashi
124a9bb7a5
Add MIX_ENV=prod 2018-11-12 23:01:06 +01:00
scarlett
0ce5623134 Merge branch 'twitter-api-null-display-name' into 'develop'
Twitter API: Fall back to user.nickname if user has no name

Closes #375

See merge request pleroma/pleroma!444
2018-11-12 17:08:54 +00:00
scarlett
db78c72868 Twitter API: Add tests for nil names. 2018-11-12 17:02:01 +00:00
AkiraFukushima
35895b1c4c Add Whalebird as a client application in README 2018-11-13 01:02:49 +09:00
scarlett
cb6fd73861 Twitter API: Fall back to user.nickname if user has no name 2018-11-12 15:52:13 +00:00
kaniini
54923c2e55 Merge branch 'feature/csp-plug' into 'develop'
migrate CSP management to CSPPlug

See merge request pleroma/pleroma!441
2018-11-12 15:30:42 +00:00
William Pitcock
2829fa4183 sample config: chase http_security change 2018-11-12 15:17:04 +00:00
William Pitcock
ee5932a504 http security: allow referrer-policy to be configured 2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
Haelwenn
e7d6f133eb Merge branch 'update-readme' into 'develop'
Update README.md

See merge request pleroma/pleroma!443
2018-11-11 16:44:04 +00:00
shibayashi
3e6e4e3be7
Update README.md 2018-11-11 17:31:16 +01:00
kaniini
b982ced92c Merge branch 'fix-list-streaming' into 'develop'
Mastodon API: Fix list streaming

See merge request pleroma/pleroma!442
2018-11-11 13:41:48 +00:00
KokaKiwi
1592fa2bea Mastodon API: Fix list streaming 2018-11-11 14:18:15 +01:00
William Pitcock
5dda13ee5f config docs: typo fix 2018-11-11 07:27:36 +00:00
William Pitcock
54fdce9107 tests: add tests for CSPPlug 2018-11-11 07:26:31 +00:00
William Pitcock
e4bd5a6950 example configs: kill STS/CT headers 2018-11-11 06:56:46 +00:00
William Pitcock
df72978dce csp plug: add support for certificate transparency 2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1 csp plug: add sts support 2018-11-11 06:50:28 +00:00
William Pitcock
a2bf5426cb sample config: document how to make CSPPlug send STS headers (off by default to allow for SSL debugging) 2018-11-11 06:42:14 +00:00
William Pitcock
69f5dfcfb3 config: add default parameters for CSPPlug 2018-11-11 06:38:50 +00:00
William Pitcock
057a9017b3 example configs: remove obsolete CSP configuration 2018-11-11 06:12:26 +00:00
William Pitcock
f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
kaniini
617aff4f0c Merge branch 'bugfix/corsplug-config' into 'develop'
properly configure CORSPlug

See merge request pleroma/pleroma!440
2018-11-11 05:49:49 +00:00
William Pitcock
fd918863aa nginx example config: remove CORS headers, now managed by CORSPlug. 2018-11-11 05:42:30 +00:00
William Pitcock
234e471289 config: properly configure CORSPlug. 2018-11-11 05:41:23 +00:00
kaniini
61d173d37c Merge branch 'bugfix/oauth-padding' into 'develop'
hotfix: oauth: fix token decode regression

Closes #373

See merge request pleroma/pleroma!439
2018-11-11 05:34:45 +00:00
William Pitcock
419ed3a0ca oauth: fix token decode regression 2018-11-11 05:26:39 +00:00
lambda
f745e823f0 Merge branch 'bugfix/json-ld-object-sanitization' into 'develop'
JSON-LD: object sanitization

See merge request pleroma/pleroma!438
2018-11-10 12:37:18 +00:00
kaniini
9cdbac6843 Merge branch 'feature/documentation' into 'develop'
Add ex_doc documentation to Pleroma

See merge request pleroma/pleroma!416
2018-11-10 12:25:08 +00:00
William Pitcock
69b8c0e299 tests: add test for internal data stripping 2018-11-10 12:24:25 +00:00
William Pitcock
97e50f3191 activitypub: transmogrifier: sanitize internal representation details from outgoing objects
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data.  accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
Haelwenn (lanodan) Monnier
5ecb5629f6
lib/mix/tasks: s/@doc/@moduledoc/ 2018-11-10 13:09:39 +01:00
Haelwenn (lanodan) Monnier
5e3207045e
lib/mix/tasks/unsubscribe_user.ex: Fix syntax from bad line copy 2018-11-10 13:09:39 +01:00