lain
50585d051b
Add User.Info module
...
To validate and mutate the user.info field.
2018-11-18 18:04:42 +01:00
William Pitcock
f6be980f4f
activitypub: object view: avoid leaking private details
2018-11-17 22:30:53 +00:00
William Pitcock
98795172a7
ostatus controller: respond with AS2 objects instead of activities to notice URIs
2018-11-17 22:10:15 +00:00
William Pitcock
dfcfb184b1
activitypub: transmogrifier: make deletes secure
2018-11-17 21:22:57 +00:00
William Pitcock
0d1375f274
federator: return :ok or :error depending on if an AP doc was accepted or not
2018-11-17 21:00:37 +00:00
William Pitcock
3d9266a8cb
federator: do origin containment when processing inbound messages
2018-11-17 20:43:43 +00:00
William Pitcock
c88533209c
activitypub: user fetching: use fetch_and_contain_remote_object_from_id()
2018-11-17 20:16:03 +00:00
William Pitcock
daa8ec3d62
activitypub: factor out AP object fetching to it's own function and add ID-based containment
2018-11-17 20:15:59 +00:00
William Pitcock
603fccf175
activitypub: fetch_object_from_id(): prefer actor
over attributedTo
to avoid spoofing
2018-11-17 18:17:17 +00:00
kaniini
05967472f2
Merge branch 'feature/uploader-mdii' into 'develop'
...
Feature / MDII Uploader
See merge request pleroma/pleroma!454
2018-11-17 16:41:09 +00:00
hakabahitoyo
59e079f641
fallbacking into local uploader
2018-11-17 20:16:25 +09:00
hakabahitoyo
8fd0556c78
better config reading
2018-11-17 18:14:42 +09:00
lain
f87b315618
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
2018-11-16 19:47:36 +01:00
lambda
2f639ea129
Merge branch 'feature/pleromafe-usersearch' into 'develop'
...
Add Twitter / Pleroma API user search
See merge request pleroma/pleroma!452
2018-11-16 18:13:47 +00:00
William Pitcock
c07464607d
http security: remove form-action from CSP definitions
2018-11-16 17:40:21 +00:00
lain
e8d8c84f79
Add better test for user search functionlity.
2018-11-16 18:31:32 +01:00
hakabahitoyo
55abd8482e
better config
2018-11-16 20:41:12 +09:00
hakabahitoyo
52224de39f
better extension detection
2018-11-16 20:22:36 +09:00
hakabahitoyo
4fbfacf5e1
debug
2018-11-15 16:08:55 +09:00
hakabahitoyo
8e707aba29
format
2018-11-15 15:11:59 +09:00
Hakaba Hitoyo
ebe658c169
debuf
2018-11-15 14:46:43 +09:00
Hakaba Hitoyo
698cb3587c
omplement mdii uploader
2018-11-15 14:38:45 +09:00
Hakaba Hitoyo
58af0787be
add mdii uploader
2018-11-15 14:19:10 +09:00
lain
27aa136aac
Format.
2018-11-14 20:41:12 +01:00
lain
7b170cd616
Add Pleroma user search api for PleromaFE.
2018-11-14 20:33:23 +01:00
lambda
cc45797f4e
Merge branch 'fix-media-proxy-filename' into 'develop'
...
media_proxy: use path only to retrieve filename
See merge request pleroma/pleroma!450
2018-11-14 18:17:10 +00:00
kaniini
69d557e86d
Merge branch 'twitter-api-direct-messages' into 'develop'
...
Twitter api direct messages
See merge request pleroma/pleroma!449
2018-11-14 08:52:08 +00:00
href
f52a1d1ec5
media_proxy: use path only to retrieve filename
2018-11-13 23:41:33 +01:00
lain
ea9a776d7b
TwitterApi: Add direct message endpoint
2018-11-13 20:08:50 +01:00
lain
2cf40237ff
MastodonAPI: Add pagination to private messages.
2018-11-13 19:46:34 +01:00
href
9b553a1087
media_proxy: CSP, content-disposition
...
* Adds CSP headers to the media proxy endpoint
* Sends `content-disposition: attachment; …` for non-image/video/audio
content types
The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.
* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
shibayashi
87c76a9a2f
Add __Host- prefix when secure flag is enabled
2018-11-13 00:32:38 +01:00
scarlett
0ce5623134
Merge branch 'twitter-api-null-display-name' into 'develop'
...
Twitter API: Fall back to user.nickname if user has no name
Closes #375
See merge request pleroma/pleroma!444
2018-11-12 17:08:54 +00:00
scarlett
cb6fd73861
Twitter API: Fall back to user.nickname if user has no name
2018-11-12 15:52:13 +00:00
kaniini
54923c2e55
Merge branch 'feature/csp-plug' into 'develop'
...
migrate CSP management to CSPPlug
See merge request pleroma/pleroma!441
2018-11-12 15:30:42 +00:00
William Pitcock
ee5932a504
http security: allow referrer-policy to be configured
2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19
rename CSPPlug to HTTPSecurityPlug.
2018-11-12 15:08:02 +00:00
KokaKiwi
1592fa2bea
Mastodon API: Fix list streaming
2018-11-11 14:18:15 +01:00
William Pitcock
df72978dce
csp plug: add support for certificate transparency
2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1
csp plug: add sts support
2018-11-11 06:50:28 +00:00
William Pitcock
f516e317ea
plugs: add CSPPlug
2018-11-11 06:10:21 +00:00
William Pitcock
419ed3a0ca
oauth: fix token decode regression
2018-11-11 05:26:39 +00:00
William Pitcock
97e50f3191
activitypub: transmogrifier: sanitize internal representation details from outgoing objects
...
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data. accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
William Pitcock
f8310114a6
activitypub: object view: sanitize both the activity and the object when an activity is given for rendering
2018-11-10 12:04:09 +00:00
kaniini
c9c1f9dee2
Merge branch 'bugfix/ostatus-as2-reflection' into 'develop'
...
ostatus: only federate activities concerning note objects
See merge request pleroma/pleroma!437
2018-11-10 11:50:02 +00:00
kaniini
7daa102fa4
Merge branch 'bugfix/local-jsonld-context' into 'develop'
...
Host LitePub JSON-LD context locally
See merge request pleroma/pleroma!435
2018-11-10 11:37:44 +00:00
William Pitcock
4f87b8362b
endpoint: move CORSPlug in front of Plug.Static
2018-11-10 11:23:50 +00:00
William Pitcock
03a9990baf
endpoint: fix formatting
2018-11-10 11:18:25 +00:00
William Pitcock
e6d246882d
federator: don't federate anything other than Note objects to OStatus
2018-11-10 10:06:10 +00:00
William Pitcock
e4971553c7
activitypub: utils: use same object type list for mention extraction as insertion
2018-11-09 13:40:39 +00:00