Commit graph

12 commits

Author SHA1 Message Date
Egor Kislitsyn
7803a85d2c
Add OpenAPI spec for StatusController 2020-05-13 00:25:21 +04:00
Ivan Tashkinov
1c05f539aa Improved in-test clear_config/n applicability (setup / setup_all / in-test usage). 2020-03-20 18:33:00 +03:00
Ivan Tashkinov
ec3719f539 Improved in-test config management functions. 2020-03-18 20:30:31 +03:00
Haelwenn (lanodan) Monnier
0ac6e29654 static_fe: Sanitize HTML in posts
Note: Seems to have different sanitization with TwitterCard generator giving
the following:

<meta content=\"“alert(&#39;xss&#39;)”\" property=\"twitter:description\">
2020-03-15 20:44:04 +01:00
Ivan Tashkinov
5b696a8ac1 [] Enforced authentication for non-federating instances in StaticFEController. 2020-03-11 14:05:56 +03:00
Ivan Tashkinov
0cf1d4fcd0 [] Restricted AP- & OStatus-related routes for non-federating instances. 2020-02-22 19:48:41 +03:00
Phil Hagelberg
3c60adbc1f Support redirecting by activity UUID in static FE as well. 2019-11-13 08:22:11 -08:00
Phil Hagelberg
0867cb083e Support redirecting by object ID in static FE.
This matches the behavior of pleroma-fe better.

Fixes .
2019-11-13 08:02:02 -08:00
Phil Hagelberg
62f3a93049 For remote notices, redirect to the original instead of 404.
We shouldn't treat these like local statuses, but I don't think a 404
is the right choice either here, because within pleroma-fe, these are
valid URLs. So with remote notices you have the awkward situation
where clicking a link will behave differently depending on whether you
open it in a new tab or not; the new tab will 404 if it hits static-fe.

This new redirecting behavior should improve that situation.
2019-11-12 09:40:29 -08:00
Phil Hagelberg
6ef8049664 Add changelog entry, cheatsheet docs, and alphabetize. 2019-11-09 18:09:29 -08:00
Phil Hagelberg
ef7c3bdc7a Add some further test cases.
Including like ... private visibility, cos that's super important.
2019-11-09 18:08:45 -08:00
Phil Hagelberg
2bf592f5dc Add tests for static_fe controller. 2019-11-09 18:08:45 -08:00