techhub/mastodon
2
0
Fork 0
Code Activity
18,679 Commits 1 Branch 0 Tags
a5a2c6dc7ec0d8af53594cd53a90da7d6fbefd5a
Commit Graph

6 Commits

Author SHA1 Message Date
Claire
3fa0dd0b88 Merge pull request from GHSA-c2r5-cfqr-c553 
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
 2024-05-30 14:24:29 +02:00
Eugen Rochko
6e418bf346 Fix cookies secure flag being set when served over Tor (#17992) 2022-04-08 12:47:18 +02:00
Justin Tracey
c9e8e1739c replace all instances of "ends_with?" with "end_with?" (#15745) 
The "ends_with?" method is just a Rails alias of Ruby's "end_with?" method.
Using the latter makes the code less brittle.
 2021-02-19 09:56:14 +01:00
Justin Tracey
3f8523130d use host instead of headers to make Rack happy (#15741) 
"headers" is provided by Rails, Rack can't rely on it
 2021-02-16 15:28:17 +01:00
Cecylia Bocovich
3447bd2f80 Monkey patch Rack::Session to send secure cookies to onions (#15725) 2021-02-14 00:10:52 +01:00
Claire
21fb3f3684 Drop dependency on secure_headers, fix response headers (#15712) 
* Drop dependency on secure_headers, use always_write_cookie instead

* Fix cookies in Tor Hidden Services by moving configuration to application.rb

* Instead of setting always_write_cookie at boot, monkey-patch ActionDispatch
 2021-02-11 23:47:05 +01:00