techhub/mastodon
2
0
Fork 0
Code Activity
19,041 Commits 1 Branch 0 Tags
e103815d2d1603f83f30f1a1e8a7a4f9aea80ac6
Commit Graph

39 Commits

Author SHA1 Message Date
Matt Jankowski
1297ad759e Update rubocop to version 1.76.0 (#34926) 2025-06-05 12:09:05 +00:00
Echo
c4f47adb49 Convert from Webpack to Vite (#34450) 
Co-authored-by: Renaud Chaput <renchap@gmail.com>
 2025-05-16 13:26:12 +00:00
Claire
a496aeabcb Change form-action Content-Security-Policy directive to be more restrictive (#26897) 2024-09-12 13:24:19 +00:00
Eugen Rochko
24ef8255b3 Change design of embed modal in web UI (#31801) 2024-09-12 12:54:16 +00:00
Matt Jankowski
c523a9601b Rename local webpack* var in development env CSP config (#28766) 2024-01-17 09:22:16 +00:00
Claire
85662a5a57 Change img-src and media-src CSP directives to not include https: (#28025) 2023-11-30 13:47:01 +00:00
Matt Jankowski
c875dfc90b Fix Lint/UnusedBlockArgument cop (#27777) 2023-11-09 09:43:26 +00:00
Matt Jankowski
33cc3ae8fa Fix Style/StabbyLambdaParentheses cop (#27771) 2023-11-08 12:01:18 +00:00
Matt Jankowski
eae5c7334a Extract class from CSP configuration/initialization (#26905) 2023-10-27 16:20:40 +00:00
Matt Jankowski
9a3d047f3e Run bin/rails app:update with Rails 7.1 (#27522) 2023-10-25 13:56:09 +00:00
Claire
c3e0eb3699 Change Content-Security-Policy to be tighter on media paths (#26889) 2023-10-23 14:27:07 +02:00
Nick Schonning
85db392464 Autofix Rubocop cops for config/ (#24145) 2023-10-03 15:24:12 +02:00
Claire
a04ae16201 Fix CSP when using ONE_CLICK_SSO_LOGIN (#26901) 2023-09-13 19:54:04 +02:00
CSDUMMI
9a70cac9de Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2023-09-12 13:04:51 +02:00
Christian Schmidt
286a21afdc Support webpacker live-reloading on Docker (#26419) 2023-08-29 10:17:57 +02:00
Claire
e5f1000ad1 Fix CSP headers being unintendedly wide (#26105) 2023-07-21 13:34:15 +02:00
Misty De Méo
b848ba3867 Paperclip: add support for Azure blob storage (#23607) 2023-07-19 09:02:49 +02:00
Nick Schonning
1d557305d2 Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Claire
e428670e61 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) 2023-06-05 17:35:05 +02:00
Matt Jankowski
5a2aa06a51 Fix Rails/Present cop (#24688) 2023-04-30 06:47:50 +02:00
Nick Schonning
500d6f93be Autofix Rubocop Style/IdenticalConditionalBranches (#24322) 2023-03-31 09:33:52 +02:00
Claire
7955d4b959 Add form-action CSP directive (#20781) 2022-11-17 10:55:03 +01:00
Eugen Rochko
43b0b2f3f4 Fix wrong directive unsafe-wasm-eval to wasm-unsafe-eval (#20729) 2022-11-15 03:39:06 +01:00
prplecake
b46b7c3d5e Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606) 
* Add "unsafe-eval" to script-src CSP

* Use 'unsafe-wasm-eval' instead of 'unsafe-eval'
 2022-11-15 03:22:38 +01:00
prplecake
aafbc82d88 Add "unsafe-eval" to script-src CSP (#18817) 2022-10-26 19:23:16 +02:00
Yamagishi Kazutoshi
eb9a7e3626 Fix LetterOpennerWeb CSP (#17770) 2022-03-14 19:20:40 +01:00
Eugen Rochko
3f2533ca8e Fix autoloading deprecation warnings from Rails 6 (#16010) 2021-04-09 02:31:20 +02:00
Claire
cbd0ee1d07 Update Mastodon to Rails 6.1 (#15910) 
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
 2021-03-24 10:44:31 +01:00
ThibG
a783bdf4ad Fix hashtag column options styling (#14247) 
* Enable nonces for stylesheets

* Pass nonce to react-select
 2020-07-07 01:33:38 +02:00
ThibG
e1629a7758 Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679) 
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
 2020-05-08 21:22:57 +02:00
ThibG
dea5db0e25 Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595) 2020-05-04 13:52:41 +02:00
ThibG
7ddbbdea6d Fix OCR not working on Safari because of unsupported worker-src CSP (#13323) 
Fixes #13321
 2020-03-27 22:35:57 +01:00
ThibG
8203e24cf4 Fix CSP needlessly allowing blob URLs in script-src (#11620) 2019-08-19 20:36:58 +02:00
Eugen Rochko
b7f5f0ec10 Fix media host not being included in connect-src for OCR (#11577) 2019-08-16 01:54:36 +02:00
Eugen Rochko
28636f43e4 Add OCR tool to media editing modal (#11566) 2019-08-15 15:13:26 +02:00
ThibG
8ab081ec32 Add manifest_src to CSP, add blob to connect_src (#8967) 2018-10-12 19:07:30 +02:00
Eugen Rochko
edc7f895be Fix CSP headers blocking media and development environment (#8962) 
Regression from #8957
 2018-10-12 01:43:09 +02:00
ThibG
2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957) 
* Set CSP rules in RoR's configuration

* Override CSP setting in the embed controller to allow frames
 2018-10-11 20:35:46 +02:00
Yamagishi Kazutoshi
50529cbceb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00