Commit graph

10219 commits

Author SHA1 Message Date
rinpatch d23b3701d8 Merge branch 'bugfix/csp-unproxied' into 'develop'
http_security_plug.ex: Fix non-proxied media

See merge request pleroma/pleroma!2610
2020-05-29 21:23:49 +00:00
rinpatch 32ba2b7f9f Merge branch 'media-docs' into 'develop'
Docs: Attachement limitations in MastoAPI differences

See merge request pleroma/pleroma!2607
2020-05-29 21:20:36 +00:00
rinpatch d2a1975e56 mix.lock: update hackney to 1.16.0
Closes #1612
2020-05-30 00:18:17 +03:00
rinpatch 109af93227 Apply suggestion to lib/pleroma/plugs/http_security_plug.ex 2020-05-29 21:15:07 +00:00
lain f361264e1a Merge branch 'hotfix/streamer-test-unused-var-warning' into 'develop'
fix unused var warning in streamer test

See merge request pleroma/pleroma!2612
2020-05-29 20:31:07 +00:00
Roman Chvanikov 0a83af330b fix unused var warning 2020-05-29 23:05:03 +03:00
rinpatch 660d49227b Merge branch 'connect-src' into 'develop'
Add blob: to connect-src CSP, fixes #1827

Closes #1827

See merge request pleroma/pleroma!2608
2020-05-29 19:26:54 +00:00
Ivan Tashkinov c181e555db [#1794] Improvements to hashtags extraction from search query. 2020-05-29 22:03:14 +03:00
Alex Gleason d38f28870e
Add blob: to connect-src CSP 2020-05-29 11:08:17 -05:00
lain 219d2b3146 Merge branch 'fix-streaming' into 'develop'
Fix argument error in streamer

See merge request pleroma/pleroma!2609
2020-05-29 15:42:43 +00:00
feld 81db758e8e Merge branch 'mix/database-vacuum-options' into 'develop'
Database vacuum mix task

See merge request pleroma/pleroma!2599
2020-05-29 15:33:35 +00:00
kPherox 9ca978494f
Add test for stream boosts of mastodon user 2020-05-30 00:31:20 +09:00
kPherox de0e262839
Fix argument error in streamer
`Repo.exists` can't use `nil` as it is unsafe.
Use parent object instead of activity because currently Announce activity's context is null.
2020-05-30 00:31:18 +09:00
Haelwenn (lanodan) Monnier da1e31fae3
http_security_plug.ex: Fix non-proxied media 2020-05-29 17:20:09 +02:00
Mark Felder 1b586ff3ae Document new database vacuum tasks 2020-05-29 10:17:06 -05:00
Haelwenn (lanodan) Monnier a43b435c0a
AP C2S: allow limit & order on outbox & read_inbox 2020-05-29 16:14:45 +02:00
Haelwenn (lanodan) Monnier 2c18830d0d
Bugfix: router: allow basic_auth for outbox 2020-05-29 16:14:45 +02:00
Haelwenn (lanodan) Monnier b3b367b894
Bugfix: Reuse Controller.Helper pagination for APC2S 2020-05-29 16:14:45 +02:00
lain 32431ad1ee Docs: Also add the streaming docs to the Chat api doc. 2020-05-29 16:07:40 +02:00
lain 3898dd69a6 SideEffects: Ensure a chat is present before streaming something out. 2020-05-29 16:05:02 +02:00
lain b08baf905b Docs: Document streaming differences 2020-05-29 16:03:55 +02:00
lain 767ce8b803 StreamerView: Actually send Chats, not ChatMessages. 2020-05-29 16:02:45 +02:00
lain 863c02b25d SideEffects: Stream out chat messages. 2020-05-29 15:44:03 +02:00
lain c86a88edec Streamer: Add a chat message stream. 2020-05-29 15:24:41 +02:00
lain 9848978109 Merge branch 'fix-relay-repeat-notification' into 'develop'
Fix relay repeat notification

See merge request pleroma/pleroma!2590
2020-05-29 10:42:49 +00:00
lain af6d01ec93 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remake-remodel-dms 2020-05-29 12:36:17 +02:00
kPherox 228ff3760e
Use User.is_internal_user? instead 2020-05-29 19:07:05 +09:00
kPherox 9df5b1e6ae
Don't make relay announce notification 2020-05-29 19:06:38 +09:00
rinpatch 396bc69aee Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'
Fix profile emojis bypassing mediaproxy and harden CSP

Closes #1810

See merge request pleroma/pleroma!2596
2020-05-29 09:46:31 +00:00
rinpatch 27180611df HTTP Security plug: make starting csp string generation more readable 2020-05-29 12:32:48 +03:00
Alex Gleason 394258d548
Docs: Attachement limitations in MastoAPI differences 2020-05-28 16:11:33 -05:00
Egor Kislitsyn 06f20e9181
Add OpenApi spec to AdminAPI.ConfigController 2020-05-28 23:11:12 +04:00
Egor Kislitsyn d1ee3527ef
Move config actions to AdminAPI.ConfigController 2020-05-28 22:23:15 +04:00
lain 1d30608e20 Merge branch 'fix/1557-gets-local-pack' into 'develop'
get-packs for local generated pack

Closes #1557

See merge request pleroma/pleroma!2604
2020-05-28 17:08:30 +00:00
lain f6ddf0cc50 Merge branch 'feature/1792-update-actor-type' into 'develop'
Validate actor type

See merge request pleroma/pleroma!2593
2020-05-28 16:58:28 +00:00
Alex Gleason d4a18d44fe
Update default instance description 2020-05-28 11:56:30 -05:00
lain ddbf7084e2 Merge branch 'update-install-guides' into 'develop'
Update installation guides

See merge request pleroma/pleroma!2603
2020-05-28 16:54:09 +00:00
Alexander Strizhakov ae05792d2a
get-packs for local generated pack 2020-05-28 19:41:34 +03:00
Egor Kislitsyn 800e624058
Update installation guides 2020-05-28 19:32:56 +04:00
rinpatch 089d72d2e6 Merge branch 'chore/fix-spelling' into 'develop'
Fix minor spelling error

See merge request pleroma/pleroma!2598
2020-05-28 11:38:35 +00:00
Mark Felder 92fba24c74 Alpha sort 2020-05-27 17:17:06 -05:00
Mark Felder 30f96b19c1 Abstract out the database maintenance. I'd like to use this from AdminFE too. 2020-05-27 16:40:51 -05:00
Mark Felder 0d57e06626 Make clearer that this is time and resource consuming 2020-05-27 16:31:37 -05:00
Mark Felder 73ca57e4f1 Make it obvious a full vacuum can take a while 2020-05-27 16:27:29 -05:00
Mark Felder a2f57bd82b Permit easy access to vaccum full and analyze via a mix task 2020-05-27 16:27:07 -05:00
Mark Felder 95f6240889 Fix minor spelling error 2020-05-27 14:34:37 -05:00
rinpatch a23df89b5d Merge branch 'bundle/adminfe-20200527' into 'develop'
Update AdminFE build, re-enables emoji packs

See merge request pleroma/pleroma!2597
2020-05-27 19:22:53 +00:00
Mark Felder d28b9708d2 Update AdminFE build, re-enables emoji packs 2020-05-27 13:50:24 -05:00
rinpatch 29ff6d414b HTTP security plug: Harden img-src and media-src when MediaProxy is enabled 2020-05-27 21:41:19 +03:00
rinpatch 455a402c8a HTTP Security plug: rewrite &csp_string/0
- Directives are now separated with ";" instead of " ;",
according to https://www.w3.org/TR/CSP2/#policy-parsing
the space is optional
- Use an IO list, which at the end gets converted to a binary as
opposed to ++ing a bunch of arrays with binaries together and joining
them to a string. I doubt it gives any significant real world advantage,
but the code is cleaner and now I can sleep at night.
- The static part of csp is pre-joined to a single binary at compile time.
Same reasoning as the last point.
2020-05-27 21:31:47 +03:00