Commit Graph

182 Commits (features/numeric-identifiers)

Author SHA1 Message Date
Claire d0b3137723 Add support for numeric-based URIs for local accounts
Actors would be served at `/ap/users/:user_id` and statuses at `/ap/statuses/:id`
3 weeks ago
Claire 68b05e994f
Fix error on log-in from old users requiring ToS interstitial when said ToS has been removed (#35233) 3 weeks ago
David Roetzel 0ec6c26af3
Fix error when RFC9421 signatures are used (#35109) 1 month ago
David Roetzel 83d5016ca3
Re-instate rescuing signature errors (#35033) 1 month ago
David Roetzel 319fbbbfac
Experimental Async Refreshes API (#34918) 1 month ago
David Roetzel 9c80b16401
Accept HTTP Message Signatures (RFC9421) (#34814) 2 months ago
Claire 8cc5084ca1
Add interstitial for Terms of Service updates (#34527) 2 months ago
Claire 22ec828951
Change `DEFAULT_LOCALE` to not override unauthenticated users' browser language (#34535) 3 months ago
David Roetzel e2ef173b82
Refactoring: Move `SignatureVerificationError` into `Mastodon` namespace (#34342) 4 months ago
Claire 38f5e74122
Add `Deprecation` headers on deprecated endpoints (#34262)
Co-authored-by: Damien Mathieu <42@dmathieu.com>
4 months ago
Claire db59f37269
Fix redirect after log-in when `allow_referrer_origin` setting is enabled (#33903) 5 months ago
Claire 5b291fcbe4
Fix incorrect signature after HTTP redirect (#33757) 6 months ago
Matt Jankowski 93f3c724ae
Use `expect` in remaining controller locations (#33748) 6 months ago
Matt Jankowski d3b637c757
Use `expect` in `Admin::ExportControllerConcern` import params (#33745) 6 months ago
Claire ea9b10d112
Fix error 500 when passing an invalid `lang` parameter (#33467) 7 months ago
Renaud Chaput 2a369a8977
Use a system setting for the Referer policy (#33239) 8 months ago
Matt Jankowski 6efa320feb
Fix `Style/SafeNavigation` cop (#32970) 8 months ago
Matt Jankowski 297ce9ef44
Move body class to shared partial for web app controller concern views (#31797) 8 months ago
Matt Jankowski 97b18d10b4
Move hcaptcha service config to `config_for` yml (#30662) 9 months ago
Matt Jankowski 258dce1256
Add `OpenSSL::SSL::SSLError` to http connection errors wrapper (#32307) 10 months ago
Matt Jankowski e8ec6667bd
Extract wrapper constant for `HTTP::*` error classes (#32285) 10 months ago
Claire 49407e7623
Fix Content-Security-Policy when using sso-redirect (#32241) 10 months ago
Renaud Chaput 3dc4ddc663
Fix search params being dropped when redirected to non-deck path (#31984) 10 months ago
Claire a496aeabcb
Change form-action Content-Security-Policy directive to be more restrictive (#26897) 11 months ago
Matt Jankowski 7efe0bde9d
Add `have_http_link_header` matcher and set header values as strings (#31010) 11 months ago
Claire 2ec1181ee5
Fix contrast between background and form elements on some pages (#31266) 12 months ago
Matt Jankowski 85d9053b36
Move `pagination_params` into `API::BaseController` (#28845) 1 year ago
Matt Jankowski 65e82211cd
Rename `cache_*` methods to `preload_*` in controller concern (#30209) 1 year ago
Matt Jankowski 1d3ecd3fba
Add `API::Pagination` concern (#28826) 1 year ago
Claire babbf6017d
Remove caching in `cache_collection` (#29862) 1 year ago
Matt Jankowski edde54e991
Update stoplight to version 4.1.0 (#28366) 1 year ago
Matt Jankowski f9100743ec
Add `Api::ErrorHandling` concern for api/base controller (#29574) 1 year ago
Claire 7efc33b909
Move HTTP Signature parsing code to its own class (#28932) 1 year ago
Claire 1726085db5
Merge pull request from GHSA-3fjr-858r-92rw
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
2 years ago
Eugen Rochko b19ae521b7
Add confirmation when redirecting logged-out requests to permalink (#27792)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2 years ago
Claire 3593ee2e36
Add rate-limit of TOTP authentication attempts at controller level (#28801) 2 years ago
Jean Boussier 5a6d533c53
Enable Rails 7.1 Marshalling format (#28609) 2 years ago
Claire 092bb8a27a
Fix Mastodon not correctly processing HTTP Signatures with query strings (#28476) 2 years ago
Claire 963354978a
Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases (#28053) 2 years ago
Matt Jankowski 1f1c75bba5
File cleanup/organization in `controllers/concerns` (#27846) 2 years ago
Matt Jankowski 291dc04e67
Remove un-needed `action` and `template` options to `render` in controllers (#28022) 2 years ago
Matt Jankowski d562fb8459
Specs for minimal CSP policy in `Api::` controllers (#27845) 2 years ago
Ricardo Trindade 33f8c1c5eb
Remove version check from update cache_concern.rb (#27592) 2 years ago
Claire 379115e601
Add SELF_DESTRUCT env variable to process self-destructions in the background (#26439) 2 years ago
Matt Jankowski d4c2dca874
Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… (#27372) 2 years ago
Claire 40ba6e119b
Fix Vary headers not being set on some redirects (#27272) 2 years ago
Matt Jankowski 340f1a68be
Simplify instance presenter view access (#26046) 2 years ago
CSDUMMI 9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2 years ago
Claire 09ec9c6aa5
Downgrade signature verification debug logging from `warn` to `debug` (#26812) 2 years ago
Claire 25bf640629
Add debug logging on signature verification failure (#26637) 2 years ago