mastodon

History

Ben Lubar 13e049d772 Allow cross-origin requests to /.well-known/* URLs. (#9083 ) Right now, this includes three endpoints: host-meta, webfinger, and change-password. host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser. change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled. The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.		7 years ago
..
0_post_deployment_migrations.rb	Add post-deployment migration system (#8182 )	7 years ago
1_hosts.rb	Set Content-Security-Policy rules through RoR's config (#8957 )	7 years ago
active_model_serializers.rb	Disable AMS logging (#7623 )	7 years ago
application_controller_renderer.rb	Upgrade to Rails 5.0.0.1	9 years ago
assets.rb	HTML e-mails for UserMailer (#6256 )	7 years ago
backtrace_silencers.rb	Initial commit	9 years ago
blacklists.rb	Quick best practice cleanup of views/helpers (#1546 )	8 years ago
chewy.rb	Fix #6509 : Use pull queue for chewy jobs (#6513 )	7 years ago
content_security_policy.rb	Add manifest_src to CSP, add blob to connect_src (#8967 )	7 years ago
cookies_serializer.rb	Upgrade to Rails 5.0.0.1	9 years ago
cors.rb	Allow cross-origin requests to /.well-known/* URLs. (#9083 )	7 years ago
devise.rb	feat(cookies): Use the same-site attribute to lax (#8626 )	7 years ago
doorkeeper.rb	Add unread indicator to conversations (#9009 )	7 years ago
fast_blank.rb	fix can toot whitespace (#2218 )	8 years ago
ffmpeg.rb	add ffmpeg initializer (#8855 )	7 years ago
filter_parameter_logging.rb	Added optional two-factor authentication	8 years ago
http_client_proxy.rb	lint pass 2 (#8878 )	7 years ago
httplog.rb	Version bumps for ruby and misc gems (#1159 )	8 years ago
inflections.rb	Add ActivityPub inbox (#4216 )	8 years ago
instrumentation.rb	Improve StatsD instrumentation	8 years ago
kaminari_config.rb	adjust public profile pages 2 (#5223 )	8 years ago
mime_types.rb	Set correct content-type for ActivityPub JSON (#4592 )	8 years ago
oj.rb	Remove rabl dependency (#5894 )	7 years ago
omniauth.rb	lint pass 2 (#8878 )	7 years ago
open_uri_redirection.rb	rubocop issues - Cleaning up (#8912 )	7 years ago
pagination.rb	Pagination improvements (#1445 )	8 years ago
paperclip.rb	Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423 )	7 years ago
premailer_rails.rb	HTML e-mails for UserMailer (#6256 )	7 years ago
rack_attack.rb	lint pass 2 (#8878 )	7 years ago
rack_attack_logging.rb	Log rate limit hits (#7096 )	7 years ago
redis.rb	Set config.cache_store in environments file. (#3219 )	8 years ago
session_activations.rb	Revocable sessions (#3616 )	8 years ago
session_store.rb	feat(cookies): Use the same-site attribute to lax (#8626 )	7 years ago
sidekiq.rb	lint pass 2 (#8878 )	7 years ago
simple_form.rb	Redesign forms, verify link ownership with rel="me" (#8703 )	7 years ago
single_user_mode.rb	Add single user mode	8 years ago
statsd.rb	Fix that Rails.cache information could not be sent via StatsD (#8831 )	7 years ago
stoplight.rb	Add a circuit breaker for ActivityPub deliveries (#7053 )	7 years ago
strong_migrations.rb	Fix migration failure due to StrongMigrations on production env (#5283 )	8 years ago
suppress_csrf_warnings.rb	Suppress CSRF token warnings (#6240 )	7 years ago
trusted_proxies.rb	Fix error	8 years ago
twitter_regex.rb	Lint pass (#8876 )	7 years ago
vapid.rb	Lint pass (#8876 )	7 years ago
wrap_parameters.rb	Upgrade to Rails 5.0.0.1	9 years ago