djsundog/tootlab-mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2024-11-23 16:44:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
19,732 Commits 69 Branches 20 Tags 372 MiB
glitch-soc/security/18856371be8603b7f720afaf8500b656c4667573
Commit Graph

2429 Commits

Author SHA1 Message Date
Claire
325425780d Fix insufficient Content-Type checking of fetched ActivityStreams objects 2024-02-15 16:51:24 +01:00
Claire
8f36f89b28 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 23:13:19 +01:00
Claire
b0f01050c0 Fix OmniAuth tests (#29201) 2024-02-14 16:07:52 +01:00
Claire
fa96c733c4 Rename methods to avoid confusion between OAuth and OmniAuth 2024-02-14 14:47:45 +01:00
Claire
823d0806bc Improve performance of deleting OAuth tokens 2024-02-14 14:47:45 +01:00
Emelia Smith
e665e3b1f2 Ensure password resets revoke access to Streaming API 2024-02-14 14:47:45 +01:00
Emelia Smith
1625c82d77 Disable administrative doorkeeper routes (#29187) 2024-02-14 13:49:39 +01:00
Claire
810514747b Fix insufficient origin validation 2024-02-01 15:10:01 +01:00
Claire
4113fbf6e8 Merge commit 'f476d9dab2f5cca6ae44b95961df6b6557d66dab' into glitch-soc/merge-upstream 
Conflicts:
- `lib/sanitize_ext/sanitize_config.rb`:
  Upstream enforced new code style rules, where we had different code.
  Applied the new code style rules.
 2023-12-17 23:04:16 +01:00
Claire
ddf3ad9541 Merge commit '3bf896c973404261f4f7b25c25ea22adb1a85e7d' into glitch-soc/main 
Conflicts:
- `package.json`:
  Upstream removed a dependency textually close to a glitch-only dependency.
  Updated as upstream while keeping our dependency.
 2023-12-17 17:43:30 +01:00
Claire
1474318691 Merge commit 'a916251d8a8fffcaeb6be80eacf50138a53650dc' into glitch-soc/main 
Conflicts:
- `app/models/trends/statuses.rb`:
  Upstream fixed a bug in the trending post condition.
  Glitch-soc's condition is different because we potentially allow CWed content
  to trend.
  Ported upstream's fix while keeping glitch-soc's change.
- `config/initializers/content_security_policy.rb`:
  Kept our version for now, we will switch to upstream later down the road.
 2023-12-17 15:32:29 +01:00
Claire
9f92b05bd2 Merge commit '2e6bf60f1549e5c1f1cfea2d614f978bea17b8a2' into glitch-soc/merge-upstream 
Conflicts:
- `README.md`:
  Upstream has updated their README but we have a completely different one.
  Kept our version of `README.md`
 2023-12-10 18:05:02 +01:00
Claire
660372d130
Revert recent CSP changes (#2485) 
* Revert "Fix image and media loading when using external storage server"

This reverts commit 6cfa0245ca.

* Revert "Change glitch-soc's CSP config to match upstream's closer (#2474)"

This reverts commit d59196e170.
 2023-11-26 15:32:35 +01:00
Claire
6cfa0245ca Fix image and media loading when using external storage server 
Fixes #2479
 2023-11-21 13:45:29 +01:00
Claire
d59196e170
Change glitch-soc's CSP config to match upstream's closer (#2474) 2023-11-20 13:02:49 +01:00
Matt Jankowski
45770c9306
Fix Performance/MapMethodChain cop (#27744) 2023-11-07 13:01:09 +00:00
Matt Jankowski
49e2772064
Fix RSpec/MessageSpies cop (#27751) 2023-11-07 09:46:28 +00:00
Matt Jankowski
2862ad701f
Stub controller methods and remove rubocop:disable in captcha feature spec (#27743) 2023-11-07 09:15:30 +00:00
Matt Jankowski
cfa14ec6d1
Fix Lint/EmptyBlock cop (#27748) 2023-11-07 09:11:04 +00:00
Matt Jankowski
b06284c572
Fix RSpec/HookArgument cop (#27747) 2023-11-07 09:10:36 +00:00
Matt Jankowski
d6f50839e1
Fix RSpec/SpecFilePathFormat cops (#27730) 2023-11-06 16:25:40 +00:00
Matt Jankowski
fe26f33e0a
Fix Rails/RedundantActiveRecordAllMethod cop (#26885) 2023-11-06 15:51:52 +00:00
Matt Jankowski
949f5eb860
Fix RSpec/MetadataStyle cop in spec/ (#27729) 2023-11-06 14:28:20 +00:00
Claire
c0989b78f8
Fix incoming status creation date not being restricted to standard ISO8601 (#27655) 2023-11-06 09:28:14 +00:00
Renaud Chaput
6712bf86cd
Fixes website not loading for unlogged users (#27698) 2023-11-04 21:52:56 +00:00
Claire
0337df3a42
Fix posts from threads received out-of-order sometimes not being inserted into timelines (#27653) 2023-11-02 14:58:37 +00:00
Claire
d649bbf28f
Add some more tests and clean up domain block controller (#27469) 2023-10-31 09:40:30 +00:00
Matt Jankowski
beee9ea991
Fix RSpec/LetSetup cop in spec/controllers/admin area (#27619) 2023-10-31 08:22:19 +00:00
Matt Jankowski
eae5c7334a
Extract class from CSP configuration/initialization (#26905) 2023-10-27 16:20:40 +00:00
Matt Jankowski
2e6bf60f15
Use deliveries.size in mailer-related examples in controller specs (#27589) 2023-10-27 15:33:52 +00:00
Claire
93e4cdc31b
Fix hashtag matching pattern matching some URLs (#27584) 2023-10-27 14:04:51 +00:00
Matt Jankowski
1f5187e2e2
Misc spec/refactor to user mailer and user mailer spec (#27486) 2023-10-27 09:57:16 +00:00
Claire
bbf46cc418
Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-10-27 08:35:21 +00:00
Jeong Arm
8f998cd96a
Handle featured collections without items (#27581) 2023-10-27 02:36:22 +00:00
Claire
49b8433c56
Fix confusing screen when visiting a confirmation link for an already-confirmed email (#27368) 2023-10-25 21:33:44 +00:00
Claire
4b0fb764c3 Merge commit 'e93a75f1a11d6dfdcbd39dbdc22526c5508ad881' into glitch-soc/merge-upstream 
Conflicts and ported changes:
- updated `@rails/ujs` imports
 2023-10-24 19:59:19 +02:00
Claire
e25cc4deb7 Merge commit '379115e601361c2b5da775fbf28b7dff9dc02e71' into glitch-soc/merge-upstream 
Conflicts:
- `config/navigation.rb`:
  Conflict due to glitch-soc having extra navigation items for its theming
  system.
  Ported upstream changes.
 2023-10-24 19:31:14 +02:00
Claire
787d5ad386 Merge commit 'bcae7442757845191c0e82b61cd1d0cd3ca860d1' into glitch-soc/merge-upstream 
Conflicts:
- `yarn.lock`:
  Caused by a glitch-soc-only dependency (`exif-js`).
  Kept it.
 2023-10-24 19:05:18 +02:00
Claire
b0c76eaadd Merge commit '0ad66175bf59a34b03d9ab2347181548d07089ea' into glitch-soc/merge-upstream 
Conflicts:
- `app/javascript/mastodon/features/compose/components/compose_form.jsx`:
  Upstream changed one import, close to a glitch-soc-only import to handle
  different max character counts.
  Ported upstream's change.
 2023-10-24 18:41:20 +02:00
Matt Jankowski
e93a75f1a1
Rails 7.1 update (#25963) 2023-10-23 17:58:29 +00:00
Daniel M Brasil
26d2a2a0cc
Migrate to request specs in /api/v1/media (#25543) 2023-10-23 15:46:21 +00:00
Claire
bcae744275
Fix some link anchors being recognized as hashtags (#27271) 2023-10-23 14:19:38 +02:00
Matt Jankowski
b0213472df
Validate allowed schemes on preview card URLs (#27485) 2023-10-23 09:50:02 +02:00
Matt Jankowski
ab0fb81479
Configure brakeman to ignore url safe preview card urls (#25883) 2023-10-20 15:32:16 +02:00
Claire
13688539bc
Fix processing LDSigned activities from actors with unknown public keys (#27474) 2023-10-20 10:45:46 +02:00
Claire
74fd46d3ab Merge commit '9f218c9924b883207a3463a29314c92032cf06df' into glitch-soc/merge-upstream 2023-10-19 19:14:04 +02:00
Matt Jankowski
9f218c9924
Refactor appeal partial to avoid brakeman XSS warning (#25880) 2023-10-19 17:25:54 +02:00
Matt Jankowski
bcd0171e5e
Fix Lint/UselessAssignment cop (#27472) 2023-10-19 16:55:06 +02:00
Daniel M Brasil
7bc8f03162
Add test coverage for Mastodon::CLI::Accounts#migrate (#25284) 2023-10-19 16:11:15 +02:00
Matt Jankowski
a1b27d8b61
Fix Naming/VariableNumber cop (#27447) 2023-10-18 14:26:22 +02:00