djsundog/tootlab-mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2025-02-09 08:22:11 -05:00
Code Issues Packages Projects Releases Wiki Activity
tootlab-mastodon/app/controllers/concerns/web_app_controller_concern.rb
Claire 0aa69487a2 Merge commit '877090518682b6c77ba9bdfa0231afd56daec44d' into glitch-soc/merge-upstream 
Conflicts:
- `app/models/concerns/user/has_settings.rb`:
  Not a real conflict, upstream added a setting textually close to a glitch-soc one.
  Added upstream's new setting.
- `app/views/settings/preferences/appearance/show.html.haml`:
  Not a real conflict, upstream added a setting textually close to a glitch-soc one.
  Added upstream's new setting.
- `config/routes.rb`:
  Upstream moved web app routes to `config/routes/web_app.rb`, while glitch-soc had
  an extra route.
  Moved the extra route to `config/routes/web_app.rb`.
- `spec/controllers/settings/preferences/appearance_controller_spec.rb`:
  This spec got converted to a system spec upstream.
  However, the theme setting works differently in glitch-soc, so the spec had been
  changed.
  Changed the corresponding system spec as well.
2024-12-25 18:01:37 +01:00

52 lines
1.5 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
module WebAppControllerConcern
extend ActiveSupport::Concern
included do
vary_by 'Accept, Accept-Language, Cookie'
before_action :redirect_unauthenticated_to_permalinks!
before_action :set_referer_header
content_security_policy do |p|
policy = ContentSecurityPolicy.new
if policy.sso_host.present?
p.form_action policy.sso_host, -> { "https://#{request.host}/auth/auth/" }
else
p.form_action :none
end
end
end
def skip_csrf_meta_tags?
!(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
end
def redirect_unauthenticated_to_permalinks!
return if user_signed_in? # NOTE: Different from upstream because we allow moved users to log in
permalink_redirector = PermalinkRedirector.new(request.original_fullpath)
return if permalink_redirector.redirect_path.blank?
expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
respond_to do |format|
format.html do
redirect_to(permalink_redirector.redirect_confirmation_path, allow_other_host: false)
end
format.json do
redirect_to(permalink_redirector.redirect_uri, allow_other_host: true)
end
end
end
protected
def set_referer_header
response.set_header('Referrer-Policy', Setting.allow_referrer_origin ? 'origin' : 'same-origin')
end
end
Reference in New Issue View Git Blame Copy Permalink