r3g_5z
f90552f62e
Drop XSS auditor
...
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.
Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
floatingghost
e1e0d5d759
microblogpub federation fixes ( #288 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/288
2022-11-18 11:14:35 +00:00
floatingghost
2a1f17e3ed
and i yoink ( #275 )
...
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/275
2022-11-14 15:07:26 +00:00
FloatingGhost
89dbc7177b
Chores for 2022.11
2022-11-11 16:12:04 +00:00
FloatingGhost
ac0c00cdee
Add media sources to connect-src if media proxy is enabled
2022-11-10 17:26:51 +00:00
FloatingGhost
bab1ab5b6c
strip \r and \r from content-disposition filenames
2022-11-10 11:54:12 +00:00
floatingghost
cc6a076202
Include requested_by in relationship ( #260 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/260
2022-11-10 03:16:32 +00:00
FloatingGhost
4e8ab0deeb
fix count of poll voters
2022-11-08 13:50:04 +00:00
FloatingGhost
479aacb1b6
Add fallback for reports that don't have attached activities
2022-11-08 11:01:47 +00:00
FloatingGhost
7bbaa8f8e0
automatically trim loading *. prefixes on domain blocks
2022-11-07 22:33:18 +00:00
floatingghost
31ad09010e
Fix regex usage in MRF ( #254 )
...
fixes #235
fixes #228
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/254
2022-11-06 23:50:32 +00:00
FloatingGhost
5123b3a5dd
Add enabled check on /translation/languages
2022-11-06 22:55:26 +00:00
floatingghost
b7e8ce2350
Scrape instance nodeinfo ( #251 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/251
2022-11-06 22:49:39 +00:00
Thomas Citharel
4d0a51221a
Fix typo in CSP Report-To header name
...
The header name was Report-To, not Reply-To.
In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177
CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to
It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/
(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00
floatingghost
9038da01cc
Merge pull request 'Push.Impl: support edits' ( #244 ) from norm/akkoma:push-support-edits into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/244
2022-11-01 15:14:08 +00:00
nullobsi
cbc693f832
Fix LDAP user registration ( #229 )
...
Simple fix for LDAP user registration. I'm not sure what changed but I managed to get Akkoma running in a debug session and figured out it was missing a match for an extra value at the end. I don't know Elixir all that well so I'm not sure if this was the correct way to do it... but it works. :)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/229
Co-authored-by: nullobsi <me@nullob.si>
Co-committed-by: nullobsi <me@nullob.si>
2022-11-01 14:17:55 +00:00
marcin mikołajczak
6486211064
Push.Impl: support edits
...
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-10-28 01:20:19 -04:00
floatingghost
f36d14818d
Unilateral remove from followers ( #232 )
...
from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3647/
Co-authored-by: marcin mikołajczak <git@mkljczk.pl>
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/232
2022-10-19 10:01:14 +00:00
floatingghost
edf7d5089f
Merge pull request 'Check that the signature matches the creator' ( #230 ) from domain-blocks into develop
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/230
2022-10-14 11:41:34 +00:00
FloatingGhost
03662501c3
Check that the signature matches the creator
2022-10-14 11:48:32 +01:00
FloatingGhost
856c57208b
Ensure deletes are handled after everything else
2022-10-11 14:30:08 +01:00
FloatingGhost
cb9b0d3720
optimise notifications query
2022-10-11 11:40:43 +01:00
FloatingGhost
ca9e6ffc55
Use inner lateral join to not get dropped in :total
2022-10-10 16:45:02 +01:00
FloatingGhost
574f010bc8
Extract deactivated users query to a join
2022-10-10 15:55:58 +01:00
floatingghost
c6e63aaf6b
Backend settings sync ( #226 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/226
2022-10-06 16:22:15 +00:00
Norm
561e1f2470
Make backups require its own scope ( #218 )
...
Pulled from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3721 .
This makes backups require its own scope (`read:backups`) instead of the `read:accounts` scope.
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/218
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-19 17:31:35 +00:00
Hélène
1acd38fe7f
OAuthPlug: use user cache instead of joining
...
As this plug is called on every request, this should reduce load on the
database by not requiring to select on the users table every single
time, and to instead use the by-ID user cache whenever possible.
2022-09-11 19:55:55 +01:00
Hélène
8683252fc5
Metadata/Utils: use summary as description if set
...
When generating OpenGraph and TwitterCard metadata for a post, the
summary field will be used first if it is set to generate the post
description.
2022-09-11 19:55:38 +01:00
Hélène
0b14f02ed2
User: generate private keys on user creation
...
This fixes a race condition bug where keys could be regenerated
post-federation, causing activities and HTTP signatures from an user to
be dropped due to key differences.
2022-09-11 19:54:37 +01:00
Hélène
e88f36f72b
ObjectView: do not fetch an object for its ID
...
Non-Create/Listen activities had their associated object field
normalized and fetched, but only to use their `id` field, which is both
slow and redundant. This also failed on Undo activities, which delete
the associated object/activity in database.
Undo activities will now render properly and database loads should
improve ever so slightly.
2022-09-11 19:52:59 +01:00
Norm
a6d85003fe
Remote interaction with posts ( #198 )
...
Grabbed from https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3587
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/198
Co-authored-by: Norm <normandy@biribiri.dev>
Co-committed-by: Norm <normandy@biribiri.dev>
2022-09-08 10:19:22 +00:00
floatingghost
2641dcdd15
Post editing ( #202 )
...
Rebased from #103
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
FloatingGhost
6c80977b06
turn inlineQuotePolicy on by default
2022-09-05 17:22:33 +01:00
FloatingGhost
1c7d7845c3
fix compilation warnings
2022-09-05 00:39:32 +01:00
floatingghost
1b826eea54
Allow reacting with remote emoji when they exist on the post ( #200 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/200
2022-09-04 23:31:41 +00:00
floatingghost
8e4de118c1
Don't persist local undone follow ( #194 )
...
same deal but backwards this time
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/194
2022-08-31 18:00:36 +00:00
floatingghost
decbca0c91
add seperate source and dest entries in language listing ( #193 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/193
2022-08-30 16:59:33 +00:00
floatingghost
c3fde9577d
Allow listing languages, setting source language ( #192 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/192
2022-08-30 14:58:54 +00:00
floatingghost
df39cab9c1
Automatic status translation ( #187 )
...
Fixes #115
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/187
2022-08-29 19:42:22 +00:00
Tusooa Zhu
95e4018c1a
Disconnect streaming sessions when token is revoked
...
Use Websockex to replace websocket_client
Test that server will disconnect websocket upon token revocation
Lint
Execute session disconnect in background
Refactor streamer test
allow multi-streams
rebase websocket change
2022-08-27 19:07:48 +01:00
floatingghost
772c209914
GTS: cherry-picks and collection usage ( #186 )
...
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e
what is this, a yoink of a yoink? good times
Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/186
2022-08-27 18:05:48 +00:00
FloatingGhost
85137f591f
Add ability to obfuscate domains in MRF transparency
2022-08-27 11:57:57 +01:00
floatingghost
e4f2251e0f
Add support for setting language in instance metadata ( #183 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/183
2022-08-25 16:11:21 +00:00
floatingghost
618cf7ff7f
reuse valid oauth tokens ( #182 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/182
2022-08-25 14:37:51 +00:00
FloatingGhost
8d7b63a766
Revert "Fix oauth2 (for real) ( #179 )"
...
This reverts commit aa681d7e15
.
2022-08-21 17:52:02 +01:00
floatingghost
aa681d7e15
Fix oauth2 (for real) ( #179 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/179
2022-08-21 16:24:37 +00:00
FloatingGhost
b0130bfa7b
Revert "oauth2 fixes ( #177 )"
...
This reverts commit 429e2ac832
.
2022-08-21 16:22:15 +01:00
floatingghost
d72f9e39d9
add visibility check on quote ( #178 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/178
2022-08-21 15:17:01 +00:00
floatingghost
429e2ac832
oauth2 fixes ( #177 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/177
2022-08-21 14:46:52 +00:00
floatingghost
e9f1897cfd
parser MFM server-side ( #172 )
...
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/172
2022-08-18 03:14:48 +00:00