225 Commits (7b7c26063e3fcf9e75a61780d81bd60b7c398ead)

Author SHA1 Message Date
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626) 6 years ago
M Somerville 2bba6e582d Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423) 6 years ago
ThibG f06fa09962 Revert to using Paperclip's filesystem storage, and fix dangling records in remove_remote (#8339) 6 years ago
Immae b0f4fe456b Add ldap search filter (#8151) 6 years ago
Eugen Rochko 018a9e4e7f
Add post-deployment migration system (#8182) 6 years ago
abcang 69bf116345 Add secure option to additional cookie (#8069) 6 years ago
Eugen Rochko 1f6ed4f86a
Add more granular OAuth scopes (#7929) 6 years ago
MIYAGI Hikaru ddd0bb69e1 Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) 6 years ago
Eugen Rochko 0df91c7b1e
Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810) 7 years ago
Eugen Rochko 53f0452b70
Remove rack-timeout (#7809) 7 years ago
Eugen Rochko d87649db07
Disable AMS logging (#7623) 7 years ago
MIYAGI Hikaru 919eef3098 User agent for WebFinger (#7531) 7 years ago
Eugen Rochko b4fb766b23
Add REST API for Web Push Notifications subscriptions (#7445) 7 years ago
Hugo Gameiro ea4e243303 Improve OpenStack v3 compatibility (#7392) 7 years ago
Akihiko Odaki a7e71bbd08 Add a missing question mark in rack_attack.rb (#7338) 7 years ago
Akihiko Odaki b1d4471e36 Throttle media post (#7337) 7 years ago
Eugen Rochko cb5b5cb5f7
Slightly reduce RAM usage (#7301) 7 years ago
MIYAGI Hikaru f58dcbc981 HTTP proxy support for outgoing request, manage access to hidden service (#7134) 7 years ago
Yamagishi Kazutoshi 50529cbceb Upgrade Rails to version 5.2.0 (#5898) 7 years ago
Eugen Rochko 49bbef1202
Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079) 7 years ago
Eugen Rochko 80a944c882
Log rate limit hits (#7096) 7 years ago
Eugen Rochko d4de2239b0
Add a circuit breaker for ActivityPub deliveries (#7053) 7 years ago
Yamagishi Kazutoshi 28384c1771 Revert "Revert "Upgrade Paperclip to version 6.0.0" (#6807)" (#6808) 7 years ago
Eugen Rochko ac49c7932d
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) 7 years ago
Alexander 33ee347c99 rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833) 7 years ago
Eugen Rochko 40871caa4b
Revert "Upgrade Paperclip to version 6.0.0" (#6807) 7 years ago
Yamagishi Kazutoshi b88fcd53f7 Upgrade Paperclip to version 6.0.0 (#6754) 7 years ago
Effy Elden dd9d00d293 Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669) 7 years ago
Alexander 42fe05dea1 fix logic for pam_controlled_service (#6599) 7 years ago
Eugen Rochko 47bdb9b33b
Fix #942: Seamless LDAP login (#6556) 7 years ago
Akihiko Odaki 2e8a492e88 Raise Mastodon::HostValidationError when host for HTTP request is private (#6410) 7 years ago
Ghislain Loaec e668180044 New variable OAUTH_REDIRECT_AT_SIGN_IN + Ref #6538 (not only SAML strategies) (#6540) 7 years ago
Ghislain Loaec 3084fe4959 New env variable: SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED + fixes #6533 (#6538) 7 years ago
Eugen Rochko 02856073f7
Fix #6509: Use pull queue for chewy jobs (#6513) 7 years ago
Daniel King 6ef3874b2e Fix URLs incorrectly having trailing hyphen removed (#6465) 7 years ago
Eugen Rochko e20700fe8f
Fix Chewy trying to update index with the wrong strategy (#6464) 7 years ago
Eugen Rochko 3ebc0ad4d3
Full-text search for authorized statuses (#6423) 7 years ago
Eugen Rochko 38e0133e1b
Make PAM gem optional, allow configuration over environment (#6415) 7 years ago
Eugen Rochko 26f21fd5a0
CAS + SAML authentication feature (#6425) 7 years ago
Alexander 04fef7b888 pam authentication (#5303) 7 years ago
Eugen Rochko 5276c0a090
HTML e-mails for UserMailer (#6256) 7 years ago
Patrick Figel 537d2939b1 Suppress CSRF token warnings (#6240) 7 years ago
Eugen Rochko 921b781909
Increase rate limit on protected paths (#6229) 7 years ago
Naoki Kosaka 8d51ce4290 Fix enforce HTTPS in production. (#6180) 7 years ago
Patrick Figel 04ecf44c2f Add confirmation step for email changes (#6071) 7 years ago
nightpool 9592b5e31e enforce LOCAL_HTTPS=true in production (#6061) 7 years ago
Yamagishi Kazutoshi 6855baa0c5 Change streaming API URL when remote development (#5942) 7 years ago
Eugen Rochko feed07227b
Apply a 25x rate limit by IP even to authenticated requests (#5948) 7 years ago
Naoki Kosaka 4bce376fdc Missing require 'authorization_decorator'. (#5947) 7 years ago
Eugen Rochko a865b62efc
Rate limit by user instead of IP when API user is authenticated (#5923) 7 years ago