97539b6a96
Fix host check on healthcheck path not being disabled ( #16270 )
...
Fixes #16251
There was a typo in #16243
3 years ago
f09322f9cc
Disable host check on healthcheck path ( #16243 )
3 years ago
2360191434
Fix guard against DNS rebinding attacks ( #16095 )
3 years ago
8323023464
Add guard against DNS rebinding attacks ( #16087 )
...
* Add guard against DNS rebinding attacks
* Fix not to apply to test environment
3 years ago
2d27c11061
Set Content-Security-Policy rules through RoR's config ( #8957 )
...
* Set CSP rules in RoR's configuration
* Override CSP setting in the embed controller to allow frames
6 years ago
1f98eae1cf
Lint pass ( #8876 )
6 years ago
48db3b3c99
Tighten CSP while allowing CDN hosts
6 years ago
9592b5e31e
enforce LOCAL_HTTPS=true in production ( #6061 )
...
* enforce https in production
* note changes in production env sample
* typo fix
6 years ago
6855baa0c5
Change streaming API URL when remote development ( #5942 )
...
* Change streaming API URL when remote development
* Use STREAMING_API_BASE_URL when dev env
7 years ago
e528114c53
Follow-up to #4582 and #5027 , removing dead code ( #5101 )
7 years ago
d68df88d4e
Disable private status federation over OStatus ( #5027 )
7 years ago
6994664a13
swift-enable the paperclip! 📎 ( #2322 )
7 years ago
cf615abbf9
Add configuration to disable private status federation over PuSH ( #4582 )
7 years ago
a94c152fd3
Allow alternate domains for mastodon handlers ( #3187 )
7 years ago
0cdcf32865
Use ws protocol in streaming API base URL ( #2606 )
7 years ago
c997091166
Clean up redis configuration. Allow using REDIS_URL to set advanced ( #2732 )
...
connection options instead of setting REDIS_HOST etc individually
Close #1986
7 years ago
a9529d3b4b
Allow running mastodon on a different domain as the one used for identifying users ( #1267 )
...
* Allow running mastodon on a different domain as the one used for identifying users
* Alter documentation of WEB_DOMAIN to make clear it shouldn't be used unless the admin knows what they are doing
* Compare to web_domain instead of local_domain when dealing with feeds/API
* Correctly identify mentions to local accounts
Mentions URLs point to the person's web profile, i.e., the user page served on WEB_DOMAIN.
7 years ago
ccb8ac8573
Make the streaming API also handle websockets (because trying to get the browser EventSource interface to
...
work flawlessly was a nightmare). WARNING: This commit makes the web UI connect to the streaming API instead
of ActionCable like before. This means that if you are upgrading, you should set that up beforehand.
7 years ago
6de079a5af
Removing external hub completely, fix #333 fixing digit-only hashtags,
...
removing web app capability from non-webapp pages
8 years ago
b362de2232
Adding configurable e-mail blacklist
8 years ago
4e351baf88
Fix URLs in inline-rendered XML
8 years ago
41ef277da3
Fix URLs in ApplicationController.renderer
8 years ago
dbe00a4156
Improved configuration from ENV, cleaned up timeline filter methods
...
to be more readable, add extra logging to process feed service
8 years ago
d14967e1c8
Fix URL configuration when S3 is enabled
8 years ago
1022d682dc
Normalized data in Redux, fix for asset URLs when rendered outside request
8 years ago
68c93f8b85
Final fix for ActionCable origin issues
8 years ago
8985f8e66c
Fixing more configuration issues with ActionCable
8 years ago
5a8c149f6b
Fix ActionCable origin checking
8 years ago
23d08c6749
Changing the use of config constants to the Rails configuration object
8 years ago
ee73d35eea
Incoming Salmon requests can be turned into follows and unfollows
8 years ago
1dad72bf13
Fixes and general progress
8 years ago
709c6685a9
Made some progress
8 years ago
Claire