Commit Graph

277 Commits

Author SHA1 Message Date
r f4881e7267 Remove form-action CSP directive
Chrome incorrectly restricts the redirect URL to the sources specified
in the form-action value, which prevents the instance oauth page from
loading.
2023-10-25 06:40:34 +00:00
r 597cfc6b1e fluoride: Add image preview for profile image 2023-10-22 11:12:27 +00:00
r 9b053e32ec Fix replace syntax 2023-10-22 11:11:21 +00:00
r 67b13c71ba Use CSP header to restrict resource loading
This helps mitigate XSS exploits.
Users will have to save the settings again to make the custom CSS
work.
2023-10-15 15:53:44 +00:00
r ed521dd33d Restrict instance level custom CSS to static directory 2023-10-15 15:46:54 +00:00
r 927072e26a Remove unused session ID field 2023-10-07 10:20:11 +00:00
r c7f40c1e15 Cleanup oauth redirect URL generation 2023-10-07 09:19:56 +00:00
r d297eb5658 Use stricter cookie attributes 2023-10-07 09:11:43 +00:00
r b83a00aa2c Revoke oauth token on signout 2023-10-02 06:44:26 +00:00
r df031d5edd Cleanup file upload functions 2023-10-01 13:29:04 +00:00
r 81bdc7c705 Add profile edit page 2023-10-01 13:04:07 +00:00
r 8e3999fc3d Fix minimum required Go version in go.mod 2023-09-24 10:41:21 +00:00
r 6707a01a84 Use a custom LimitedReader instead of http.MaxBytesReader
Fixes compatibility with older Go versions.
2023-09-24 10:38:28 +00:00
romin cba88f94a2 Sanitize user field name 2023-09-22 15:56:26 +00:00
r e50f12b615 Restrict instance domain in single_instance mode 2023-09-18 10:07:54 +00:00
r ad38855261 Set timeout and response size limit for the http client 2023-09-18 04:05:20 +00:00
r 60ccc9686a fluoride: Allow submitting the form with Ctrl+Enter 2023-09-09 08:14:16 +00:00
r 60392e61c7 Disable access log by default
Access logs aren't really useful during normal operation. Add a new flag
-v to enable the verbose logging mode, which is still useful during the
development.

Also remove the log_file config because it's no longer useful.
2023-09-09 06:38:52 +00:00
r 8eec93e028 Trim leading and trailing white space from selectable text 2023-09-08 18:11:07 +00:00
r 461908e031 Load CSS on the root page
This applies the background color to the root page and avoids flicker
during the initial page load.
2023-09-08 18:10:29 +00:00
r 426e9ad14f Fix display name and title on mute page 2023-09-08 14:46:40 +00:00
r 8a26dd1908 Fix userlist margin 2023-09-08 14:38:51 +00:00
r 5147897c6c Add support for expiring mutes 2022-12-17 08:26:51 +00:00
r 9816045c21 Pass with_relationships param for accounts 2022-12-17 06:58:47 +00:00
r 6002284c5a Show emojis in Mastadon field names 2022-12-17 06:56:39 +00:00
r 887ed241d6 Use cookies for session storage
Remove the server side session storage and store all the session related data
in the client side cookies. This decreases the exposure of the auth tokens.
It also simplifies the installation process as bloat no longer requires write
access to the filesystem.

This is a breaking change, all the existing sessions will stop working.
2022-10-25 14:14:46 +00:00
r b4ccde54a7 Show emojis in Mastadon fields 2022-10-24 04:10:00 +00:00
r 68698a9e1a Remove unused card field from status
Fixes JSON parsing of posts with incompatible card data.
2022-09-23 17:13:22 +00:00
Pete 5f688c6318 Show BlockedBy on user page
Just show this information. No blockbots required.
2022-09-09 14:49:51 +00:00
r 1661219ab6 Fix CSS inconsistencies 2022-05-10 17:34:49 +00:00
r 0456655fc8 Add missing @ sign in the reply post form 2022-05-10 17:29:09 +00:00
r fcbe489138 Refactor duration formatting 2022-05-10 17:27:33 +00:00
r 4ad71587d8 Fix custom CSS 2022-05-10 17:25:58 +00:00
r 471701f029 fluoride: Add support for image.png 2022-05-04 15:52:23 +00:00
r b6c09b4fc6 Lazy load images on emoji page
Makes the emoji page usable for instances with 1000+ emojis.
The attribute is considered experimental by Mozilla, but is supported
by most of the modern browsers.
2022-04-17 06:01:45 +00:00
r a38d29a435 Fix user search page 2022-03-31 03:15:58 +00:00
r 94ff5c93de Show attachment metadata when attachment preview is disabled 2022-03-30 17:59:42 +00:00
r 71238ab7bc fluoride: Use max-width for popup 2022-03-30 17:38:34 +00:00
r c36314fe7f fluoride: Use target=_blank for user field links 2022-03-30 17:12:53 +00:00
r 153f4a492b Set max size for embedded images in profile description 2022-03-30 17:06:19 +00:00
r 2a01471621 Fix duration overflow
time.Sub() returns int64 duration in nanoseconds, which can only
represent around 290 years.
2022-03-30 17:02:46 +00:00
r 2d49ff9fb4 Switch to html/template 2022-03-30 15:52:30 +00:00
r c390a0c327 Add lists 2022-02-11 11:49:23 +00:00
r c2f237e901 Don't overwrite global config file on make install 2022-02-10 16:03:44 +00:00
r 4ef5e0daf2 Fix null imgPrev in setPos 2022-01-27 11:52:47 +00:00
r 0b004efffa Add refresh button on timeline page 2022-01-27 11:50:54 +00:00
r 03a1cd819a Refactor status filter 2022-01-27 11:41:31 +00:00
r b8bab6fcf3 Highlight quotes 2022-01-27 10:53:18 +00:00
r fcb88c8a85 Simplify id generation 2022-01-02 11:38:06 +00:00
r c5f12920b0 Use GO's flag parser instead of getopt
There's only one flag, so it doesn't matter.
2022-01-02 11:15:57 +00:00