rinpatch
|
a51284b60a
|
Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'
Fix profile emojis bypassing mediaproxy and harden CSP
Closes #1810
See merge request pleroma/pleroma!2596
|
2020-06-08 00:58:30 +03:00 |
Alex Gleason
|
6e0b046771
|
Let blob: pass CSP
|
2020-05-01 00:40:09 +03:00 |
Haelwenn (lanodan) Monnier
|
6da6540036
|
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
|
2020-03-02 06:08:45 +01:00 |
feld
|
36becd5573
|
Update http_security_plug.ex
|
2020-01-30 14:07:41 +00:00 |
Egor Kislitsyn
|
e07e7888d7
|
Fix credo warning
|
2020-01-29 18:53:43 +04:00 |
Egor Kislitsyn
|
2bd4d6289b
|
Make the warning more scarier
|
2020-01-29 18:43:23 +04:00 |
Egor Kislitsyn
|
6302b40791
|
Warn if HTTPSecurityPlug is disabled
|
2020-01-28 19:14:09 +04:00 |
rinpatch
|
92213fb87c
|
Replace Mix.env with Pleroma.Config.get(:env)
Mix.env/0 is not availible in release environments such as distillery or
elixir's built-in releases.
|
2019-06-06 23:59:51 +03:00 |
Alex S
|
aa11fa4864
|
add report uri and report to
|
2019-05-16 12:49:40 +07:00 |
feld
|
acb04306b6
|
Standardize construction of websocket URL
This follows up on the change made in d747bd98
|
2019-05-03 11:45:04 +00:00 |
Haelwenn (lanodan) Monnier
|
fc37e5815f
|
Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src
Closes: https://git.pleroma.social/pleroma/pleroma/merge_requests/469
|
2019-03-05 01:44:24 +01:00 |
Haelwenn (lanodan) Monnier
|
da4c662af3
|
Plugs.HTTPSecurityPlug: Add webpacker to connect-src
|
2019-02-12 22:12:12 +01:00 |
Haelwenn (lanodan) Monnier
|
00e8f0b07d
|
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
|
2019-02-12 22:12:11 +01:00 |
shibayashi
|
ea1058929c
|
Use url[:scheme] instead of protocol to determine if https is enabled
|
2019-02-12 00:08:52 +01:00 |
William Pitcock
|
980b5288ed
|
update copyright years to 2019
|
2018-12-31 15:41:47 +00:00 |
William Pitcock
|
2791ce9a1f
|
add license boilerplate to pleroma core
|
2018-12-23 20:56:42 +00:00 |
Maksim Pechnikov
|
074fa790ba
|
fix compile warnings
|
2018-12-09 20:50:08 +03:00 |
Haelwenn (lanodan) Monnier
|
04daa0fa44
|
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
This fixes running mastofe with MIX_ENV=dev
|
2018-11-26 21:41:36 +01:00 |
shibayashi
|
591b11eafc
|
Add manifest-src to allow manifest.json
|
2018-11-26 20:48:24 +01:00 |
William Pitcock
|
c07464607d
|
http security: remove form-action from CSP definitions
|
2018-11-16 17:40:21 +00:00 |
William Pitcock
|
ee5932a504
|
http security: allow referrer-policy to be configured
|
2018-11-12 15:14:46 +00:00 |
William Pitcock
|
fe67665e19
|
rename CSPPlug to HTTPSecurityPlug.
|
2018-11-12 15:08:02 +00:00 |