Commit Graph

115 Commits

Author SHA1 Message Date
Lain Soykaf 8066645f71 Linting 2024-05-28 14:20:48 +04:00
Lain Soykaf f5978da676 HTTPSignaturePlugTest: Rewrite to use mox. 2024-05-28 14:00:25 +04:00
Lain Soykaf 3b4be5daa2 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into pleroma-secure-mode 2024-05-28 12:31:12 +04:00
Lain Soykaf 687ac4a850 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into auth-fetch-exception 2024-05-27 23:09:17 +04:00
Lain Soykaf 81e44ced0c HTTPSecurityPlug: Fix tests 2024-05-27 22:13:20 +04:00
Lain Soykaf 1c699144d2 HttpSecurityPlug: Don't allow unsafe-eval by default 2024-05-27 21:26:40 +04:00
Lain Soykaf c67506ba68 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into auth-fetch-exception 2024-05-20 18:21:46 +04:00
Haelwenn (lanodan) Monnier 086ba59d03 HTTPSignaturePlug: Add :authorized_fetch_mode_exceptions 2023-12-16 19:25:51 +01:00
Lain Soykaf 18ab36d70c Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into no-async-clear-config 2023-12-12 10:55:19 +04:00
Lain Soykaf d62b17eb60 UploadMediaPlugTest: Fix tests 2023-12-11 11:06:07 +04:00
Lain Soykaf b9f135eaf3 FrontendStaticPlugTest: Fix test 2023-12-11 10:07:39 +04:00
Lain Soykaf 221f18dc33 Tests: Don't run tests that use clear_config asynchronously. 2023-12-10 16:27:23 +04:00
marcin mikołajczak c62696c8e7 Support /authorize-interaction route used by Mastodon
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-11-02 13:47:23 +01:00
Haelwenn (lanodan) Monnier dd9f8150fc Merge Revert "Merge branch 'validate-host' into 'develop'"
This reverts commit d998a114e2, reversing
changes made to da6b4003ac.
2023-06-22 21:28:25 +02:00
Mark Felder 46c799f528 Use Phoenix.ConnTest.redirected_to/2 2023-05-31 09:54:37 -04:00
Mark Felder b3c3bd99c3 Switch from serving a 400 to a 302 2023-05-30 16:56:09 -04:00
Mark Felder a60dd0d92d Validate Host header matches expected value before allowing access to Uploads 2023-05-29 14:16:03 -04:00
Haelwenn (lanodan) Monnier 2148ef5e2f UploadedMedia: Increase readability via ~s sigil 2023-04-18 00:12:42 +02:00
Haelwenn (lanodan) Monnier 8f0f58e28b UploadedMedia: Add missing disposition_type to Content-Disposition
Set it to `inline` because the vast majority of what's sent is multimedia
content while `attachment` would have the side-effect of triggering a
download dialog.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3114
2023-04-18 00:09:19 +02:00
Haelwenn (lanodan) Monnier 5716654d12 Remove crypt(3) support
This was used to support migration from GNU Social, which was used by at least
shitposter.club, should be entirely irrelevant now.

Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3030
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3062
2023-03-05 01:37:57 +01:00
lain e853cfe7c3 Revert "Merge branch 'copyright-bump' into 'develop'"
This reverts merge request !3825
2023-01-02 20:38:50 +00:00
marcin mikołajczak 10886eeaa2 Bump copyright year
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2023-01-01 12:13:06 +01:00
marcin mikołajczak 6e51845d44 Merge remote-tracking branch 'pleroma/develop' into secure-mode
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-12-27 16:41:16 +01:00
Sean King 60df2d8a97
Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into fine_grained_moderation_privileges 2022-12-18 22:03:48 -07:00
Thomas Citharel bdedc41cbc
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 09:43:13 +01:00
tusooa 84a573877a Merge branch 'fix_erratic_tests' into 'develop'
Fix flaky rate_limiter_test.exs test "it restricts based on config values"

See merge request pleroma/pleroma!3688
2022-08-25 18:39:38 +00:00
marcin mikołajczak c899af1d6a Reject requests from specified instances if `authorized_fetch_mode` is enabled
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
2022-08-05 11:06:30 +02:00
Sean King 64e16e6a4b
Document way to do notice compatibility routes with Nginx reverse-proxy instead 2022-07-16 23:44:37 -06:00
Ilja 26080b4b5c Fix rate_limiter_test.exs test "it restricts based on config values"
It used a timer to sleep.
But time also goes on when doing other things, so depending on hardware, the timings could be off.
I slightly changed the tests so we still test what we functionally want.
Instead of waiting until the cache expires I now have a function to expire the test and use that.

That means we're not testing any more if the cache really expires after a certain amount of time,
but that's the responsability of the dependency imo, so shouldn't be a problem.

I also changed `Pleroma.Web.Endpoint, :http, :ip` to `127.0.0.1` because that's the setting people typically have,
and I see no reason to do it differently.
Especially since it's an exernal ip, which may come over as weird or suspicious to people.
2022-07-09 07:19:18 +02:00
Ilja c0e4b1b3e2 Fix typo's
priviledge |-> privilege
2022-07-02 07:52:39 +02:00
Ilja 5a65e2dac5 Remove privileged_staff
Everything that was done through this setting, can now be set by giving the proper privileges to the roles.
2022-06-21 12:10:27 +02:00
Ilja 5b19543f0a Add new setting and Plug to allow for privilege settings for staff 2022-06-21 12:10:26 +02:00
Tusooa Zhu e2d24eda57 Allow to skip cache in Cache plug
Ref: fix-local-public
2022-05-06 10:23:26 +02:00
Haelwenn d7c53da77a Merge branch 'from/upstream-develop/tusooa/translate-pages' into 'develop'
Translate backend-rendered pages

See merge request pleroma/pleroma!3634
2022-03-20 18:14:37 +00:00
Tusooa Zhu cd42e2bed0
Lint 2022-03-03 09:49:55 -05:00
Tusooa Zhu aca11fb70e
Support multiple locales from userLanguage cookie 2022-03-03 02:31:36 -05:00
Tusooa Zhu 7ea330b4fe
Support multiple locales formally
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-03-03 02:03:44 -05:00
Tusooa Zhu bc59da96c5
Add test for fallbacking to a general language 2022-03-02 20:04:30 -05:00
Tusooa Zhu 8de573b047
Fallback to a variant if the language in general is not supported
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-03-02 19:59:11 -05:00
Sean King 17aa3644be
Copyright bump for 2022 2022-02-25 23:11:42 -07:00
Tusooa Zhu 0fd3695b9c
Prefer userLanguage cookie over Accept-Language header in detecting locale
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-02-21 18:02:19 -05:00
Alex Gleason 479fc5fff8
EnsureStaffPrivilegedPlug: add tests 2021-12-27 10:39:59 -06:00
Alex Gleason db2bf55e9b
Merge remote-tracking branch 'origin/develop' into notice-routes 2021-12-25 19:57:53 -06:00
Alex Gleason 9c1cb87eff Merge branch 'erratic-tests' into 'develop'
Skip erratic tests

See merge request pleroma/pleroma!3572
2021-12-22 04:14:31 +00:00
Alex Gleason 2ce7dae6de
Skip erratic tests 2021-12-21 22:04:15 -06:00
Alex Gleason b0d2b53934 Merge branch 'manifest' into 'develop'
Expose /manifest.json for PWA

Closes #882

See merge request pleroma/pleroma!3544
2021-12-19 18:18:59 +00:00
Alex Gleason e4f9cb1c1b
Merge remote-tracking branch 'origin/develop' into manifest 2021-12-19 11:33:10 -06:00
Alex Gleason e1b89fe3aa
Merge remote-tracking branch 'origin/develop' into live-dashboard 2021-12-15 19:05:36 -05:00
Alex Gleason 29d80b39f2
Add Phoenix LiveDashboard
Co-authored-by: Egor Kislitsyn <egor@kislitsyn.com>
2021-12-15 19:05:27 -05:00
Alex Gleason ba2ed3c255
Fix frontend_status_plug_test.exs 2021-12-03 07:56:26 -06:00