Commit Graph

15783 Commits

Author SHA1 Message Date
Mark Felder 84974efe4c Host header validation is now required for MediaProxy and Uploads 2023-05-29 14:17:27 -04:00
Mark Felder a60dd0d92d Validate Host header matches expected value before allowing access to Uploads 2023-05-29 14:16:03 -04:00
Mark Felder 843fcca5b4 Validate Host header matches expected value before allowing access to MediaProxy 2023-05-29 13:59:51 -04:00
Mark Felder 506a1c98e7 ConnCase: Make sure the host we use in tests is the actual Endpoint host 2023-05-29 13:55:48 -04:00
faried nawaz 4c91c0d1ba
oops, forgot the test cases 2023-05-29 02:52:50 +05:00
faried nawaz 8b390d27dc
twitter card: handle case where image has no alt text 2023-05-29 02:52:49 +05:00
faried nawaz a1af122499
changelog entry 2023-05-29 02:52:49 +05:00
faried nawaz 52368e6702
fix meta tag for twitter cards and image attachments
The name of the tag should be twitter:image, not twitter:player.

Also, add twitter:image:alt meta tags.
2023-05-29 02:52:49 +05:00
faried nawaz b6b7de2010
add url to Metadata.build_tags call
If static_fe is enabled, going to https://pleroma/notice/some-id
results in

<meta content="https://pleroma/users/someuser" property="og:url">

With this fix, it is

<meta content="https://pleroma/notice/some-id" property="og:url">

Additionally, Pleroma.Web.Metadata.Providers.OpenGraph now
generates meta tags for attachments in the post.
2023-05-29 02:52:41 +05:00
tusooa e92eb5f482 Add instructions to other distro's guides 2023-05-27 00:57:22 +00:00
Haelwenn 31ec5cd35e Merge branch 'mergeback/2.5.2' into 'develop'
Mergeback: 2.5.2

Closes #3030, #3062, and #3045

See merge request pleroma/pleroma!3893
2023-05-26 22:16:18 +00:00
Haelwenn (lanodan) Monnier 869f0d24a6 Merge branch 'release/2.5.2' into mergeback/2.5.2 2023-05-26 23:47:50 +02:00
tusooa 408ea697aa
Add changelog 2023-05-26 17:28:41 -04:00
tusooa 85902ad1ae
Recommend users to serve media on another domain in guide 2023-05-26 17:27:35 -04:00
tusooa f970091c6a
Add instructions to serve media on another domain 2023-05-26 17:17:13 -04:00
Haelwenn 2d193861db Merge branch 'release/2.5.2' into 'stable'
Security release 2.5.2

See merge request pleroma/pleroma!3863
2023-05-26 19:35:31 +00:00
Haelwenn cd9d6a12ab Merge branch 'issue/3126' into 'develop'
Filter OEmbed HTML tags

See merge request pleroma/pleroma!3891
2023-05-26 18:26:40 +00:00
Haelwenn (lanodan) Monnier 7618e562b3 Version 2.5.2 2023-05-26 19:57:00 +02:00
Mark Felder 4505bc1e58 Filter OEmbed HTML tags 2023-05-26 19:56:36 +02:00
Mark Felder 0d68804aa7 Filter OEmbed HTML tags 2023-05-26 19:54:24 +02:00
tusooa d0c2e0830b Enforce unauth restrictions for public streaming endpoints 2023-05-26 19:24:08 +02:00
Haelwenn b36263e5ff Merge branch 'issue/3126' into 'develop'
MediaProxyController: Apply CSP sandbox

See merge request pleroma/pleroma!3890
2023-05-26 19:24:08 +02:00
Haelwenn 4339230f64 Merge branch 'tusooa/fix-object-test' into 'develop'
Fix ObjectTest

See merge request pleroma/pleroma!3887
2023-05-26 19:24:08 +02:00
Haelwenn 72833c84b5 Merge branch 'tusooa/rework-refetch' into 'develop'
Make sure object refetching follows update rules

See merge request pleroma/pleroma!3883
2023-05-26 19:24:08 +02:00
Haelwenn 47e66c9500 Merge branch 'issue/3126' into 'develop'
MediaProxyController: Apply CSP sandbox

See merge request pleroma/pleroma!3890
2023-05-26 17:12:18 +00:00
Mark Felder 38bcf6b19e MediaProxyController: Apply CSP sandbox 2023-05-26 12:34:01 -04:00
Zero 279fd47b48 ForceMentionsInContent: fix double mentions for Mastodon/Misskey posts
The code checked for duplicates using "ap_id", but in Mastodon and Misskey the look like that:
Mastodon: https://mastodon.example.com/users/roger
Misskey: https:///misskey.example.com/users/104ab42f11

The fix is to also check for "uri", which is what will be in the "explicitly_mentioned_uris" list:
Mastodon: https://mastodon.example.com/@roger
Misskey: https://misskey.example.com/@roger
2023-05-26 12:30:19 -04:00
tusooa 1fa196d8f7
Fix deleting banned users' statuses 2023-05-25 19:00:38 -04:00
tusooa 2c66f584b5
Show more informative errors when profile exceeds char limits 2023-05-25 08:22:33 -04:00
Haelwenn 5433742faf Merge branch 'tusooa/fix-object-test' into 'develop'
Fix ObjectTest

See merge request pleroma/pleroma!3887
2023-05-23 01:57:07 +00:00
tusooa 819a82da99
Fix unused variable 2023-05-22 08:19:58 -04:00
tusooa 6aafa7fe76
Add changelog 2023-05-22 08:16:14 -04:00
tusooa 505e58d4eb
Fix ObjectTest 2023-05-22 08:14:20 -04:00
Haelwenn 0524e66a05 Merge branch 'accept-tags-2.5' into 'develop'
TagValidator: Drop unrecognized Tag types

Closes #2952

See merge request pleroma/pleroma!3823
2023-05-17 19:04:51 +00:00
Haelwenn ce1c0f75cd Merge branch 'tusooa/3065-scopes' into 'develop'
OAuth scopes descriptions

Closes #3065

See merge request pleroma/pleroma!3848
2023-05-17 18:51:26 +00:00
Haelwenn 66327b56e9 Merge branch 'tusooa/rework-refetch' into 'develop'
Make sure object refetching follows update rules

See merge request pleroma/pleroma!3883
2023-05-17 18:50:35 +00:00
Haelwenn b8b15cec9e Merge branch 'tusooa/changelog-improve' into 'develop'
Use git diff to search for changelog entry

See merge request pleroma/pleroma!3875
2023-05-17 15:49:54 +00:00
Haelwenn 143676f58c Merge branch 'tusooa/allow-lang' into 'develop'
Allow lang attribute

See merge request pleroma/pleroma!3882
2023-05-17 15:28:32 +00:00
Haelwenn (lanodan) Monnier a5066bb078 CommonFields: Use BareUri for :url
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3121
2023-05-17 17:25:46 +02:00
Haelwenn (lanodan) Monnier fb3335ffe2 EctoType: Add BareUri 2023-05-17 17:14:38 +02:00
tusooa e170fc40dd
Fix build warning 2023-05-09 21:38:28 -04:00
tusooa be5c5118cb
Make sure object refetching follows update rules 2023-05-09 21:04:27 -04:00
tusooa 163e82bab1
Allow lang attribute 2023-05-09 19:27:32 -04:00
Henry Jameson 2a07411b0c keep the websocket url for all modes 2023-05-07 15:34:17 +03:00
Henry Jameson f50fd9278f reduce redundant reduntancy reduction 2023-05-07 15:29:19 +03:00
Henry Jameson f8ef4924ec fix whitespace 2023-05-07 15:24:09 +03:00
Henry Jameson c0d11da2d8 conditionally set csp depnding on media-proxy state 2023-05-07 15:16:30 +03:00
Haelwenn (lanodan) Monnier c63bf6a040 Add changelog for !3880 2023-05-05 11:13:50 +02:00
Haelwenn (lanodan) Monnier fcd49e3985 User: Remove ap_enabled field 2023-05-05 11:11:26 +02:00
Haelwenn (lanodan) Monnier 238edc30de User: Remove ap_enabled?/1 2023-05-05 11:11:26 +02:00