lambda
d73c7cc0ca
Merge branch 'security/spoofing-hardening' into 'develop'
...
security: spoofing hardening
Closes #380 , #381 , and #382
See merge request pleroma/pleroma!461
2018-11-17 21:52:51 +00:00
William Pitcock
e10f839e9b
tests: federator: fix formatting
2018-11-17 21:41:08 +00:00
William Pitcock
dfcfb184b1
activitypub: transmogrifier: make deletes secure
2018-11-17 21:22:57 +00:00
William Pitcock
b1a6e8d80d
test: add sanity tests for federator handling of AP docs
2018-11-17 21:01:19 +00:00
William Pitcock
0d1375f274
federator: return :ok or :error depending on if an AP doc was accepted or not
2018-11-17 21:00:37 +00:00
William Pitcock
3d9266a8cb
federator: do origin containment when processing inbound messages
2018-11-17 20:43:43 +00:00
William Pitcock
55640c4804
tests: add a test to verify the general fake direction protection works in all cases
2018-11-17 20:31:20 +00:00
William Pitcock
dc1d8e13b4
tests: add a testcase for user collision
2018-11-17 20:20:45 +00:00
William Pitcock
c88533209c
activitypub: user fetching: use fetch_and_contain_remote_object_from_id()
2018-11-17 20:16:03 +00:00
William Pitcock
1a940cb46e
tests: add tests for contain_origin_from_id()
2018-11-17 20:16:03 +00:00
William Pitcock
daa8ec3d62
activitypub: factor out AP object fetching to it's own function and add ID-based containment
2018-11-17 20:15:59 +00:00
lambda
a960983815
Merge branch 'security/actor-containment' into 'develop'
...
security hotfix: actor containment
See merge request pleroma/pleroma!460
2018-11-17 18:33:09 +00:00
William Pitcock
b483ae0a72
tests: add a second spoofing variant
2018-11-17 18:25:32 +00:00
William Pitcock
603fccf175
activitypub: fetch_object_from_id(): prefer `actor` over `attributedTo` to avoid spoofing
2018-11-17 18:17:17 +00:00
William Pitcock
9c8adfb6ef
test: fix more test defects
2018-11-17 18:16:55 +00:00
William Pitcock
d9cb081f07
tests: add additional spoofing tests
2018-11-17 18:12:11 +00:00
William Pitcock
2ab8e28728
transmogrifier tests: fix defective spoofing test
2018-11-17 18:11:46 +00:00
William Pitcock
010fcb73d7
test: httpoison mock: add second spoofing activity test
2018-11-17 18:11:17 +00:00
kaniini
05967472f2
Merge branch 'feature/uploader-mdii' into 'develop'
...
Feature / MDII Uploader
See merge request pleroma/pleroma!454
2018-11-17 16:41:09 +00:00
hakabahitoyo
59e079f641
fallbacking into local uploader
2018-11-17 20:16:25 +09:00
hakabahitoyo
8fd0556c78
better config reading
2018-11-17 18:14:42 +09:00
kaniini
e4f57f89de
Merge branch 'bugfix/dm-timeline-scope' into 'develop'
...
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
See merge request pleroma/pleroma!457
2018-11-16 23:34:43 +00:00
lain
f87b315618
TwitterAPI: Fix dm_timeline displaying only half of the conversation.
2018-11-16 19:47:36 +01:00
lambda
2f639ea129
Merge branch 'feature/pleromafe-usersearch' into 'develop'
...
Add Twitter / Pleroma API user search
See merge request pleroma/pleroma!452
2018-11-16 18:13:47 +00:00
kaniini
38f76d964f
Merge branch 'bugfix/csp-remove-form-action' into 'develop'
...
http security: remove form-action from CSP definitions
Closes #379
See merge request pleroma/pleroma!456
2018-11-16 17:47:22 +00:00
William Pitcock
c07464607d
http security: remove form-action from CSP definitions
2018-11-16 17:40:21 +00:00
lain
e8d8c84f79
Add better test for user search functionlity.
2018-11-16 18:31:32 +01:00
lambda
4ad0432565
Merge branch 'fix/test' into 'develop'
...
Reset http security settings to fix plug test
See merge request pleroma/pleroma!455
2018-11-16 15:52:38 +00:00
AkiraFukushima
62944b47fb
Reset http security settings to fix plug test
2018-11-17 00:45:21 +09:00
hakabahitoyo
55abd8482e
better config
2018-11-16 20:41:12 +09:00
hakabahitoyo
52224de39f
better extension detection
2018-11-16 20:22:36 +09:00
hakabahitoyo
4fbfacf5e1
debug
2018-11-15 16:08:55 +09:00
hakabahitoyo
8e707aba29
format
2018-11-15 15:11:59 +09:00
Hakaba Hitoyo
ebe658c169
debuf
2018-11-15 14:46:43 +09:00
Hakaba Hitoyo
698cb3587c
omplement mdii uploader
2018-11-15 14:38:45 +09:00
Hakaba Hitoyo
58af0787be
add mdii uploader
2018-11-15 14:19:10 +09:00
Hakaba Hitoyo
5c8b8f6cb7
Merge remote-tracking branch 'official/develop' into develop
2018-11-15 14:04:09 +09:00
Hakaba Hitoyo
3484f68795
Revert "update pleroma frontend"
...
This reverts commit 0253015467
.
2018-11-15 14:03:52 +09:00
lain
27aa136aac
Format.
2018-11-14 20:41:12 +01:00
lain
7b170cd616
Add Pleroma user search api for PleromaFE.
2018-11-14 20:33:23 +01:00
lambda
cc45797f4e
Merge branch 'fix-media-proxy-filename' into 'develop'
...
media_proxy: use path only to retrieve filename
See merge request pleroma/pleroma!450
2018-11-14 18:17:10 +00:00
kaniini
8456675c45
Merge branch 'update/pleroma-fe-20181114' into 'develop'
...
update pleroma frontend
See merge request pleroma/pleroma!451
2018-11-14 16:10:27 +00:00
William Pitcock
2a75de84e1
update pleroma frontend
2018-11-14 16:08:22 +00:00
kaniini
69d557e86d
Merge branch 'twitter-api-direct-messages' into 'develop'
...
Twitter api direct messages
See merge request pleroma/pleroma!449
2018-11-14 08:52:08 +00:00
href
f52a1d1ec5
media_proxy: use path only to retrieve filename
2018-11-13 23:41:33 +01:00
lain
ea9a776d7b
TwitterApi: Add direct message endpoint
2018-11-13 20:08:50 +01:00
lain
2cf40237ff
MastodonAPI: Add pagination to private messages.
2018-11-13 19:46:34 +01:00
lambda
a43195bdaa
Merge branch 'media-proxy-safety' into 'develop'
...
media_proxy: CSP, content-disposition
See merge request pleroma/pleroma!448
2018-11-13 15:15:05 +00:00
href
9b553a1087
media_proxy: CSP, content-disposition
...
* Adds CSP headers to the media proxy endpoint
* Sends `content-disposition: attachment; …` for non-image/video/audio
content types
The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.
* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
lambda
22d20c497b
Merge branch 'security/cookie-hardening' into 'develop'
...
Add __Host- prefix when secure flag is enabled
See merge request pleroma/pleroma!446
2018-11-13 13:23:04 +00:00