spc-pleroma/lib/pleroma/web
Ivan Tashkinov 2c68cf7e9e OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
2019-02-07 22:14:06 +03:00
..
activity_pub hide_followings was renamed to hide_followers in the FE, but never synced up in the BE 2019-02-06 22:34:44 +00:00
admin_api Merge branch 'cleanup/admin-api-useless-if' into 'develop' 2019-01-01 13:48:59 +00:00
channels update copyright years to 2019 2018-12-31 15:41:47 +00:00
common_api Merge branch 'fix/tusky-dm' into 'develop' 2019-01-25 05:19:32 +00:00
federator [#582] Optimized federation retirement by reducing the number of SQL calls 2019-02-03 12:41:27 +03:00
http_signatures update copyright years to 2019 2018-12-31 15:41:47 +00:00
mastodon_api OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 2019-02-07 22:14:06 +03:00
media_proxy update copyright years to 2019 2018-12-31 15:41:47 +00:00
metadata Provide local og:url for remote activities 2019-01-19 10:58:27 +03:00
nodeinfo update nodeinfo version when requesting 2.1 2019-02-01 16:03:23 -03:00
oauth OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 2019-02-07 22:14:06 +03:00
ostatus [#534] Made federation push sender be determined basing on content instead of `referer` header. Updated tests. 2019-01-29 13:12:28 +03:00
push Flake Ids for Users and Activities 2019-01-23 11:26:27 +01:00
rich_media rich media: parser: reject any data which cannot be explicitly encoded into JSON 2019-02-05 20:50:57 +00:00
salmon [#582] Made single-pub task call Instance.set_reachable/1 if `set_reachable` is not specified. 2019-02-03 13:28:13 +03:00
templates Add responsive features to layout 2019-02-02 13:40:34 +03:00
twitter_api hide_followings was renamed to hide_followers in the FE, but never synced up in the BE 2019-02-06 22:34:44 +00:00
views update copyright years to 2019 2018-12-31 15:41:47 +00:00
web_finger update copyright years to 2019 2018-12-31 15:41:47 +00:00
websub [#582] Made single-pub task call Instance.set_reachable/1 if `set_reachable` is not specified. 2019-02-03 13:28:13 +03:00
xml update copyright years to 2019 2018-12-31 15:41:47 +00:00
chat_channel.ex update copyright years to 2019 2018-12-31 15:41:47 +00:00
controller_helper.ex [#534] Refactoring / tweaks per MR review. 2019-01-28 11:03:52 +03:00
endpoint.ex Use url() instead of static_url in Endpoint.websocket_url() 2019-02-01 22:35:19 +03:00
gettext.ex update copyright years to 2019 2018-12-31 15:41:47 +00:00
metadata.ex Use object instead of activity for metadata 2019-01-18 09:32:52 +03:00
router.ex activitypub: c2s: add /api/ap/whoami endpoint for andstatus 2019-02-04 22:58:29 +00:00
streamer.ex Send delete event over Mastodon streaming api 2019-01-20 13:00:46 +01:00
uploader_controller.ex Uploader callback controller 2019-01-21 22:44:14 +01:00
web.ex Views: wrap activity rendering in a rescue 2019-01-27 19:16:20 +01:00