Commit graph

93 commits

Author SHA1 Message Date
FloatingGhost
bab1ab5b6c strip \r and \r from content-disposition filenames 2022-11-10 11:54:12 +00:00
Thomas Citharel
4d0a51221a
Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 15:02:13 +01:00
ilja
f1dfd76b98 Fix rate_limiter_test.exs test "it restricts based on config values" (#233)
Fixes one of the 'erratic' tests

It used a timer to sleep.
But time also goes on when doing other things, so depending on hardware, the timings could be off.
I slightly changed the tests so we still test what we functionally want.
Instead of waiting until the cache expires I now have a function to expire the test and use that.

That means we're not testing any more if the cache really expires after a certain amount of time,
but that's the responsability of the dependency imo, so shouldn't be a problem.

I also changed `Pleroma.Web.Endpoint, :http, :ip` in the tests to `127.0.0.1`
Currently it was set to 8.8.8.8, but I see no reason for that and, while I assume that no calls
are made to it, it may come over as weird or suspicious to people.

Co-authored-by: Ilja <ilja@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/233
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
2022-11-01 14:25:54 +00:00
FloatingGhost
03662501c3 Check that the signature matches the creator 2022-10-14 11:48:32 +01:00
floatingghost
772c209914 GTS: cherry-picks and collection usage (#186)
https://git.pleroma.social/pleroma/pleroma/-/merge_requests/3725?commit_id=61254111e59f02118cad15de49d1e0704c07030e

what is this, a yoink of a yoink? good times

Co-authored-by: Hélène <pleroma-dev@helene.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/186
2022-08-27 18:05:48 +00:00
FloatingGhost
8d7b63a766 Revert "Fix oauth2 (for real) (#179)"
This reverts commit aa681d7e15.
2022-08-21 17:52:02 +01:00
floatingghost
aa681d7e15 Fix oauth2 (for real) (#179)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/179
2022-08-21 16:24:37 +00:00
FloatingGhost
b0130bfa7b Revert "oauth2 fixes (#177)"
This reverts commit 429e2ac832.
2022-08-21 16:22:15 +01:00
floatingghost
429e2ac832 oauth2 fixes (#177)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/177
2022-08-21 14:46:52 +00:00
floatingghost
ec162b496b /notice signing checks on redirect (#150)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/150
2022-08-05 19:31:32 +00:00
floatingghost
82fa766ed7 Remove precompiled javascript (#55)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/55
2022-07-08 13:03:18 +00:00
Tusooa Zhu
fcfb5a4967 Lint 2022-06-29 20:47:10 +01:00
Tusooa Zhu
07bd35227a Support multiple locales from userLanguage cookie 2022-06-29 20:47:10 +01:00
Tusooa Zhu
fa95bc8725 Support multiple locales formally
elixir gettext current does not fully support fallback to another language [0].
But it might in the future. We adapt it so that all languages in Accept-Language
headers are received by Pleroma.Web.Gettext. User.languages is now a comma-separated
list.

[0]: https://github.com/elixir-gettext/gettext/issues/303
2022-06-29 20:47:10 +01:00
Tusooa Zhu
ff0bb3a3ac Add test for fallbacking to a general language 2022-06-29 20:47:10 +01:00
Tusooa Zhu
ef73f61b07 Fallback to a variant if the language in general is not supported
For an example, here, zh is not supported, but zh_Hans and zh_Hant
are. If the user asks for zh, we should choose a variant for them
instead of fallbacking to default.

Some browsers (e.g. Firefox) does not allow users to customize
their language codes. For example, there is no zh-Hans, but only
zh, zh-CN, zh-TW, zh-HK, etc. This provides a workaround for
those users suffering from bad design decisions.
2022-06-29 20:47:10 +01:00
Tusooa Zhu
775f997c40 Prefer userLanguage cookie over Accept-Language header in detecting locale
https://git.pleroma.social/pleroma/pleroma-meta/-/issues/60
2022-06-29 20:43:41 +01:00
FloatingGhost
502382da45 cherry-pick security from upstream 2022-06-22 16:25:05 +01:00
FloatingGhost
0d012ebea1 Revert "Merge branch 'remove/mastofe' into 'develop'"
This reverts commit 6b3842cf50, reversing
changes made to 6b1282a829.
2022-01-08 21:44:37 +00:00
Alex Gleason
479fc5fff8
EnsureStaffPrivilegedPlug: add tests 2021-12-27 10:39:59 -06:00
Alex Gleason
db2bf55e9b
Merge remote-tracking branch 'origin/develop' into notice-routes 2021-12-25 19:57:53 -06:00
Alex Gleason
9c1cb87eff Merge branch 'erratic-tests' into 'develop'
Skip erratic tests

See merge request pleroma/pleroma!3572
2021-12-22 04:14:31 +00:00
Alex Gleason
2ce7dae6de
Skip erratic tests 2021-12-21 22:04:15 -06:00
Alex Gleason
b0d2b53934 Merge branch 'manifest' into 'develop'
Expose /manifest.json for PWA

Closes #882

See merge request pleroma/pleroma!3544
2021-12-19 18:18:59 +00:00
Alex Gleason
e4f9cb1c1b
Merge remote-tracking branch 'origin/develop' into manifest 2021-12-19 11:33:10 -06:00
Alex Gleason
e1b89fe3aa
Merge remote-tracking branch 'origin/develop' into live-dashboard 2021-12-15 19:05:36 -05:00
Alex Gleason
29d80b39f2
Add Phoenix LiveDashboard
Co-authored-by: Egor Kislitsyn <egor@kislitsyn.com>
2021-12-15 19:05:27 -05:00
Alex Gleason
ba2ed3c255
Fix frontend_status_plug_test.exs 2021-12-03 07:56:26 -06:00
Alex Gleason
720198d569
Merge remote-tracking branch 'pleroma/develop' into manifest 2021-11-24 17:58:58 -06:00
Alex Gleason
cb9359335f
Expose /manifest.json for PWA 2021-11-24 17:50:55 -06:00
Sean King
1841bd8383 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into remove/mastofe 2021-08-06 08:08:20 -06:00
Alex Gleason
44ede0657f
Merge remote-tracking branch 'pleroma/develop' into staff-plug 2021-08-04 11:48:57 -05:00
Alex Gleason
9bc1e79c56
Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
Sean King
dc4814f0cd
Fix merge conflicts with upstream 2021-06-04 14:42:44 -06:00
Alex Gleason
c23b81e399
Pleroma.Web.get_api_routes/0 --> Pleroma.Web.Router.get_api_routes/0
Reduce recompilation time by breaking compile-time cycles
2021-05-28 13:51:01 -05:00
Alex Gleason
50e3750758
Add notice compatibility routes for other frontends
Fixes: https://git.pleroma.social/pleroma/pleroma/-/issues/1785
2021-05-05 14:50:10 -05:00
Sean King
8afa3f2d1b
Remove no longer necessary unit tests for MastoFE 2021-04-15 23:12:42 -06:00
Mark Felder
902d4e4a4a Leave a note for future explorers 2021-02-25 13:06:43 -06:00
Mark Felder
2da71a526f No need to filter out Mix.env() from the API routes. 2021-02-25 13:04:08 -06:00
Mark Felder
6b87dfad5d Filter out MIX_ENV from route list and add a test 2021-02-25 09:23:10 -06:00
rinpatch
6d66fadea7 Remove :auth, :enforce_oauth_admin_scope_usage
`admin` scope has been required by default for more than a year now
and all apps that use the API seems to request a proper scope by now.
2021-02-17 20:47:38 +03:00
Egor Kislitsyn
bddb01bded
Add tests 2021-01-27 18:20:07 +04:00
lain
7f07871639 Merge branch 'chore/tests-use-clear_config' into 'develop'
Convert tests to all use clear_config instead of Pleroma.Config.put

See merge request pleroma/pleroma!3282
2021-01-27 11:33:27 +00:00
feld
d7af0294e6 Merge branch 'service-worker-allowed-header' into 'develop'
Ability to set custom HTTP headers per each frontend

See merge request pleroma/pleroma!3247
2021-01-26 18:14:01 +00:00
Mark Felder
e854c35e65 Convert tests to all use clear_config instead of Pleroma.Config.put 2021-01-26 11:58:43 -06:00
eugenijm
7fcaa188a0 Allow to define custom HTTP headers per each frontend 2021-01-21 21:55:23 +03:00
eugenijm
133644dfa2 Ability to set the Service-Worker-Allowed header 2021-01-21 21:55:11 +03:00
Mark Felder
28581e03ad Merge branch 'develop' into refactor/deactivated_user_field 2021-01-18 14:58:21 -06:00
Mark Felder
d36182c088 Change user.confirmation_pending field to user.is_confirmed 2021-01-15 12:44:41 -06:00
Mark Felder
860b5c7804 Change user.deactivated field to user.is_active 2021-01-15 11:24:46 -06:00