Commit Graph

1819 Commits

Author SHA1 Message Date
William Pitcock
c07464607d http security: remove form-action from CSP definitions 2018-11-16 17:40:21 +00:00
lambda
cc45797f4e Merge branch 'fix-media-proxy-filename' into 'develop'
media_proxy: use path only to retrieve filename

See merge request pleroma/pleroma!450
2018-11-14 18:17:10 +00:00
kaniini
69d557e86d Merge branch 'twitter-api-direct-messages' into 'develop'
Twitter api direct messages

See merge request pleroma/pleroma!449
2018-11-14 08:52:08 +00:00
href
f52a1d1ec5
media_proxy: use path only to retrieve filename 2018-11-13 23:41:33 +01:00
lain
ea9a776d7b TwitterApi: Add direct message endpoint 2018-11-13 20:08:50 +01:00
lain
2cf40237ff MastodonAPI: Add pagination to private messages. 2018-11-13 19:46:34 +01:00
href
9b553a1087
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
shibayashi
87c76a9a2f
Add __Host- prefix when secure flag is enabled 2018-11-13 00:32:38 +01:00
scarlett
0ce5623134 Merge branch 'twitter-api-null-display-name' into 'develop'
Twitter API: Fall back to user.nickname if user has no name

Closes #375

See merge request pleroma/pleroma!444
2018-11-12 17:08:54 +00:00
scarlett
cb6fd73861 Twitter API: Fall back to user.nickname if user has no name 2018-11-12 15:52:13 +00:00
kaniini
54923c2e55 Merge branch 'feature/csp-plug' into 'develop'
migrate CSP management to CSPPlug

See merge request pleroma/pleroma!441
2018-11-12 15:30:42 +00:00
William Pitcock
2829fa4183 sample config: chase http_security change 2018-11-12 15:17:04 +00:00
William Pitcock
ee5932a504 http security: allow referrer-policy to be configured 2018-11-12 15:14:46 +00:00
William Pitcock
fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
KokaKiwi
1592fa2bea Mastodon API: Fix list streaming 2018-11-11 14:18:15 +01:00
William Pitcock
df72978dce csp plug: add support for certificate transparency 2018-11-11 06:55:44 +00:00
William Pitcock
331cf6ada1 csp plug: add sts support 2018-11-11 06:50:28 +00:00
William Pitcock
a2bf5426cb sample config: document how to make CSPPlug send STS headers (off by default to allow for SSL debugging) 2018-11-11 06:42:14 +00:00
William Pitcock
f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
William Pitcock
419ed3a0ca oauth: fix token decode regression 2018-11-11 05:26:39 +00:00
lambda
f745e823f0 Merge branch 'bugfix/json-ld-object-sanitization' into 'develop'
JSON-LD: object sanitization

See merge request pleroma/pleroma!438
2018-11-10 12:37:18 +00:00
William Pitcock
97e50f3191 activitypub: transmogrifier: sanitize internal representation details from outgoing objects
this causes JSON-LD parsers to get upset and has also lead to developer confusion from outside
projects which tried to parse our internal data.  accordingly, it seems better to just remove
it.
2018-11-10 12:24:20 +00:00
Haelwenn (lanodan) Monnier
5ecb5629f6
lib/mix/tasks: s/@doc/@moduledoc/ 2018-11-10 13:09:39 +01:00
Haelwenn (lanodan) Monnier
5e3207045e
lib/mix/tasks/unsubscribe_user.ex: Fix syntax from bad line copy 2018-11-10 13:09:39 +01:00
Haelwenn (lanodan) Monnier
64c0289893
lib/mix/tasks: Add remaining documentation for mix tasks 2018-11-10 13:09:38 +01:00
Haelwenn (lanodan) Monnier
8b2541e4e7
Document the mix tasks in ex_doc instead 2018-11-10 13:09:37 +01:00
Haelwenn (lanodan) Monnier
e1814bb322
Document mix tasks 2018-11-10 13:09:37 +01:00
William Pitcock
f8310114a6 activitypub: object view: sanitize both the activity and the object when an activity is given for rendering 2018-11-10 12:04:09 +00:00
kaniini
c9c1f9dee2 Merge branch 'bugfix/ostatus-as2-reflection' into 'develop'
ostatus: only federate activities concerning note objects

See merge request pleroma/pleroma!437
2018-11-10 11:50:02 +00:00
kaniini
7daa102fa4 Merge branch 'bugfix/local-jsonld-context' into 'develop'
Host LitePub JSON-LD context locally

See merge request pleroma/pleroma!435
2018-11-10 11:37:44 +00:00
William Pitcock
4f87b8362b endpoint: move CORSPlug in front of Plug.Static 2018-11-10 11:23:50 +00:00
William Pitcock
03a9990baf endpoint: fix formatting 2018-11-10 11:18:25 +00:00
William Pitcock
e6d246882d federator: don't federate anything other than Note objects to OStatus 2018-11-10 10:06:10 +00:00
William Pitcock
e4971553c7 activitypub: utils: use same object type list for mention extraction as insertion 2018-11-09 13:40:39 +00:00
William Pitcock
b3c360ce2c notification: add fallback get_notified_from_activity() 2018-11-09 09:07:40 +00:00
William Pitcock
b9871e7e5a activitypub: utils: wrap Note objects in a Create when extracting mentions 2018-11-09 09:01:40 +00:00
William Pitcock
8c805ada32 user: remove obsolete User.get_notified_from_activity(). 2018-11-09 09:01:40 +00:00
William Pitcock
6cadfcb21e activitypub: utils: switch to using new Notification.get_notified_from_activity(). 2018-11-09 09:01:40 +00:00
William Pitcock
cdfdd77e30 notification: implement new Notification.get_notified_from_activity() 2018-11-09 09:01:36 +00:00
William Pitcock
d26cd6c1bf user: factor out user set fetching from User.get_notified_from_activity() 2018-11-09 08:23:45 +00:00
William Pitcock
81d6ca1783 user: implement AS2 mention extraction + unify Announce handling 2018-11-08 20:19:56 +00:00
William Pitcock
6b4064fa5d activitypub: transmogrifier: unify mention extraction 2018-11-08 19:41:36 +00:00
William Pitcock
0a2c1a3419 user: add optional local_only param to get_notified_from_activity() 2018-11-08 19:30:55 +00:00
Haelwenn (lanodan) Monnier
2fab32ab61
Pleroma.Web.Endpoint: Whitelist schemas directory 2018-11-08 20:22:12 +01:00
Haelwenn (lanodan) Monnier
934125695d
Move /litepub-1.0.jsonld to /schemas/litepub-0.1.jsonld 2018-11-08 20:21:45 +01:00
William Pitcock
4e93d6ae14 common api: utils: flip to/cc for mentions 2018-11-08 19:17:01 +00:00
William Pitcock
3e33479c05 activitypub: transmogrifier: only consider to users as mention targets 2018-11-08 18:58:27 +00:00
William Pitcock
144dc048b8 user: only consider to recipients as mention targets 2018-11-08 18:58:24 +00:00
Haelwenn (lanodan) Monnier
abcacec97d
Pleroma.Web.ActivityPub.Utils: Use locally-served JSON-LD Litepub context instead of Github-hosted one 2018-11-08 19:38:38 +01:00
William Pitcock
da16ada424 utils: use litepub @context instead of that huge mess 2018-11-08 16:52:14 +00:00