Commit graph

122 commits

Author SHA1 Message Date
Thomas Sileo
e30e0de10e No more HTTP sig check on the actor profile 2022-11-27 11:36:15 +01:00
Thomas Sileo
4c6eb51ae2 Proper mf2 for replies 2022-11-20 11:12:34 +01:00
Thomas Sileo
d36102255f Merge branch 'v2' into indieweb-merge-part2 2022-11-20 10:48:43 +01:00
Thomas Sileo
ef4608f348 Switch back the proxy client to HTTP2 mode 2022-11-20 09:49:19 +01:00
Thomas Sileo
822280c280 Tweak proxy client (increased timeout, no more HTTP2) 2022-11-19 08:32:44 +01:00
Thomas Sileo
9d312bc229 Fix typing 2022-11-19 08:15:36 +01:00
Kevin Wallace
b37b77ad34 Make local actor icon optional
If a remote actor has no icon, we show our local default icon.

If we have no icon, we should allow remote instances to show their
default icon, instead of sending ours.
2022-11-19 08:12:49 +01:00
Thomas Sileo
9ee3f3b971 More progess on webmention replies 2022-11-19 08:12:33 +01:00
Thomas Sileo
120f92a9ed Display Webmention as replies when applicable 2022-11-18 20:20:58 +01:00
Thomas Sileo
434fd98cd9 Merge IndieWeb likes/reposts with their AP counterpart 2022-11-17 21:03:24 +01:00
Thomas Sileo
89c90fba56 Start to merge IndieWeb and AP interactions 2022-11-17 09:18:06 +01:00
Thomas Sileo
0c5ce67d4e Tweak remote instance redirection 2022-11-13 17:37:19 +01:00
Kevin Wallace
9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
Thomas Sileo
62c9327500 Add support for setting a custom CSP 2022-11-09 21:26:43 +01:00
Kevin Wallace
a4cfd65009 Sign media URLs to avoid becoming an open proxy
Signatures are valid for ~1 week.
2022-11-04 19:36:26 +01:00
Kevin Wallace
242bf7b515 fixup! Fix URL generation when not at domain root
Oops -- missed these two!  Sorry for the noise; let me know if you'd
like me to squash and resubmit.
2022-11-04 19:22:30 +01:00
Thomas Sileo
32692a7dcd First shot at supporting custom handler 2022-11-02 08:51:21 +01:00
Thomas Sileo
3d049da2e5 Add slug support for Article 2022-10-30 17:50:59 +01:00
Thomas Sileo
c8a9793638 Make hashtag case insensitive 2022-10-05 20:27:21 +02:00
Thomas Sileo
6216b316e8 Add remote interaction button 2022-09-23 20:09:05 +02:00
Thomas Sileo
4c86cd4be3 Always show followers/following page when admin 2022-09-13 22:33:20 +02:00
Thomas Sileo
b2f268682c New config item to hide followers/following 2022-09-13 21:03:35 +02:00
Thomas Sileo
5f20eab3f1 More work towards support moving/deleting instance 2022-09-01 20:42:20 +02:00
Miguel Jacq
c740813b57 Ensure pinned posts appear on front page before others 2022-08-31 08:19:47 +02:00
Miguel Jacq
db8f0cb141 Harden the CSP a bit for values that don't inherit default-src. Set Permissions-Policy. Remove TODO 2022-08-30 08:21:11 +02:00
Thomas Sileo
ebdba62a06 No more inline CSS 2022-08-29 21:42:54 +02:00
Thomas Sileo
a02c8cf0bb Fix NGINX setup instructions 2022-08-29 19:28:54 +02:00
Thomas Sileo
ee5265f4dd Small tweaks/typos 2022-08-29 09:09:28 +02:00
Thomas Sileo
87f035d298 HTML error page 2022-08-28 17:36:58 +02:00
Thomas Sileo
4e445a7207 Prevent replay attacks with TLS1.3 0-RTT 2022-08-26 23:35:58 +02:00
Thomas Sileo
40c4a4413d Tweak media proxy error 2022-08-26 22:04:38 +02:00
Thomas Sileo
88cb82c9bb Improve static assets caching 2022-08-26 20:26:41 +02:00
Thomas Sileo
edf9e28ed1 Tweak cache size 2022-08-26 18:58:21 +02:00
Thomas Sileo
84203fc66e More webp support 2022-08-26 09:28:00 +02:00
Thomas Sileo
53a31ae562 Webp support 2022-08-26 08:48:14 +02:00
Thomas Sileo
953a6c3b91 Fix empty tag page 2022-08-24 20:52:15 +02:00
Thomas Sileo
601313cf65 Yunohost config utils 2022-08-21 15:40:25 +02:00
Thomas Sileo
6b670c74cf Tweak logger 2022-08-21 09:42:28 +02:00
Thomas Sileo
e16dbb4590 Enable CORS for the webfinger endpoint 2022-08-21 09:36:03 +02:00
Thomas Sileo
691ad500c6 Tweak logging 2022-08-20 09:11:48 +02:00
Thomas Sileo
d3b7f6ccbb Template fixes 2022-08-18 20:53:51 +02:00
Thomas Sileo
2d28ca3614 Cleanup inbox processing 2022-08-18 20:21:28 +02:00
Thomas Sileo
02c09f2363 Add support for Move activity 2022-08-16 22:15:05 +02:00
Thomas Sileo
d1b4bd0181 Improve lookup and handle visibility in threads 2022-08-15 21:34:57 +02:00
Thomas Sileo
c711096262 Allow to interact with objects via lookup 2022-08-15 12:49:07 +02:00
Thomas Sileo
d381bb3fec Improve actor-level blocking 2022-08-15 10:50:13 +02:00
Thomas Sileo
51bfc4bd30 Various tweaks about AP types 2022-08-13 22:37:44 +02:00
Thomas Sileo
59688ad5f6 Improve show more and show sensitive attachments 2022-08-13 15:20:56 +02:00
Thomas Sileo
abfb6355aa Improve DM threads 2022-08-12 10:01:35 +02:00
Thomas Sileo
23afd31bff Improve outgoing worker 2022-08-11 23:10:24 +02:00