Commit graph

611 commits

Author SHA1 Message Date
João Costa
5df4d420de Whitelist object types in the index query
Select the outbox object types that we want to show on the notes page
instead of removing objects that we don't want to show.
That way, it's easier to ensure that there are no objects messing up the
object count/empty checks.

Partially fixes https://todo.sr.ht/~tsileo/microblog.pub/65
2022-11-30 14:10:28 +01:00
Jane
68884d9afa Use <details> element for sensitive text
The sensitive text feature was implemented with <label> and hidden
checkbox <input> elements. There were two issues with this
implementation:
1. The user couldn't navigate to the "show/hide more" button using
   keyboard.
2. The label indicates two actions at the same time ("show/hide more"),
   making it unclear what the function of the checkbox was and what the
   current show/collapse state was.

As it is generally preferrable to use built-in HTML elements for the
best semantic, this commit moves to use the <details> and <summary>
elements for the sensitive text feature. The browser will open/collapse
the content in <details> automatically when the user clicks on the
<summary>, and keyboard navigation support is built-in.

This commit also changes the button to display "show more" or "show
less" depending on the state for visual clarity. This button is hidden
from the accessibility tree using `aria-label="false"`, as the <details>
element already exposes its state to the tree and we want to avoid
duplicated information.

A few caveats:
* The "show/hide sensitive content" button for sensitive attachments
  hasn't been changed yet as I'd like to get more feedback about the new
  implementation.
* As the summary/content warning text itself is also part of the
  <summary> tag, the user can now also click on them to toggle the
  visibility of the sensitive text. This may not be desirable as the
  current interface does not make it clear that this could happen; the
  user may try to select some text from the summary and be surprised
  by the sensitive text being expanded. One way to improve this would
  be to add an event listener to the summary text and call
  `preventDefault`, but this would introduce JavaScript code.
2022-11-30 12:26:34 +01:00
Thomas Sileo
46a592b11e Switch back to HTTP1 for the media proxy client 2022-11-30 12:26:31 +01:00
Thomas Sileo
5f0b8f5dfd Tweak media proxy client 2022-11-28 20:58:16 +01:00
Thomas Sileo
5adb2bca9a Revert "Update deps"
This reverts commit 08cc74d928.
2022-11-28 20:35:53 +01:00
Thomas Sileo
08cc74d928 Update deps 2022-11-28 20:30:37 +01:00
Thomas Sileo
578581b4dc More mf2 improvements for shares/reposts 2022-11-27 16:29:49 +01:00
Thomas Sileo
ec36272bb4 Allow to disable certain notification type 2022-11-27 12:11:42 +01:00
Thomas Sileo
e30e0de10e No more HTTP sig check on the actor profile 2022-11-27 11:36:15 +01:00
Thomas Sileo
e672d9b9f0 Update AUTHORS 2022-11-27 11:33:46 +01:00
Sam
dcd44ec3b6 fix unshare by getting recipients from Announce activity instead of Undo 2022-11-27 11:31:45 +01:00
Sam
71a4ea2425 fix typo on deleted object ap_type 2022-11-27 11:29:54 +01:00
Thomas Sileo
441e3d90b1 Fix formatting 2022-11-23 21:58:59 +01:00
Alexey Shpakovsky
d9b9f596d3 Skip custom emojis which don't match emoji regexp
Otherwise, emojis containing forbidden symbols (for example, `-`)
appear in "emoji selector" on admin/new page, but are not replaced
with emoji image on submit.

Also add a note to documentation mentioning allowed characters.
2022-11-23 21:54:02 +01:00
Thomas Sileo
2cc4eda143 Boostrap stream customization (API may change) 2022-11-22 20:30:35 +01:00
Thomas Sileo
bd065446bf Hack in HTTP sig to drop Delete requests early on 2022-11-21 21:43:12 +01:00
Thomas Sileo
8475f5bccd Fix admin session timeout 2022-11-21 20:43:51 +01:00
Thomas Sileo
a435cd33c9 Allow to delete webmentions 2022-11-20 11:56:58 +01:00
Thomas Sileo
d692ec060f Tweak webmention processing 2022-11-20 11:31:00 +01:00
Thomas Sileo
4c6eb51ae2 Proper mf2 for replies 2022-11-20 11:12:34 +01:00
Thomas Sileo
d36102255f Merge branch 'v2' into indieweb-merge-part2 2022-11-20 10:48:43 +01:00
Thomas Sileo
cdbc545d5e Add a flag on new notifications 2022-11-20 10:13:17 +01:00
Thomas Sileo
fbc46e0517 More logging for the admin session 2022-11-20 10:02:28 +01:00
Thomas Sileo
ef4608f348 Switch back the proxy client to HTTP2 mode 2022-11-20 09:49:19 +01:00
Thomas Sileo
4638b98fa8 Regenerate AUTHORS file 2022-11-20 09:49:00 +01:00
Cocoa
a9f41d6be7 Put 'with_icon' param in the correct macro call
Fix for https://todo.sr.ht/~tsileo/microblog.pub/66
2022-11-20 09:47:54 +01:00
Thomas Sileo
59dfc3d128 Update the install guide 2022-11-19 08:38:51 +01:00
Thomas Sileo
822280c280 Tweak proxy client (increased timeout, no more HTTP2) 2022-11-19 08:32:44 +01:00
Thomas Sileo
c83dd30f41 Increase admin session validity to 3 days 2022-11-19 08:16:53 +01:00
Thomas Sileo
9d312bc229 Fix typing 2022-11-19 08:15:36 +01:00
Kevin Wallace
b37b77ad34 Make local actor icon optional
If a remote actor has no icon, we show our local default icon.

If we have no icon, we should allow remote instances to show their
default icon, instead of sending ours.
2022-11-19 08:12:49 +01:00
Thomas Sileo
9ee3f3b971 More progess on webmention replies 2022-11-19 08:12:33 +01:00
Thomas Sileo
066f5ec900 Merge branch 'v2' into indieweb-merge-part2 2022-11-18 20:36:58 +01:00
Kevin Wallace
a2254f2674 Add return type to hmac_sha256 2022-11-18 20:30:29 +01:00
Kevin Wallace
2151733e4f Add robots meta tags on pages in robots.txt
Useful when app is at a non-root path and we're not handling top-level
/robots.txt requests.
2022-11-18 20:30:29 +01:00
Kevin Wallace
3cff4e4507 Use BASE_URL when generating {proxied,resized}_image_url
Necessary when running at a non-root path
2022-11-18 20:30:29 +01:00
Thomas Sileo
120f92a9ed Display Webmention as replies when applicable 2022-11-18 20:20:58 +01:00
Thomas Sileo
ae8029cd22 Fix template 2022-11-17 21:12:16 +01:00
Thomas Sileo
434fd98cd9 Merge IndieWeb likes/reposts with their AP counterpart 2022-11-17 21:03:24 +01:00
Thomas Sileo
89c90fba56 Start to merge IndieWeb and AP interactions 2022-11-17 09:18:06 +01:00
Thomas Sileo
e29fe0a079 Fix DM admin page showing deleted objects 2022-11-15 23:07:10 +01:00
Thomas Sileo
c5aee435f4 Tweak README 2022-11-15 22:22:56 +01:00
Thomas Sileo
224f5d3f55 Add AUTHORS file 2022-11-15 22:20:28 +01:00
Thomas Sileo
6583feb87d Tweak the documentation about contributions 2022-11-15 22:17:55 +01:00
Thomas Sileo
04e75c78e0 Handle inbox delete handler for actors 2022-11-15 21:47:51 +01:00
Thomas Sileo
68c27e083f Allow to click on picture to see the original one 2022-11-14 21:23:41 +01:00
Thomas Sileo
d52528584a Tweak template for the local delete button 2022-11-13 18:32:38 +01:00
Thomas Sileo
d352dc104a Add local delete option
Useful for removing replies showing up on the public website.
2022-11-13 18:19:52 +01:00
Thomas Sileo
0c5ce67d4e Tweak remote instance redirection 2022-11-13 17:37:19 +01:00
Kevin Wallace
9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00