Commit graph

110 commits

Author SHA1 Message Date
Kevin Wallace
9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
Thomas Sileo
62c9327500 Add support for setting a custom CSP 2022-11-09 21:26:43 +01:00
Kevin Wallace
a4cfd65009 Sign media URLs to avoid becoming an open proxy
Signatures are valid for ~1 week.
2022-11-04 19:36:26 +01:00
Kevin Wallace
242bf7b515 fixup! Fix URL generation when not at domain root
Oops -- missed these two!  Sorry for the noise; let me know if you'd
like me to squash and resubmit.
2022-11-04 19:22:30 +01:00
Thomas Sileo
32692a7dcd First shot at supporting custom handler 2022-11-02 08:51:21 +01:00
Thomas Sileo
3d049da2e5 Add slug support for Article 2022-10-30 17:50:59 +01:00
Thomas Sileo
c8a9793638 Make hashtag case insensitive 2022-10-05 20:27:21 +02:00
Thomas Sileo
6216b316e8 Add remote interaction button 2022-09-23 20:09:05 +02:00
Thomas Sileo
4c86cd4be3 Always show followers/following page when admin 2022-09-13 22:33:20 +02:00
Thomas Sileo
b2f268682c New config item to hide followers/following 2022-09-13 21:03:35 +02:00
Thomas Sileo
5f20eab3f1 More work towards support moving/deleting instance 2022-09-01 20:42:20 +02:00
Miguel Jacq
c740813b57 Ensure pinned posts appear on front page before others 2022-08-31 08:19:47 +02:00
Miguel Jacq
db8f0cb141 Harden the CSP a bit for values that don't inherit default-src. Set Permissions-Policy. Remove TODO 2022-08-30 08:21:11 +02:00
Thomas Sileo
ebdba62a06 No more inline CSS 2022-08-29 21:42:54 +02:00
Thomas Sileo
a02c8cf0bb Fix NGINX setup instructions 2022-08-29 19:28:54 +02:00
Thomas Sileo
ee5265f4dd Small tweaks/typos 2022-08-29 09:09:28 +02:00
Thomas Sileo
87f035d298 HTML error page 2022-08-28 17:36:58 +02:00
Thomas Sileo
4e445a7207 Prevent replay attacks with TLS1.3 0-RTT 2022-08-26 23:35:58 +02:00
Thomas Sileo
40c4a4413d Tweak media proxy error 2022-08-26 22:04:38 +02:00
Thomas Sileo
88cb82c9bb Improve static assets caching 2022-08-26 20:26:41 +02:00
Thomas Sileo
edf9e28ed1 Tweak cache size 2022-08-26 18:58:21 +02:00
Thomas Sileo
84203fc66e More webp support 2022-08-26 09:28:00 +02:00
Thomas Sileo
53a31ae562 Webp support 2022-08-26 08:48:14 +02:00
Thomas Sileo
953a6c3b91 Fix empty tag page 2022-08-24 20:52:15 +02:00
Thomas Sileo
601313cf65 Yunohost config utils 2022-08-21 15:40:25 +02:00
Thomas Sileo
6b670c74cf Tweak logger 2022-08-21 09:42:28 +02:00
Thomas Sileo
e16dbb4590 Enable CORS for the webfinger endpoint 2022-08-21 09:36:03 +02:00
Thomas Sileo
691ad500c6 Tweak logging 2022-08-20 09:11:48 +02:00
Thomas Sileo
d3b7f6ccbb Template fixes 2022-08-18 20:53:51 +02:00
Thomas Sileo
2d28ca3614 Cleanup inbox processing 2022-08-18 20:21:28 +02:00
Thomas Sileo
02c09f2363 Add support for Move activity 2022-08-16 22:15:05 +02:00
Thomas Sileo
d1b4bd0181 Improve lookup and handle visibility in threads 2022-08-15 21:34:57 +02:00
Thomas Sileo
c711096262 Allow to interact with objects via lookup 2022-08-15 12:49:07 +02:00
Thomas Sileo
d381bb3fec Improve actor-level blocking 2022-08-15 10:50:13 +02:00
Thomas Sileo
51bfc4bd30 Various tweaks about AP types 2022-08-13 22:37:44 +02:00
Thomas Sileo
59688ad5f6 Improve show more and show sensitive attachments 2022-08-13 15:20:56 +02:00
Thomas Sileo
abfb6355aa Improve DM threads 2022-08-12 10:01:35 +02:00
Thomas Sileo
23afd31bff Improve outgoing worker 2022-08-11 23:10:24 +02:00
Thomas Sileo
9f3956db67 Copy over the content warning when replying 2022-08-01 20:37:08 +02:00
Thomas Sileo
cc18e94a81 Fix replies count when replying to an inbox object 2022-07-31 11:46:45 +02:00
Thomas Sileo
7782a39638 Improve admin actor profile 2022-07-31 10:03:45 +02:00
Thomas Sileo
61877b22c0 Tweak media proxy 2022-07-30 09:09:18 +02:00
Thomas Sileo
4b20c26e4b Better Docker support 2022-07-30 08:46:29 +02:00
Thomas Sileo
fe9e4eebf4 Fix footer 2022-07-29 23:17:02 +02:00
Thomas Sileo
2ae08d16b8 Tweak custom emoji path 2022-07-29 15:12:48 +02:00
Thomas Sileo
c07d17ba9b Add error handling for admin lookups 2022-07-26 18:51:20 +02:00
Thomas Sileo
24f3f94056 Start support for authoring articles 2022-07-25 22:51:53 +02:00
Thomas Sileo
d67a44bb59 Add support for voting on Question 2022-07-23 19:02:06 +02:00
Thomas Sileo
4046fa0506 Add notification for follow requests status 2022-07-22 19:36:58 +02:00
Thomas Sileo
edae9a6b62 Add alt text support for attachments 2022-07-21 22:43:06 +02:00