Commit graph

132 commits

Author SHA1 Message Date
Thomas Sileo
ed214cf0e7 Add OAuth refresh token support 2022-12-18 12:55:24 +01:00
Thomas Sileo
3fb36d6119 C2S API for the inbox 2022-12-18 10:52:06 +01:00
Thomas Sileo
7b506f2519 More AP C2S support 2022-12-16 20:20:40 +01:00
Thomas Sileo
7621a19489 Check browser support before returning webp pictures 2022-12-11 16:15:25 +01:00
Thomas Sileo
7d3fc35a24 More proxy client tweaks 2022-12-02 19:40:58 +01:00
Thomas Sileo
73dceee0f5 Fix proxy client 2022-12-02 19:28:59 +01:00
Thomas Sileo
0527e34476 Tweak proxy client 2022-12-02 18:48:05 +01:00
João Costa
5df4d420de Whitelist object types in the index query
Select the outbox object types that we want to show on the notes page
instead of removing objects that we don't want to show.
That way, it's easier to ensure that there are no objects messing up the
object count/empty checks.

Partially fixes https://todo.sr.ht/~tsileo/microblog.pub/65
2022-11-30 14:10:28 +01:00
Thomas Sileo
46a592b11e Switch back to HTTP1 for the media proxy client 2022-11-30 12:26:31 +01:00
Thomas Sileo
5f0b8f5dfd Tweak media proxy client 2022-11-28 20:58:16 +01:00
Thomas Sileo
e30e0de10e No more HTTP sig check on the actor profile 2022-11-27 11:36:15 +01:00
Thomas Sileo
4c6eb51ae2 Proper mf2 for replies 2022-11-20 11:12:34 +01:00
Thomas Sileo
d36102255f Merge branch 'v2' into indieweb-merge-part2 2022-11-20 10:48:43 +01:00
Thomas Sileo
ef4608f348 Switch back the proxy client to HTTP2 mode 2022-11-20 09:49:19 +01:00
Thomas Sileo
822280c280 Tweak proxy client (increased timeout, no more HTTP2) 2022-11-19 08:32:44 +01:00
Thomas Sileo
9d312bc229 Fix typing 2022-11-19 08:15:36 +01:00
Kevin Wallace
b37b77ad34 Make local actor icon optional
If a remote actor has no icon, we show our local default icon.

If we have no icon, we should allow remote instances to show their
default icon, instead of sending ours.
2022-11-19 08:12:49 +01:00
Thomas Sileo
9ee3f3b971 More progess on webmention replies 2022-11-19 08:12:33 +01:00
Thomas Sileo
120f92a9ed Display Webmention as replies when applicable 2022-11-18 20:20:58 +01:00
Thomas Sileo
434fd98cd9 Merge IndieWeb likes/reposts with their AP counterpart 2022-11-17 21:03:24 +01:00
Thomas Sileo
89c90fba56 Start to merge IndieWeb and AP interactions 2022-11-17 09:18:06 +01:00
Thomas Sileo
0c5ce67d4e Tweak remote instance redirection 2022-11-13 17:37:19 +01:00
Kevin Wallace
9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
Thomas Sileo
62c9327500 Add support for setting a custom CSP 2022-11-09 21:26:43 +01:00
Kevin Wallace
a4cfd65009 Sign media URLs to avoid becoming an open proxy
Signatures are valid for ~1 week.
2022-11-04 19:36:26 +01:00
Kevin Wallace
242bf7b515 fixup! Fix URL generation when not at domain root
Oops -- missed these two!  Sorry for the noise; let me know if you'd
like me to squash and resubmit.
2022-11-04 19:22:30 +01:00
Thomas Sileo
32692a7dcd First shot at supporting custom handler 2022-11-02 08:51:21 +01:00
Thomas Sileo
3d049da2e5 Add slug support for Article 2022-10-30 17:50:59 +01:00
Thomas Sileo
c8a9793638 Make hashtag case insensitive 2022-10-05 20:27:21 +02:00
Thomas Sileo
6216b316e8 Add remote interaction button 2022-09-23 20:09:05 +02:00
Thomas Sileo
4c86cd4be3 Always show followers/following page when admin 2022-09-13 22:33:20 +02:00
Thomas Sileo
b2f268682c New config item to hide followers/following 2022-09-13 21:03:35 +02:00
Thomas Sileo
5f20eab3f1 More work towards support moving/deleting instance 2022-09-01 20:42:20 +02:00
Miguel Jacq
c740813b57 Ensure pinned posts appear on front page before others 2022-08-31 08:19:47 +02:00
Miguel Jacq
db8f0cb141 Harden the CSP a bit for values that don't inherit default-src. Set Permissions-Policy. Remove TODO 2022-08-30 08:21:11 +02:00
Thomas Sileo
ebdba62a06 No more inline CSS 2022-08-29 21:42:54 +02:00
Thomas Sileo
a02c8cf0bb Fix NGINX setup instructions 2022-08-29 19:28:54 +02:00
Thomas Sileo
ee5265f4dd Small tweaks/typos 2022-08-29 09:09:28 +02:00
Thomas Sileo
87f035d298 HTML error page 2022-08-28 17:36:58 +02:00
Thomas Sileo
4e445a7207 Prevent replay attacks with TLS1.3 0-RTT 2022-08-26 23:35:58 +02:00
Thomas Sileo
40c4a4413d Tweak media proxy error 2022-08-26 22:04:38 +02:00
Thomas Sileo
88cb82c9bb Improve static assets caching 2022-08-26 20:26:41 +02:00
Thomas Sileo
edf9e28ed1 Tweak cache size 2022-08-26 18:58:21 +02:00
Thomas Sileo
84203fc66e More webp support 2022-08-26 09:28:00 +02:00
Thomas Sileo
53a31ae562 Webp support 2022-08-26 08:48:14 +02:00
Thomas Sileo
953a6c3b91 Fix empty tag page 2022-08-24 20:52:15 +02:00
Thomas Sileo
601313cf65 Yunohost config utils 2022-08-21 15:40:25 +02:00
Thomas Sileo
6b670c74cf Tweak logger 2022-08-21 09:42:28 +02:00
Thomas Sileo
e16dbb4590 Enable CORS for the webfinger endpoint 2022-08-21 09:36:03 +02:00
Thomas Sileo
691ad500c6 Tweak logging 2022-08-20 09:11:48 +02:00