Commit graph

2553 commits

Author SHA1 Message Date
William Pitcock e10f839e9b tests: federator: fix formatting 2018-11-17 21:41:08 +00:00
William Pitcock dfcfb184b1 activitypub: transmogrifier: make deletes secure 2018-11-17 21:22:57 +00:00
William Pitcock b1a6e8d80d test: add sanity tests for federator handling of AP docs 2018-11-17 21:01:19 +00:00
William Pitcock 0d1375f274 federator: return :ok or :error depending on if an AP doc was accepted or not 2018-11-17 21:00:37 +00:00
William Pitcock 3d9266a8cb federator: do origin containment when processing inbound messages 2018-11-17 20:43:43 +00:00
William Pitcock 55640c4804 tests: add a test to verify the general fake direction protection works in all cases 2018-11-17 20:31:20 +00:00
William Pitcock dc1d8e13b4 tests: add a testcase for user collision 2018-11-17 20:20:45 +00:00
William Pitcock c88533209c activitypub: user fetching: use fetch_and_contain_remote_object_from_id() 2018-11-17 20:16:03 +00:00
William Pitcock 1a940cb46e tests: add tests for contain_origin_from_id() 2018-11-17 20:16:03 +00:00
William Pitcock daa8ec3d62 activitypub: factor out AP object fetching to it's own function and add ID-based containment 2018-11-17 20:15:59 +00:00
lambda a960983815 Merge branch 'security/actor-containment' into 'develop'
security hotfix: actor containment

See merge request pleroma/pleroma!460
2018-11-17 18:33:09 +00:00
William Pitcock b483ae0a72 tests: add a second spoofing variant 2018-11-17 18:25:32 +00:00
William Pitcock 603fccf175 activitypub: fetch_object_from_id(): prefer actor over attributedTo to avoid spoofing 2018-11-17 18:17:17 +00:00
William Pitcock 9c8adfb6ef test: fix more test defects 2018-11-17 18:16:55 +00:00
William Pitcock d9cb081f07 tests: add additional spoofing tests 2018-11-17 18:12:11 +00:00
William Pitcock 2ab8e28728 transmogrifier tests: fix defective spoofing test 2018-11-17 18:11:46 +00:00
William Pitcock 010fcb73d7 test: httpoison mock: add second spoofing activity test 2018-11-17 18:11:17 +00:00
kaniini 05967472f2 Merge branch 'feature/uploader-mdii' into 'develop'
Feature / MDII Uploader

See merge request pleroma/pleroma!454
2018-11-17 16:41:09 +00:00
hakabahitoyo 59e079f641 fallbacking into local uploader 2018-11-17 20:16:25 +09:00
hakabahitoyo 8fd0556c78 better config reading 2018-11-17 18:14:42 +09:00
kaniini e4f57f89de Merge branch 'bugfix/dm-timeline-scope' into 'develop'
TwitterAPI: Fix dm_timeline displaying only half of the conversation.

See merge request pleroma/pleroma!457
2018-11-16 23:34:43 +00:00
lain f87b315618 TwitterAPI: Fix dm_timeline displaying only half of the conversation. 2018-11-16 19:47:36 +01:00
lambda 2f639ea129 Merge branch 'feature/pleromafe-usersearch' into 'develop'
Add Twitter / Pleroma API user search

See merge request pleroma/pleroma!452
2018-11-16 18:13:47 +00:00
kaniini 38f76d964f Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions

Closes #379

See merge request pleroma/pleroma!456
2018-11-16 17:47:22 +00:00
William Pitcock c07464607d http security: remove form-action from CSP definitions 2018-11-16 17:40:21 +00:00
lain e8d8c84f79 Add better test for user search functionlity. 2018-11-16 18:31:32 +01:00
lambda 4ad0432565 Merge branch 'fix/test' into 'develop'
Reset http security settings to fix plug test

See merge request pleroma/pleroma!455
2018-11-16 15:52:38 +00:00
AkiraFukushima 62944b47fb Reset http security settings to fix plug test 2018-11-17 00:45:21 +09:00
hakabahitoyo 55abd8482e better config 2018-11-16 20:41:12 +09:00
hakabahitoyo 52224de39f better extension detection 2018-11-16 20:22:36 +09:00
hakabahitoyo 4fbfacf5e1 debug 2018-11-15 16:08:55 +09:00
hakabahitoyo 8e707aba29 format 2018-11-15 15:11:59 +09:00
Hakaba Hitoyo ebe658c169 debuf 2018-11-15 14:46:43 +09:00
Hakaba Hitoyo 698cb3587c omplement mdii uploader 2018-11-15 14:38:45 +09:00
Hakaba Hitoyo 58af0787be add mdii uploader 2018-11-15 14:19:10 +09:00
Hakaba Hitoyo 5c8b8f6cb7 Merge remote-tracking branch 'official/develop' into develop 2018-11-15 14:04:09 +09:00
Hakaba Hitoyo 3484f68795 Revert "update pleroma frontend"
This reverts commit 0253015467.
2018-11-15 14:03:52 +09:00
lain 27aa136aac Format. 2018-11-14 20:41:12 +01:00
lain 7b170cd616 Add Pleroma user search api for PleromaFE. 2018-11-14 20:33:23 +01:00
lambda cc45797f4e Merge branch 'fix-media-proxy-filename' into 'develop'
media_proxy: use path only to retrieve filename

See merge request pleroma/pleroma!450
2018-11-14 18:17:10 +00:00
kaniini 8456675c45 Merge branch 'update/pleroma-fe-20181114' into 'develop'
update pleroma frontend

See merge request pleroma/pleroma!451
2018-11-14 16:10:27 +00:00
William Pitcock 2a75de84e1 update pleroma frontend 2018-11-14 16:08:22 +00:00
kaniini 69d557e86d Merge branch 'twitter-api-direct-messages' into 'develop'
Twitter api direct messages

See merge request pleroma/pleroma!449
2018-11-14 08:52:08 +00:00
href f52a1d1ec5
media_proxy: use path only to retrieve filename 2018-11-13 23:41:33 +01:00
lain ea9a776d7b TwitterApi: Add direct message endpoint 2018-11-13 20:08:50 +01:00
lain 2cf40237ff MastodonAPI: Add pagination to private messages. 2018-11-13 19:46:34 +01:00
lambda a43195bdaa Merge branch 'media-proxy-safety' into 'develop'
media_proxy: CSP, content-disposition

See merge request pleroma/pleroma!448
2018-11-13 15:15:05 +00:00
href 9b553a1087
media_proxy: CSP, content-disposition
* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)
2018-11-13 15:58:02 +01:00
lambda 22d20c497b Merge branch 'security/cookie-hardening' into 'develop'
Add __Host- prefix when secure flag is enabled

See merge request pleroma/pleroma!446
2018-11-13 13:23:04 +00:00
lambda c3f562a611 Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'
Add MIX_ENV=prod to systemd example file

See merge request pleroma/pleroma!445
2018-11-13 12:24:29 +00:00