akkoma/test/pleroma/web
rinpatch 6ca709816f Fix object spoofing vulnerability in attachments
Validate the content-type of the response when fetching an object,
according to https://www.w3.org/TR/activitypub/#x3-2-retrieving-objects.

content-type headers had to be added to many mocks in order to support
this, some of this was done with a regex. While I did go over the
resulting files to check I didn't modify anything unrelated, there is a
 possibility I missed something.

Closes pleroma#1948
2020-11-12 15:25:33 +03:00
..
activity_pub Fix object spoofing vulnerability in attachments 2020-11-12 15:25:33 +03:00
admin_api Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into alexgleason/pleroma-restrict-domain 2020-11-04 15:05:01 +01:00
api_spec
auth
common_api
endpoint phoenix_controller_render_duration is no longer available in telemetry of Phoenix 1.5+ 2020-10-27 14:37:48 -05:00
fed_sockets Fix warnings 2020-10-15 16:54:59 +04:00
feed escaping summary and other fields in xml templates 2020-11-10 10:46:57 +03:00
mastodon_api Render blurhashes in Mastodon API 2020-11-11 12:51:13 -06:00
media_proxy
metadata Merge branch 'develop' into refactor/discoverable_user_field 2020-10-13 09:54:11 -05:00
o_auth Fix warnings 2020-10-15 16:54:59 +04:00
o_status Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances 2020-10-17 13:12:39 +03:00
pleroma_api Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into features/federation-status 2020-11-04 15:38:10 +01:00
plugs Remove unused aliases 2020-10-30 18:42:43 +04:00
preload/providers update files consistency after rebase 2020-10-13 16:44:00 +03:00
push JPEG content_type must be image/jpeg 2020-10-13 10:37:24 -05:00
rich_media changes after rebase 2020-10-13 17:10:34 +03:00
static_fe Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances 2020-10-17 13:12:39 +03:00
twitter_api Remove unused aliases 2020-10-30 18:42:43 +04:00
views
web_finger
chat_channel_test.exs
common_api_test.exs Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into feature/expire-mutes 2020-11-04 16:51:42 +01:00
fallback_test.exs RedirectController: Don't replace title, but inject into the meta 2020-11-11 17:10:59 +01:00
federator_test.exs
media_proxy_test.exs
metadata_test.exs Merge branch 'develop' into refactor/discoverable_user_field 2020-10-13 09:54:11 -05:00
mongoose_im_controller_test.exs
node_info_test.exs
rel_me_test.exs
streamer_test.exs Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into alexgleason/pleroma-restrict-domain 2020-11-04 15:05:01 +01:00
uploader_controller_test.exs
web_finger_test.exs