akkoma/lib/pleroma
Oneric d5b0720596 Allow cross-domain redirects on AP requests
Since we now remember the final location redirects lead to
and use it for all further checks since
3e134b07fa, these redirects
can no longer be exploited to serve counterfeit objects.

This fixes:
 - display URLs from independent webapp clients
   redirecting to the canonical domain
 - Peertube display URLs for remote content
   (acting like the above)
2024-10-14 01:42:51 +02:00
..
activity Fix tests 2024-06-09 18:28:00 +01:00
akkoma Add MRFs for direct message manipulation 2023-05-22 23:53:44 +01:00
captcha Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
collections Bring our adjustments into line with atom-failure 2024-04-13 22:56:04 +01:00
config Remove proxy_remote vestiges 2024-06-16 01:21:52 +02:00
conversation Add API endpoint to remove a conversation 2021-02-15 21:48:13 +04:00
docs backend-i18n (#121) 2022-07-27 21:56:59 +00:00
ecto_type recipients fixes/hardening for CreateGenericValidator 2021-04-05 19:19:11 +02:00
emails Provide sane defaults for SMTP 2024-02-12 22:45:57 +01:00
emoji Proactively harden emoji pack against path traversal 2024-03-18 22:33:10 -01:00
helpers giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
http Add pool timeouts 2024-06-09 17:20:29 +01:00
instances Add timeline visibility options 2023-03-17 15:33:28 +00:00
mfa Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
migration_helper purge chat and shout endpoints 2022-07-21 11:29:28 +01:00
migrators Support elixir1.15 2023-08-03 17:44:09 +01:00
object Allow cross-domain redirects on AP requests 2024-10-14 01:42:51 +02:00
password Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
reverse_proxy giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
search Raise minimum PostgreSQL version to 12 2024-06-07 16:21:09 +02:00
tests Fix compile cycle in Pleroma.Tests.AuthTestController 2021-06-09 13:30:19 -05:00
upload Fix Exiftool stderr being read as an image description 2024-05-23 14:44:17 -04:00
uploaders Use finch everywhere (#33) 2022-07-04 16:30:38 +00:00
user Support elixir1.15 2023-08-03 17:44:09 +01:00
web Merge pull request 'Handle domain mutes on the backend' (#804) from domain-mute-backend-processing into develop 2024-08-20 10:32:47 +00:00
workers RichMedia refactor 2024-06-09 17:33:48 +01:00
activity.ex meilisearch: respect meili’s result ranking 2024-05-29 23:17:27 +00:00
announcement.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
announcement_read_relationship.ex Merge branch 'from/upstream-develop/tusooa/server-announcements' into 'develop' (#85) 2022-07-18 13:08:36 +00:00
application.ex fix oembed test 2024-06-09 21:17:12 +01:00
application_requirements.ex Rename StripLocation to StripMetadata for temporal-proofing reasons 2024-04-16 20:37:00 +02:00
bookmark.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
caching.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
captcha.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
clippy.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
config.ex Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework 2021-02-23 13:58:35 +03:00
config_db.ex Do not crash on invalid atom in configDB 2022-12-21 00:16:39 +00:00
constants.ex Don't try to handle non-media objects as media 2024-05-22 20:30:23 +02:00
conversation.ex Add API endpoint to remove a conversation 2021-02-15 21:48:13 +04:00
counter_cache.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
data_migration.ex [#3213] HashtagsTableMigrator state management refactoring & improvements (proper stats serialization etc.). 2021-02-16 23:14:15 +03:00
delivery.ex Merge remote-tracking branch 'remotes/origin/develop' into feature/object-hashtags-rework 2021-01-13 22:11:16 +03:00
ecto_enums.ex v2 Suggestions: dismiss a suggestion 2021-11-26 20:19:29 -06:00
emoji-test.txt emoji-test: update to latest 15.0 draft 2022-09-11 19:55:45 +01:00
emoji.ex Remove _misskey_reaction matching (#500) 2023-03-10 18:46:49 +00:00
filter.ex support for expires_in/expires_at in filters 2021-01-26 08:27:45 +03:00
following_relationship.ex paginate follow requests (#460) 2023-02-04 20:51:17 +00:00
formatter.ex Interpret \n as newline for MFM 2023-02-18 19:56:11 +01:00
frontend.ex Ensure Gun is Gone 2022-12-11 19:26:21 +00:00
hashtag.ex Remerge of hashtag following (#341) 2022-12-05 12:58:48 +00:00
healthcheck.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
html.ex Fix tests 2024-06-09 18:28:00 +01:00
http.ex Convert rich media backfill to oban task 2024-06-11 18:06:51 +01:00
instances.ex Add Signed Fetch Statistics (#312) 2022-11-26 19:22:56 +00:00
iso639.ex Add language support on /api/v1/statuses 2023-01-10 10:29:17 +00:00
job_queue_monitor.ex Use fully qualified function capture for telementry event 2024-02-12 01:59:18 +01:00
jwt.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
keys.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
list.ex ListController: Fix being unable to add / remove users. 2021-01-18 16:28:36 +01:00
logging.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
maintenance.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
maps.ex utils: Fix maybe_splice_recipient when "object" isn’t a map 2021-04-05 19:19:12 +02:00
marker.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
mfa.ex Pbkdf2: Use it everywhere. 2021-01-14 15:06:16 +01:00
moderation_log.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
notification.ex Require related object for notifications to filter on content 2023-06-14 19:41:48 +00:00
object.ex Remove Fetcher.fetch_object_from_id!/2 2024-04-12 20:26:28 +01:00
object_tombstone.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
otp_version.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
pagination.ex Add /api/v1/followed_tags 2022-12-31 18:09:34 +00:00
password.ex update references to pleroma in docs 2022-12-30 03:43:35 +00:00
password_reset_token.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
prometheus_exporter.ex Use a genserver to periodically fetch metrics 2023-01-01 18:32:14 +00:00
registration.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
release_tasks.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
repo.ex Remove instrumentors (#98) 2022-07-21 11:32:17 +00:00
report_note.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
reverse_proxy.ex Sanitise Content-Type of media proxy URLs 2024-03-18 22:33:10 -01:00
scheduled_activity.ex Restrict media usage to owners 2024-05-22 20:30:18 +02:00
search.ex Don't try removing deleted users and such from index as posts 2022-06-29 20:49:45 +01:00
signature.ex duct-tape fix for #438 2024-05-11 05:30:18 +01:00
stats.ex update stats every 5 minutes 2022-12-16 17:22:56 +00:00
thread_mute.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
upload.ex Drop activity_type override for uploads 2024-05-22 20:30:23 +02:00
user.ex readd comment about domain mutes 2024-08-20 11:05:36 +01:00
user_invite_token.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_note.ex Make UserNote comment default to the empty string. 2023-04-27 05:22:12 +00:00
user_relationship.ex fix flaky test_user_relationship_test.exs:81 2022-10-23 13:31:01 +02:00
utils.ex extend custom runtime system (#108) 2022-07-24 16:42:43 +00:00
web.ex Migrate to phoenix 1.7 (#626) 2023-08-15 10:22:18 +00:00
xml_builder.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00