Commit graph

2550 commits

Author SHA1 Message Date
Claire 9740c7eaea Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483) 2024-05-30 15:14:03 +02:00
Claire 8ab0ca7d64
Merge pull request from GHSA-c2r5-cfqr-c553
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations

* Remove rack-attack safelist
2024-05-30 14:24:29 +02:00
Claire 7920aa59e8
Merge pull request from GHSA-q3rg-xx5v-4mxh 2024-05-30 14:14:04 +02:00
Emelia Smith 186f916192 Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2024-05-29 16:39:26 +02:00
Tim Rogers e69780ec59 Fixed crash when supplying FFMPEG_BINARY environment variable (#30022) 2024-05-17 12:30:00 +02:00
Claire 328a9b8157
Change registrations to be disabled by default for new servers (#29353) 2024-02-22 18:15:59 +01:00
Claire 28b666b0d5
Automatically switch from open to approved registrations in absence of moderators (#29337) 2024-02-22 14:39:42 +01:00
Claire 870ee80fd3 Fix user creation failure handling in OAuth paths (#29207) 2024-02-14 22:55:31 +01:00
Claire 1a33d348d0 Add sidekiq_unique_jobs:delete_all_locks task and disable sidekiq-unique-jobs UI by default (#29199) 2024-02-14 13:17:45 +01:00
Emelia Smith 6d43b63275 Disable administrative doorkeeper routes (#29187) 2024-02-14 11:03:21 +01:00
Claire 6fe2a47357 Add rate-limit of TOTP authentication attempts at controller level (#28801) 2024-01-24 15:31:13 +01:00
Claire bece853e3c Fix error and incorrect URLs in /api/v1/accounts/:id/featured_tags for remote accounts (#27459) 2023-12-04 15:28:15 +01:00
Claire ef149674f0 Change Content-Security-Policy to be tighter on media paths (#26889) 2023-12-04 15:28:15 +01:00
Claire eea2654236
Fix format-dependent redirects being cached regardless of requested format (#27634) 2023-11-13 17:58:00 +01:00
github-actions[bot] 4262cfbe41 New Crowdin Translations (automated) (#27347)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 5a33b81479 New Crowdin Translations (automated) (#27321)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 2e2936eb64 New Crowdin Translations (automated) (#27304)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 88fc73dbbc New Crowdin Translations (automated) (#27277)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] aba0c5abd9 New Crowdin Translations (automated) (#27270)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 7c6f41039d New Crowdin Translations (automated) (#27260)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 7b86708980 New Crowdin Translations (automated) (#27220)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 2cd969cca7 New Crowdin Translations (automated) (#27202)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 4e5791bba1 New Crowdin Translations (automated) (#27168)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] aed930b629 New Crowdin Translations (automated) (#27144)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 9cb7fa57f6 New Crowdin Translations (automated) (#27080)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
github-actions[bot] 40702a81fa New Crowdin Translations (automated) (#27052)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-10-10 13:52:41 +02:00
Claire 8acc75435b
Change S3 checksum mode to be disabled by default (#27007) 2023-09-21 14:00:51 +02:00
github-actions[bot] effe4728cf
New Crowdin Translations (automated) (#27005)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-21 11:06:04 +02:00
github-actions[bot] 61fe25fe74
New Crowdin Translations (automated) (#26988)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-20 13:05:56 +02:00
github-actions[bot] 73ecc4de6e
New Crowdin Translations (automated) (#26978)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-19 16:26:51 +02:00
github-actions[bot] 67eaaa4b90
New Crowdin Translations (automated) (#26966)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-19 10:41:48 +02:00
github-actions[bot] 1b4902fabf
New Crowdin Translations (automated) (#26913)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-18 13:46:07 +02:00
Claire a04ae16201
Fix CSP when using ONE_CLICK_SSO_LOGIN (#26901) 2023-09-13 19:54:04 +02:00
github-actions[bot] 921c6fe654
New Crowdin Translations (automated) (#26498)
Co-authored-by: GitHub Actions <noreply@github.com>
2023-09-13 15:10:41 +02:00
Robert R George 20666482ef
Added admin api for managing tags (#26872) 2023-09-13 11:22:53 +02:00
CSDUMMI 9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857) 2023-09-12 13:04:51 +02:00
Renaud Chaput e9b528eaee
Use NodeJS v20 by default (#26830) 2023-09-08 13:45:34 +02:00
Claire 475783d567
Add timezone to datetimes in e-mails (#26822) 2023-09-06 17:25:39 +02:00
Claire cab4cbfa5c
Fix “Scoped order is ignored, it's forced to be batch order.” warnings (#26793) 2023-09-05 15:37:23 +02:00
Christian Schmidt ea31929776
Fix invalid Content-Type header for WebP images (#26773) 2023-09-04 09:46:33 +02:00
Claire 16681e0f20
Add admin notifications for new Mastodon versions (#26582) 2023-09-01 17:47:07 +02:00
Claire 9e26cd5503
Add authorized_fetch server setting in addition to env var (#25798) 2023-09-01 15:41:10 +02:00
Christian Schmidt 075cc8e8a6
Improve Codespaces port forwarding (#26400) 2023-08-29 10:20:36 +02:00
Christian Schmidt 286a21afdc
Support webpacker live-reloading on Docker (#26419) 2023-08-29 10:17:57 +02:00
Lukas Martini a7d96e6aff
Improve error messages when DeepL quota is exceeded (#26704) 2023-08-29 09:14:44 +02:00
jsgoldstein 30c191aaa0
Add new public status index (#26344)
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2023-08-24 16:40:04 +02:00
Claire 163b004bb1
Change admin e-mail notification settins to be their own settings group (#26596) 2023-08-24 14:43:00 +02:00
Renaud Chaput bb2db2aec0
Add circular-dependency-plugin to detect any circular deps issues (#26600) 2023-08-22 13:24:16 +02:00
Claire ac0eb0533e
Add Elasticsearch cluster health check and indexes mismatch check to dashboard (#26448) 2023-08-21 16:50:22 +02:00
Claire 191d302b7f
Refactor Api::V1::ProfilesController into two separate controllers (#26573) 2023-08-21 15:47:09 +02:00