* Rate limit based on remote address IP, not on potential reverse proxy
* Limit rate of unauthenticated API requests further
* Rate-limit paging requests to one every 3 seconds
* Fix poll visibility on public pages
* Revert "Fix poll visibility on public pages"
This reverts commit 54a9608add6f855bc6337fe3c65eaee7ba13db49.
* Revert "Change poll options to alphabetic letters when status text is hidden"
This reverts commit c53d67326201b2061990b1874a3547c3647f50d2.
Conflicts:
- app/controllers/settings/preferences_controller.rb
- app/lib/user_settings_decorator.rb
- app/models/user.rb
Conflicts due to the addition of a new preference upstream,
“advanced layout”.
* Fix null error in status component when determining showMedia state
Also update the showMedia value if the status passed to the
component changes
* Refactor media visibility computation into a defaultMediaVisibility function
* Fix default media visibility with reblogs
* Improvements to the single column layout
- Add follows and followers link to the right panel
- Increase margins around separators in right panel
- Add follow requests link with counter when account is locked to right panel
* Redirect from getting started to home when navigation panel is visible
* Add responsive panels to the single-column layout
* Fixes
* Fix not being able to save the preference
* Fix code style issues
* Set max-height on the compose textarea and add a link to relationship manager
Conflicts:
- app/models/account.rb
- app/views/settings/profiles/show.html.haml
- spec/controllers/api/v1/accounts/credentials_controller_spec.rb
Conflicts were due to an increase in account bio length upstream, which
is already covered in glitch-soc through `MAX_BIO_CHARS`.
* Move signature verification stoplight to the requests themselves
This avoids blocking messages from known keys for 5 minutes when only one fails…
* Put the stoplight on the actual client IP, not a potential reverse proxy
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.
Also added HTTP 408 as that error is by nature temporary.