28 Commits (1ffd5a98a994c1798e0e2a16d93c60bb662ab36e)

Author SHA1 Message Date
Nick Schonning 85db392464
Autofix Rubocop cops for config/ (#24145)
1 year ago
Claire a04ae16201
Fix CSP when using `ONE_CLICK_SSO_LOGIN` (#26901)
1 year ago
CSDUMMI 9a70cac9de
Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)
1 year ago
Christian Schmidt 286a21afdc
Support webpacker live-reloading on Docker (#26419)
1 year ago
Claire e5f1000ad1
Fix CSP headers being unintendedly wide (#26105)
1 year ago
Misty De Méo b848ba3867
Paperclip: add support for Azure blob storage (#23607)
1 year ago
Nick Schonning 1d557305d2
Enable Rubocop Style/FrozenStringLiteralComment (#23793)
1 year ago
Claire e428670e61
Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)
1 year ago
Matt Jankowski 5a2aa06a51
Fix Rails/Present cop (#24688)
2 years ago
Nick Schonning 500d6f93be
Autofix Rubocop Style/IdenticalConditionalBranches (#24322)
2 years ago
Claire 7955d4b959
Add form-action CSP directive (#20781)
2 years ago
Eugen Rochko 43b0b2f3f4
Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729)
2 years ago
prplecake b46b7c3d5e
Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)
2 years ago
prplecake aafbc82d88
Add "unsafe-eval" to script-src CSP (#18817)
2 years ago
Yamagishi Kazutoshi eb9a7e3626
Fix LetterOpennerWeb CSP (#17770)
3 years ago
Eugen Rochko 3f2533ca8e
Fix autoloading deprecation warnings from Rails 6 (#16010)
4 years ago
Claire cbd0ee1d07
Update Mastodon to Rails 6.1 (#15910)
4 years ago
ThibG a783bdf4ad
Fix hashtag column options styling (#14247)
4 years ago
ThibG e1629a7758
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
5 years ago
ThibG dea5db0e25
Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595)
5 years ago
ThibG 7ddbbdea6d
Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
5 years ago
ThibG 8203e24cf4 Fix CSP needlessly allowing blob URLs in script-src (#11620)
5 years ago
Eugen Rochko b7f5f0ec10
Fix media host not being included in connect-src for OCR (#11577)
5 years ago
Eugen Rochko 28636f43e4
Add OCR tool to media editing modal (#11566)
5 years ago
ThibG 8ab081ec32 Add manifest_src to CSP, add blob to connect_src (#8967)
6 years ago
Eugen Rochko edc7f895be
Fix CSP headers blocking media and development environment (#8962)
6 years ago
ThibG 2d27c11061 Set Content-Security-Policy rules through RoR's config (#8957)
6 years ago
Yamagishi Kazutoshi 50529cbceb Upgrade Rails to version 5.2.0 (#5898)
7 years ago