39 Commits (341b653578e1748f80991f6fa96584501befc0a1)

Author SHA1 Message Date
Claire 2fa8bd21e2 Add form-action CSP directive (#1948)
2 years ago
Claire 9862a6e572 Merge branch 'main' into glitch-soc/merge-upstream
2 years ago
Eugen Rochko c0b3ebd307 Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729)
2 years ago
prplecake a4f1043bb3 Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)
2 years ago
prplecake d870657f80 Add "unsafe-eval" to script-src CSP (#18817)
2 years ago
Claire 24c1b04f9c Merge branch 'main' into glitch-soc/merge-upstream
3 years ago
Yamagishi Kazutoshi 1d96010836 Fix LetterOpennerWeb CSP (#17770)
3 years ago
Claire f5a9971cac Merge branch 'main' into glitch-soc/merge-upstream
4 years ago
Eugen Rochko 1189a308c9 Fix autoloading deprecation warnings from Rails 6 (#16010)
4 years ago
Claire d10b08ea1f Merge branch 'main' into glitch-soc/merge-upstream
4 years ago
Claire b2a89bf38e Update Mastodon to Rails 6.1 (#15910)
4 years ago
Thibaut Girka c2347f6cf6 Merge branch 'master' into glitch-soc/merge-upstream
4 years ago
ThibG aa7142b9e2 Fix hashtag column options styling (#14247)
4 years ago
Thibaut Girka 4e4e5316c1 Merge branch 'master' into glitch-soc/merge-upstream
5 years ago
ThibG b20d0db1eb Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
5 years ago
ThibG fe7b81ac6b Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595)
5 years ago
Thibaut Girka 631dacf1d7 Merge branch 'master' into glitch-soc/merge-upstream
5 years ago
ThibG 246c4d4fbf Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
5 years ago
Thibaut Girka 5967127dae Add environment variable to specify extra data hosts
5 years ago
Thibaut Girka f82b1bb158 Fix connect-src policy for Tesseract
5 years ago
Thibaut Girka c060523dc2 Merge branch 'master' into glitch-soc/merge-upstream
5 years ago
ThibG 5a122f1450 Fix CSP needlessly allowing blob URLs in script-src (#11620)
5 years ago
Eugen Rochko b1f116335c Fix media host not being included in connect-src for OCR (#11577)
5 years ago
Eugen Rochko 41b188dce6 Add OCR tool to media editing modal (#11566)
5 years ago
Thibaut Girka 06bcab6e99 Fix CSP when PAPERCLIP_ROOT_URL is set to a different host
6 years ago
Thibaut Girka 5d24d50987 Fix CSP when dealing with S3 hosts
6 years ago
Rey Tucker 56890834ab Remove form_action from CSP
6 years ago
Thibaut Girka b7ef203fd6 Tighten CSP a bit
6 years ago
Thibaut Girka 46259a36d0 Merge branch 'master' into glitch-soc/merge-upstream
6 years ago
ThibG f8e9555e73 Add manifest_src to CSP, add blob to connect_src (#8967)
6 years ago
Eugen Rochko 0dbb3a8786 Fix CSP headers blocking media and development environment (#8962)
6 years ago
ThibG 51c53e709f Set Content-Security-Policy rules through RoR's config (#8957)
6 years ago
Rey Tucker 121747b190 Add manifest_src to CSP
6 years ago
Thibaut Girka 0a841048fa Fix CSP with S3/SWIFT hosts
6 years ago
Thibaut Girka 2f78bd1b42 Adjust CSP to fix image resizing
6 years ago
Thibaut Girka 36a96b33d9 Only apply CSP in production mode
6 years ago
Thibaut Girka 91c50b0d4b Tighten CSP while allowing CDN hosts
6 years ago
Thibaut Girka 563a09d81a Move CSP headers to the appropriate Rails configuration
6 years ago
Yamagishi Kazutoshi 9761b940ac Upgrade Rails to version 5.2.0 (#5898)
7 years ago