21 Commits (5d75bf984624507824475441d7055aaa54e59e47)

Author SHA1 Message Date
Claire f2dbbcdec5 Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273)
1 year ago
Matt Jankowski 78f29479ab Fix Rails/Present cop (#24688)
2 years ago
Nick Schonning 2a0d2453b0 Autofix Rubocop Style/IdenticalConditionalBranches (#24322)
2 years ago
Claire d5fad31a45 Add form-action CSP directive (#20781)
2 years ago
Eugen Rochko c0b3ebd307 Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729)
2 years ago
prplecake a4f1043bb3 Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)
2 years ago
prplecake d870657f80 Add "unsafe-eval" to script-src CSP (#18817)
2 years ago
Yamagishi Kazutoshi 1d96010836 Fix LetterOpennerWeb CSP (#17770)
3 years ago
Eugen Rochko 1189a308c9 Fix autoloading deprecation warnings from Rails 6 (#16010)
4 years ago
Claire b2a89bf38e Update Mastodon to Rails 6.1 (#15910)
4 years ago
ThibG aa7142b9e2 Fix hashtag column options styling (#14247)
4 years ago
ThibG b20d0db1eb Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
5 years ago
ThibG fe7b81ac6b Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595)
5 years ago
ThibG 246c4d4fbf Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)
5 years ago
ThibG 5a122f1450 Fix CSP needlessly allowing blob URLs in script-src (#11620)
5 years ago
Eugen Rochko b1f116335c Fix media host not being included in connect-src for OCR (#11577)
5 years ago
Eugen Rochko 41b188dce6 Add OCR tool to media editing modal (#11566)
5 years ago
ThibG f8e9555e73 Add manifest_src to CSP, add blob to connect_src (#8967)
6 years ago
Eugen Rochko 0dbb3a8786 Fix CSP headers blocking media and development environment (#8962)
6 years ago
ThibG 51c53e709f Set Content-Security-Policy rules through RoR's config (#8957)
6 years ago
Yamagishi Kazutoshi 9761b940ac Upgrade Rails to version 5.2.0 (#5898)
7 years ago