Commit graph

121 commits

Author SHA1 Message Date
Matt Jankowski
5cdc196e44 Rails 7.0 update (#25668) 2023-07-13 09:36:07 +02:00
Nick Schonning
96a8aa32ad Enable Rubocop Style/FrozenStringLiteralComment (#23793) 2023-07-12 09:47:08 +02:00
Eugen Rochko
edb6aab974 Revert "Rails 7 update" (#25667) 2023-07-02 11:14:22 +02:00
Matt Jankowski
5cadbaa296 Rails 7 update (#24241) 2023-07-02 10:38:53 +02:00
Nick Schonning
dfbb3a61c9 Enable Rubocop Rails/FilePath (#23854) 2023-05-04 05:50:40 +02:00
mogaminsk
8b7b9ca887 Change i18n-fallbacks to English (#24727) 2023-04-30 02:22:20 +02:00
Eugen Rochko
336cf95418 Remove Permissions-Policy header from all responses (#24124) 2023-03-20 20:02:09 +01:00
Jean byroot Boussier
dfc075c9d4 Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 (#24142)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-17 14:37:30 +01:00
Eugen Rochko
f0734513f4 Refactor monkey-patching of PrivateAddressCheck (#24122) 2023-03-16 04:33:38 +01:00
Eugen Rochko
8819143d8b Add cache headers to static files served through Rails (#24120) 2023-03-16 02:55:54 +01:00
Eugen Rochko
5c07fc3260 Add SENDFILE_HEADER environment variable (#24123) 2023-03-16 02:55:13 +01:00
Eugen Rochko
4ea5355857 Remove bullet and active_record_query_trace gems (#24121) 2023-03-16 02:53:55 +01:00
Jean byroot Boussier
08c2938b4a Upgrade to latest redis-rb 4.x and fix deprecations (#23616)
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
2023-03-04 16:38:28 +01:00
Claire
30c34fe90f Change unintended SMTP read timeout from 5 seconds to 20 seconds (#23750) 2023-03-03 20:37:22 +01:00
Claire
7793096d58 Fix CSRF protection (#23037)
Fix regression from #23014
2023-01-10 14:33:40 +01:00
Claire
99ecd6a106 Change referrer-policy to no-referrer application-wide (#23014) 2023-01-10 05:18:43 +01:00
Rose
b54c639482 Fix style for hashes (#20518)
* Fix style for hashes

Make the style for hashes consistent.

* New style

More consistency
2022-11-17 11:05:39 +01:00
Yamagishi Kazutoshi
51e199a7c0 Fix ENV (#20377) 2022-11-11 01:33:32 +01:00
F
24af2c05bc Make enable_starttls configurable by envvars (#20321)
ENABLE_STARTTLS is designed to replace ENABLE_STARTTLS_AUTO by accepting
three values: 'auto' (the default), 'always', and 'never'. If
ENABLE_STARTTLS isn't provided, we fall back to ENABLE_STARTTLS_AUTO. In
this way, this change should be fully backwards compatible.

Resolves #20311
2022-11-10 21:06:21 +01:00
Arya K
b2f2d2bfe3 Fix I2P HTTPS redirect (#18929) 2022-08-25 04:37:09 +02:00
Yamagishi Kazutoshi
0938eb7c9d Fix parsing TRUSTED_PROXY_IP (#18051) 2022-04-19 08:11:58 +01:00
Eugen Rochko
62906f15ad Fix unset SMTP_RETURN_PATH environment variable causing e-mail not to send (#17982) 2022-04-07 13:32:12 +02:00
Eugen Rochko
07b9062015 Add SMTP_RETURN_PATH environment variable to set bounce domain (#17886) 2022-03-28 09:39:31 +02:00
Claire
33ea1c9008 Fix Sidekiq warnings about JSON serialization (#17381)
* Fix Sidekiq warnings about JSON serialization

This occurs on every symbol argument we pass, and every symbol key in hashes,
because Sidekiq expects strings instead.

See https://github.com/mperham/sidekiq/pull/5071

We do not need to change how workers parse their arguments because this has
not changed and we were already converting to symbols adequately or using
`with_indifferent_access`.

* Set Sidekiq to raise on unsafe arguments in test mode

In order to more easily catch issues that would produce warnings in production
code.
2022-01-28 00:43:56 +01:00
Wonderfall
85389ddd45 disable legacy XSS filtering (#17289)
Browsers are phasing out X-XSS-Protection, but Safari and IE still support it.
2022-01-24 13:14:26 +01:00
tkr
55fe75c5be Fix SMTP_ENABLE_STARTTLS_AUTO/SMTP_TLS/SMTP_SSL environment variables don't work (#17216)
#17215
2022-01-13 12:05:22 +01:00
Eugen Rochko
9a8784829f Fix warnings on Rails boot (#16946) 2021-12-27 00:47:20 +01:00
Sandro
bdc6438ed8 Default to system ca-certificates.crt if none is specified (#10857)
Co-Authored-By: Yamagishi Kazutoshi <ykzts@desire.sh>

Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
2021-10-14 21:05:50 +02:00
Claire
21ebf536e4 Add Message-ID header to outgoing emails (#16076)
* Add Message-ID header to outgoing emails

* Use email domain name from SMTP_FROM_ADDRESS, fallback on WEB_DOMAIN on failure

* Use notifications@localhost as fallback for SMTP_FROM_ADDRESS, do not catch parse errors
2021-04-19 18:41:29 +02:00
Claire
8bb856c1ef Add HTTP header to explicitly opt out of FLoC by default (#16036)
Fixes #16034
2021-04-13 23:43:41 +02:00
Claire
b2a89bf38e Update Mastodon to Rails 6.1 (#15910)
* Update devise-two-factor to unreleased fork for Rails 6 support

Update tests to match new `rotp` version.

* Update nsa gem to unreleased fork for Rails 6 support

* Update rails to 6.1.3 and rails-i18n to 6.0

* Update to unreleased fork of pluck_each for Ruby 6 support

* Run "rails app:update"

* Add missing ActiveStorage config file

* Use config.ssl_options instead of removed ApplicationController#force_ssl

Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.

* Fix nonce directives by removing Rails 5 specific monkey-patching

* Fix fixture_file_upload deprecation warning

* Fix yield-based test failing with Rails 6

* Use Rails 6's index_with when possible

* Use ActiveRecord::Cache::Store#delete_multi from Rails 6

This will yield better performances when deleting an account

* Disable Rails 6.1's automatic preload link headers

Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.

In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.

* Switch to Rails 6.0 default config

* Switch to Rails 6.1 default config

* Do not include autoload paths in the load path
2021-03-24 10:44:31 +01:00
Claire
1634e71bd6 Prepare Mastodon for Rails 6 (#15911)
* Fix misuse of foreign_type

* Fix use of removed "add_template_helper"

* Use response.media_type instead of response.content_type in tests

* Fix CSV export controller test on Rails 6

Rails 6 sets a "filename*" field in the Content-Disposition header to
explicitly encode the filename as UTF-8.

This changes checks the first part of the Content-Disposition header so
it matches in both Rails 5 and Rails 6.

* Fix emoji formatting with Rails 6

* Make emoji output more idiomatic and robust

* Switch from redis-rails gem to built-in Rails redis cache storage
2021-03-17 10:09:55 +01:00
Tdxdxoz
848622f347 add ssl option in smtp setting (#14309) 2020-07-15 14:43:49 +02:00
Hugo Gameiro
3cd3cb6a41 Add SMTP reply_to option (#11718)
* Add SMTP_REPLY_TO in .env.production.sample

* Set reply_to in SMTP options
2019-09-02 18:12:40 +02:00
Eugen Rochko
dc20e1af71 Add HTTP signature keyId to request log (#11591) 2019-08-18 18:03:56 +02:00
Eugen Rochko
3ede0e8b95 Fix missing protocol in dns-prefetch, improve code style (#8963)
Regression from #8942
2018-10-12 02:19:10 +02:00
Eugen Rochko
c9b5168ebd Add conversations API (#8832)
* Add conversations API

* Add web UI for conversations

* Add test for conversations API

* Add tests for ConversationAccount

* Improve web UI

* Rename ConversationAccount to AccountConversation

* Remove conversations on block and mute

* Change last_status_id to be a denormalization of status_ids

* Add optimistic locking
2018-10-07 23:44:58 +02:00
aus-social
c883b1ffc9 lint pass 2 (#8878)
* Code quality pass

* Typofix

* Update applications_controller_spec.rb

* Update applications_controller_spec.rb
2018-10-04 17:38:04 +02:00
luzpaz
1bce70d3c7 Misc. typos (#8694)
Found via `codespell -q 3 --skip="./app/javascript/mastodon/locales,./config/locales"`
2018-09-14 00:53:09 +02:00
Eugen Rochko
0370c0f4d6 Add support for separate Redis for cache (#7272)
* Add support for separate Redis for cache

CACHE_REDIS_URL to allow using a different Redis server for cache
purposes, with cache-specific configuration such as key eviction

* Fix code style issues
2018-04-27 01:37:59 +02:00
Yamagishi Kazutoshi
9761b940ac Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
Alexander
8a9da4c414 update gem, test pam authentication (#7028)
* update gem, test pam authentication

* add description for test parameters

* fix inclusion of optional group
2018-04-11 21:40:38 +02:00
Akihiko Odaki
a4d7afa3d9 Fix i18n fallback configuration conflicts with environment configurations (#6843) 2018-03-20 16:36:20 +01:00
Akihiko Odaki
649565e005 Provide default OTP_SECRET value for development environment (#6617) 2018-03-04 20:28:24 +01:00
Akihiko Odaki
008bc9f47d Set the default locale in config (#6580)
Previously the default locale was set by Localized concern for controllers,
but it was not enforced for mailers.

config is enforced throughout the application and an appropriate place to
set the default locale.
2018-03-04 09:21:35 +01:00
beatrix
caa0e2e2f8 remove Uglifier call from production.rb (#6568) 2018-02-27 05:48:11 +01:00
Akihiko Odaki
a5a434a8f6 Raise Mastodon::HostValidationError when host for HTTP request is private (#6410) 2018-02-24 19:16:11 +01:00
Akihiko Odaki
ca6c8b92d9 Isolate each specs for cache store (#6450)
The cache store is explicitly used by some specs, but they were not
isolated and therefore not reliable. This fixes the issue by clearing
the cache after each specs.
2018-02-17 22:35:05 +01:00
Eugen Rochko
6033b8eac1 Replace self-rolled statsd instrumention with localshred/nsa (#5118) 2017-09-29 03:16:44 +02:00
Yamagishi Kazutoshi
4c0a563c0c Set fallback address when empty notification address (#4868) 2017-09-09 21:31:48 +02:00