44 Commits (c94bedf4e6e5987864b42d63aa90920f80d3644e)

Author SHA1 Message Date
Matt Jankowski d562fb8459
Specs for minimal CSP policy in `Api::` controllers (#27845)
1 year ago
Emelia Smith e258b4cb64
Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252)
1 year ago
Claire 276c39361b
Fix anonymous visitors getting a session cookie on first visit (#24584)
2 years ago
Eugen Rochko 6084461cd0
Change unauthenticated responses to be cached in REST API (#24348)
2 years ago
Claire 58a1b2e330
Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604)
2 years ago
Eugen Rochko e98c86050a
Refactor `Cache-Control` and `Vary` definitions (#24347)
2 years ago
Claire 623d3d2e32
Change CSP directives on API to be tight and concise (#20960)
2 years ago
Daniel Axtens 4d85c27d1a
Add 'private' to Cache-Control, match Rails expectations (#20608)
2 years ago
Eugen Rochko b31afc6294
Fix error when passing unknown filter param in REST API (#20626)
2 years ago
Eugen Rochko 3a41fccc43
Change `AUTHORIZED_FETCH` to not block unauthenticated REST API access (#19803)
2 years ago
Eugen Rochko 3e18e05330
Fix uncaught error when invalid date is supplied to API (#19480)
2 years ago
Claire 2750a7a0e6
Fix REST API sometimes returning HTML on error (#19135)
2 years ago
Eugen Rochko 9f81b9f29a
Fix suspended users being able to access APIs that don't require a user (#18524)
3 years ago
Eugen Rochko 67d550830b
Fix locale not being set in REST API (#17847)
3 years ago
Eugen Rochko 50ea54b3ed
Change authorized applications page (#17656)
3 years ago
Claire d8629e7b86
Add logging of S3-related errors (#16381)
3 years ago
Eugen Rochko 1045549f85
Add stoplight for object storage failures, return HTTP 503 (#13043)
4 years ago
Eugen Rochko 8532429af7
Fix 2FA/sign-in token sessions being valid after password change (#14802)
4 years ago
Eugen Rochko ed099d8bdc
Change account suspensions to be reversible by default (#14726)
4 years ago
dependabot[bot] 8972e5f7f6
Bump rubocop from 0.86.0 to 0.88.0 (#14412)
4 years ago
ThibG ac8a788370
Fix functional user requirements in whitelist mode (#14093)
4 years ago
Eugen Rochko 339ce1c4e9
Add specific rate limits for posting and following (#13172)
5 years ago
Eugen Rochko f52c988e12
Add announcements (#12662)
5 years ago
Eugen Rochko 6d7daf6154
Fix generic HTTP 500 error on duplicate records (#12563)
5 years ago
Eugen Rochko 22ce4778eb
Fix uncaught parameter missing exceptions and missing error templates (#11702)
5 years ago
ThibG 646f96d448 Fix ActivityPub and REST API queries setting cookies and preventing caching (#11539)
5 years ago
Eugen Rochko 24552b5160
Add whitelist mode (#11291)
5 years ago
Eugen Rochko 964ae8eee5
Change unconfirmed user login behaviour (#11375)
5 years ago
ThibG 91634947f8 Explicitly disable storage of REST API results (#10655)
6 years ago
Eugen Rochko 51e154f5e8
Admission-based registrations mode (#10250)
6 years ago
Takeshi Umeda bf70e5cfda Add error message with invalid email confirmation (#9625)
6 years ago
Eugen Rochko 5d2fc6de32
Add REST API for creating an account (#9572)
6 years ago
Eugen Rochko f0fff3eb10
Support min_id-based pagination in REST API (#8736)
6 years ago
Eugen Rochko 2288d50a7b
Add force_login option to OAuth authorize page (#8655)
6 years ago
Eugen Rochko 2f34b747b3
Allow mods to disable login, improve message when login disabled (#8329)
6 years ago
Eugen Rochko 1f6ed4f86a
Add more granular OAuth scopes (#7929)
6 years ago
Eugen Rochko f62ee1ddb0
Disable API access when login is disabled (#7289)
7 years ago
Eugen Rochko fce8464077
Ensure that boolean params in the API are parsed for truthiness (#6575)
7 years ago
nightpool c235711ffe Refactor /api/web APIs to use the centralized axios instance (#6223)
7 years ago
abcang fcc0795a40 Remove unused function (#5950)
7 years ago
Yamagishi Kazutoshi 2edfdab6e6 Don't send Link header when don't know prev and next links (#4633)
7 years ago
abcang e120d09c98 Fix require_user! behavior when not logged in (#4604)
7 years ago
Eugen Rochko 1fcdaafa6f Fix webfinger retries (#4275)
7 years ago
Matt Jankowski 73540ffe6b Clean up for api/base controller (#3629)
8 years ago