aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/plugs
AgeCommit message (Collapse)Author
2020-07-31Static FEfrontends/staticRoman Chvanikov
2020-07-31Add missing copyrightsfrontends/logic-flowRoman Chvanikov
2020-07-30Migrate Redirect controllerRoman Chvanikov
2020-07-30Add frontends plug and controller flowRoman Chvanikov
2020-07-28FrontendStatic: Add plug to serve frontends based on configuration.lain
2020-07-28InstanceStatic: Refactor.lain
2020-07-14Merge branch 'feature/1922-media-proxy-whitelist' into 'develop'feld
Support for hosts with scheme in MediaProxy whitelist setting Closes #1922 See merge request pleroma/pleroma!2754
2020-07-14[#1940] Applied rate limit for requests with bad `admin_token`. Added doc ↵Ivan Tashkinov
warnings on `admin_token` setting.
2020-07-19[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored ↵Ivan Tashkinov
UserIsAdminPlug (freed from checking admin scopes presence).
2020-07-12MediaProxy whitelist setting now supports hosts with schemeAlexander Strizhakov
added deprecation warning about using bare domains
2020-07-09Use the Pleroma.Config aliasMark Felder
2020-07-09Merge branch 'develop' into fix/csp-for-captchaMark Felder
2020-07-06IO list, not concatenationMark Felder
2020-07-06Simplify the logicMark Felder
2020-07-06StaticFE Plug: Use phoenix helper to get the requested format.lain
2020-07-05Ensure all CSP parameters for remote hosts have a schemeMark Felder
2020-07-03Rename function and clarify that CSP is only strict with MediaProxy enabledMark Felder
2020-07-03Add Captcha endpoint to CSP headers when MediaProxy is enabled.Mark Felder
Our CSP rules are lax when MediaProxy enabled, but lenient otherwise. This fixes broken captcha on instances not using MediaProxy.
2020-06-26StaticFE: Prioritize json in requests.lain
2020-06-17Change references from "deleted_urls" to "banned_urls" as nothing is handled ↵Mark Felder
via media deletions anymore; all actions are manual operations by an admin to ban the url
2020-06-14fix invalidates media url'sMaksim Pechnikov
2020-06-11Check for media proxy base_url, not Upload base_urlMark Felder
2020-06-10HTTP security plug: add media proxy base url host to csprinpatch
2020-05-29Merge branch 'bugfix/csp-unproxied' into 'develop'rinpatch
http_security_plug.ex: Fix non-proxied media See merge request pleroma/pleroma!2610
2020-05-29Apply suggestion to lib/pleroma/plugs/http_security_plug.exrinpatch
2020-05-29Add blob: to connect-src CSPAlex Gleason
2020-05-29http_security_plug.ex: Fix non-proxied mediaHaelwenn (lanodan) Monnier
2020-05-29HTTP Security plug: make starting csp string generation more readablerinpatch
2020-05-27HTTP security plug: Harden img-src and media-src when MediaProxy is enabledrinpatch
2020-05-27HTTP Security plug: rewrite &csp_string/0rinpatch
- Directives are now separated with ";" instead of " ;", according to https://www.w3.org/TR/CSP2/#policy-parsing the space is optional - Use an IO list, which at the end gets converted to a binary as opposed to ++ing a bunch of arrays with binaries together and joining them to a string. I doubt it gives any significant real world advantage, but the code is cleaner and now I can sleep at night. - The static part of csp is pre-joined to a single binary at compile time. Same reasoning as the last point.
2020-05-17AuthenticationPlug: Also update crypt passwords.lain
2020-05-17Authentication Plug: Update bcrypt password on login.lain
2020-05-14Pbkdf2.verify_pass --> AuthenticationPlug.checkpwAlex Gleason
2020-05-13Handle bcrypt passwords for Mastodon migrationAlex Gleason
2020-05-12Upgrade Comeonin to v5Alex Gleason
https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-07Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> ↵Maksim
Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController
2020-05-06Merge branch 'plug-if-unless-func-options-refactoring' into 'develop'lain
Refactoring of :if_func / :unless_func plug options See merge request pleroma/pleroma!2446
2020-05-02static-fe.css: Restore and move to /priv/static/static-feHaelwenn (lanodan) Monnier
2020-05-01MappedSignatureToIdentityPlug: Fix.lain
2020-04-30Refactoring of :if_func / :unless_func plug options (general availability). ↵Ivan Tashkinov
Added tests for Pleroma.Web.Plug.
2020-04-28Merge remote-tracking branch 'remotes/origin/develop' into ↵Ivan Tashkinov
automatic-authentication-and-instance-publicity-checks # Conflicts: # lib/pleroma/web/mastodon_api/controllers/account_controller.ex
2020-04-26Let blob: pass CSPAlex Gleason
2020-04-22Fixed OAuth restrictions for :api routes. Made auth info dropped for :api ↵Ivan Tashkinov
routes if OAuth check was neither performed nor explicitly skipped.
2020-04-21Automatic checks of authentication / instance publicity. Definition of ↵Ivan Tashkinov
missing OAuth scopes in AdminAPIController. Refactoring.
2020-04-17[#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks ↵Ivan Tashkinov
when password is provided. Refactored plugs skipping functionality.
2020-04-15[#2349] Made :skip_plug/2 prevent plug from being executed even if ↵Ivan Tashkinov
explicitly called. Refactoring. Tests.
2020-04-15Merge remote-tracking branch 'remotes/origin/develop' into ↵Ivan Tashkinov
authenticated-api-oauth-check-enforcement
2020-04-15Merge branch 'fix/1659-rate-limiter' into 'develop'Haelwenn
remote_ip plug adds remote_ip_found flag Closes #1659 See merge request pleroma/pleroma!2390
2020-04-15remote_ip plug adds remote_ip_found flagAlexander Strizhakov
2020-04-15Uploads: Sandbox them in the CSP.lain