aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/plugs
AgeCommit message (Collapse)Author
2020-09-19[#2074] OAuth scope checking in Streaming API.Ivan Tashkinov
2020-08-25Merge branch 'stable' of git.pleroma.social:pleroma/pleroma into pleroma-2.1-rc0lain
2020-07-29FrontendStatic: Work correctly for other frontend types.lain
2020-07-28FrontendStatic: Add plug to serve frontends based on configuration.lain
2020-07-28InstanceStatic: Refactor.lain
2020-07-14Merge branch 'feature/1922-media-proxy-whitelist' into 'develop'feld
Support for hosts with scheme in MediaProxy whitelist setting Closes #1922 See merge request pleroma/pleroma!2754
2020-07-14[#1940] Applied rate limit for requests with bad `admin_token`. Added doc ↵Ivan Tashkinov
warnings on `admin_token` setting.
2020-07-19[#1940] Reinstated OAuth-less `admin_token` authentication. Refactored ↵Ivan Tashkinov
UserIsAdminPlug (freed from checking admin scopes presence).
2020-07-12MediaProxy whitelist setting now supports hosts with schemeAlexander Strizhakov
added deprecation warning about using bare domains
2020-07-09Use the Pleroma.Config aliasMark Felder
2020-07-09Merge branch 'develop' into fix/csp-for-captchaMark Felder
2020-07-06IO list, not concatenationMark Felder
2020-07-06Simplify the logicMark Felder
2020-07-06StaticFE Plug: Use phoenix helper to get the requested format.lain
2020-07-05Ensure all CSP parameters for remote hosts have a schemeMark Felder
2020-07-03Rename function and clarify that CSP is only strict with MediaProxy enabledMark Felder
2020-07-03Add Captcha endpoint to CSP headers when MediaProxy is enabled.Mark Felder
Our CSP rules are lax when MediaProxy enabled, but lenient otherwise. This fixes broken captcha on instances not using MediaProxy.
2020-06-26StaticFE: Prioritize json in requests.lain
2020-06-17Change references from "deleted_urls" to "banned_urls" as nothing is handled ↵Mark Felder
via media deletions anymore; all actions are manual operations by an admin to ban the url
2020-06-14fix invalidates media url'sMaksim Pechnikov
2020-06-12Merge branch 'fix/csp-mediaproxy-base-url' into 'develop'feld
HTTP security plug: add media proxy base url host to csp See merge request pleroma/pleroma!2638
2020-06-12Merge branch 'bugfix/csp-unproxied' into 'develop'rinpatch
http_security_plug.ex: Fix non-proxied media See merge request pleroma/pleroma!2610
2020-06-12static-fe.css: Restore and move to /priv/static/static-feHaelwenn (lanodan) Monnier
2020-06-11Check for media proxy base_url, not Upload base_urlMark Felder
2020-06-10HTTP security plug: add media proxy base url host to csprinpatch
2020-06-08Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'rinpatch
Fix profile emojis bypassing mediaproxy and harden CSP Closes #1810 See merge request pleroma/pleroma!2596
2020-05-29Merge branch 'bugfix/csp-unproxied' into 'develop'rinpatch
http_security_plug.ex: Fix non-proxied media See merge request pleroma/pleroma!2610
2020-05-29Apply suggestion to lib/pleroma/plugs/http_security_plug.exrinpatch
2020-05-29Add blob: to connect-src CSPAlex Gleason
2020-05-29http_security_plug.ex: Fix non-proxied mediaHaelwenn (lanodan) Monnier
2020-05-29HTTP Security plug: make starting csp string generation more readablerinpatch
2020-05-27HTTP security plug: Harden img-src and media-src when MediaProxy is enabledrinpatch
2020-05-27HTTP Security plug: rewrite &csp_string/0rinpatch
- Directives are now separated with ";" instead of " ;", according to https://www.w3.org/TR/CSP2/#policy-parsing the space is optional - Use an IO list, which at the end gets converted to a binary as opposed to ++ing a bunch of arrays with binaries together and joining them to a string. I doubt it gives any significant real world advantage, but the code is cleaner and now I can sleep at night. - The static part of csp is pre-joined to a single binary at compile time. Same reasoning as the last point.
2020-05-17AuthenticationPlug: Also update crypt passwords.lain
2020-05-17Authentication Plug: Update bcrypt password on login.lain
2020-05-14Pbkdf2.verify_pass --> AuthenticationPlug.checkpwAlex Gleason
2020-05-13Handle bcrypt passwords for Mastodon migrationAlex Gleason
2020-05-12Upgrade Comeonin to v5Alex Gleason
https://github.com/riverrun/comeonin/blob/master/UPGRADE_v5.md
2020-05-07Pleroma.Web.TwitterAPI.TwoFactorAuthenticationController -> ↵Maksim
Pleroma.Web.PleromaAPI.TwoFactorAuthenticationController
2020-05-06Merge branch 'plug-if-unless-func-options-refactoring' into 'develop'lain
Refactoring of :if_func / :unless_func plug options See merge request pleroma/pleroma!2446
2020-05-02static-fe.css: Restore and move to /priv/static/static-feHaelwenn (lanodan) Monnier
2020-05-01Merge branch 'bugfix/1727-fix-signature-decoding' into 'develop'rinpatch
Bugfix/1727 fix signature decoding Closes #1727 See merge request pleroma/pleroma!2454
2020-05-01MappedSignatureToIdentityPlug: Fix.lain
2020-05-01Uploads: Sandbox them in the CSP.lain
2020-05-01[#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks ↵Ivan Tashkinov
when password is provided. Refactored plugs skipping functionality.
2020-05-01Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'rinpatch
Enforcement of OAuth scopes check for authenticated API endpoints See merge request pleroma/pleroma!2349
2020-05-01Let blob: pass CSPAlex Gleason
2020-04-30Refactoring of :if_func / :unless_func plug options (general availability). ↵Ivan Tashkinov
Added tests for Pleroma.Web.Plug.
2020-04-28Merge remote-tracking branch 'remotes/origin/develop' into ↵Ivan Tashkinov
automatic-authentication-and-instance-publicity-checks # Conflicts: # lib/pleroma/web/mastodon_api/controllers/account_controller.ex
2020-04-26Let blob: pass CSPAlex Gleason
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-24 22:28:35 +0000