| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-05-01 | Merge branch 'bugfix/1727-fix-signature-decoding' into 'develop' | rinpatch | |
| Bugfix/1727 fix signature decoding Closes #1727 See merge request pleroma/pleroma!2454 | |||
| 2020-05-01 | Uploads: Sandbox them in the CSP. | lain | |
| 2020-05-01 | [#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks ↵ | Ivan Tashkinov | |
| when password is provided. Refactored plugs skipping functionality. | |||
| 2020-05-01 | Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop' | rinpatch | |
| Enforcement of OAuth scopes check for authenticated API endpoints See merge request pleroma/pleroma!2349 | |||
| 2020-05-01 | Let blob: pass CSP | Alex Gleason | |
| 2020-03-16 | rate limiter: disable based on if remote ip was found, not on if the plug ↵ | rinpatch | |
| was enabled The current rate limiter disable logic won't trigger when the remote ip is not forwarded, only when the remoteip plug is not enabled, which is not the case on most instances since it's enabled by default. This changes the behavior to warn and disable when the remote ip was not forwarded, even if the RemoteIP plug is enabled. Also closes #1620 | |||
| 2020-03-15 | Merge branch 'fix/cache-control-headers' into 'develop' | rinpatch | |
| Fix Cache Control headers on media See merge request pleroma/pleroma!2295 | |||
| 2020-03-15 | Fix static FE plug to handle missing Accept header. | Phil Hagelberg | |
| 2020-03-03 | Update Copyrights | Mark Felder | |
| 2020-03-02 | Bump copyright years of files changed after 2020-01-07 | Haelwenn (lanodan) Monnier | |
| Done via the following command: git diff fcd5dd259a1700a045be902b43391b0d1bd58a5b --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>' | |||
| 2020-03-01 | rate limiter: Fix a race condition | rinpatch | |
| When multiple requests are processed by rate limiter plug at the same time and the bucket is not yet initialized, both would try to initialize the bucket resulting in an internal server error. | |||
| 2020-02-29 | [#2250] Tiny refactoring per merge request review. | Ivan Tashkinov | |
| 2020-02-28 | Apply suggestion to lib/pleroma/plugs/rate_limiter/rate_limiter.ex | Ivan Tashkinov | |
| 2020-02-27 | Runtime configurability of RateLimiter. Refactoring. Disabled default rate ↵ | Ivan Tashkinov | |
| limits in tests. | |||
| 2020-02-20 | Merge branch 'require-signature' into 'develop' | lain | |
| Add an option to require fetches to be signed Closes #1444 See merge request pleroma/pleroma!2071 | |||
| 2020-02-07 | Actually fix upload limit on OTP releases | rinpatch | |
| Closes #1109 | |||
| 2020-01-30 | Merge branch 'fix/disable-rate-limiter-for-socket-localhost' into 'develop' | rinpatch | |
| Disable rate limiter for socket/localhost Closes #1380 See merge request pleroma/pleroma!2064 | |||
| 2020-01-30 | Merge branch 'develop' into fix/disable-rate-limiter-for-socket-localhost | rinpatch | |
| 2020-01-30 | Merge branch 'reenable-rate-limit-and-remote-ip' into 'develop' | lain | |
| Re-enable rate limiter and enable remote ip See merge request pleroma/pleroma!2164 | |||
| 2020-01-30 | Update http_security_plug.ex | feld | |
| 2020-01-30 | RemoteIp: only trust X-Forwarded-For | rinpatch | |
| Our nginx config will happily pass `Forwarded`/`X-Real-IP` from the client. Caddy, Apache and Varnish pass `X-Forwarded-For` as well anyway. | |||
| 2020-01-29 | Fix credo warning | Egor Kislitsyn | |
| 2020-01-29 | Make the warning more scarier | Egor Kislitsyn | |
| 2020-01-28 | Warn if HTTPSecurityPlug is disabled | Egor Kislitsyn | |
| 2020-01-17 | updated error messages for authentication process | Maksim Pechnikov | |
| 2020-01-10 | Merge remote-tracking branch 'remotes/origin/develop' into ↵ | Ivan Tashkinov | |
| 1478-oauth-admin-scopes-tweaks # Conflicts: # lib/pleroma/user.ex | |||
| 2020-01-10 | [#1478] OAuth admin tweaks: enforced OAuth admin scopes usage by default, ↵ | Ivan Tashkinov | |
| migrated existing OAuth records. Adjusted tests. | |||
| 2019-12-19 | Verify HTTP signatures only when request accepts "activity+json" type | Egor Kislitsyn | |
| 2019-12-16 | Add an option to require fetches to be signed | Egor Kislitsyn | |
| 2019-12-15 | OAuthScopesPlug: disallowed nil token (unless with :fallback option). WIP: ↵ | Ivan Tashkinov | |
| controller tests modification: OAuth scopes usage. | |||
| 2019-12-14 | Disable rate limiter for socket/localhost (unless RemoteIp is enabled) | Maxim Filippov | |
| 2019-12-11 | [#1427] Fixed `:admin` option handling in OAuthScopesPlug, added tests. | Ivan Tashkinov | |
| 2019-12-10 | Merge remote-tracking branch 'remotes/upstream/develop' into ↵ | Ivan Tashkinov | |
| 1427-oauth-admin-scopes # Conflicts: # CHANGELOG.md | |||
| 2019-12-08 | OTP: Fix runtime upload limit config being ignored | rinpatch | |
| Closes #1109 | |||
| 2019-12-07 | [#1427] Extra check that admin OAuth scope is used by admin. Adjusted tests. | Ivan Tashkinov | |
| 2019-12-06 | [#1427] Fixes / improvements of admin scopes support. Added tests. | Ivan Tashkinov | |
| 2019-12-06 | [#1427] Bugfix for `enforce_oauth_admin_scope_usage`. Admin API ↵ | Ivan Tashkinov | |
| documentation entry. | |||
| 2019-12-06 | [#1427] Reworked admin scopes support. | Ivan Tashkinov | |
| Requalified users.is_admin flag as legacy accessor to admin actions in case token lacks admin scope(s). | |||
| 2019-11-19 | Support authentication via `x-admin-token` HTTP header | Egor Kislitsyn | |
| 2019-11-15 | Merge branch 'bugfix/1395-email-activation' into 'develop' | rinpatch | |
| Bugfix/1395 email activation Closes #1395 See merge request pleroma/pleroma!1965 | |||
| 2019-11-15 | OAuthPlug, Router: Handle deactivated users in the UserEnabledPlug | lain | |
| 2019-11-11 | Merge branch 'feature/static-fe' into 'develop' | kaniini | |
| Static frontend See merge request pleroma/pleroma!1917 | |||
| 2019-11-11 | New rate limiter | Steven Fuchs | |
| 2019-11-11 | UserEnabledPlug: Don't authenticate unconfirmed users. | lain | |
| 2019-11-09 | Move static_fe config to its own section instead of in :instance. | Phil Hagelberg | |
| 2019-11-09 | Make many of the improvements suggested in review. | Phil Hagelberg | |
| 2019-11-09 | Static FE plug should only respond to text/html requests. | Phil Hagelberg | |
| 2019-11-09 | Move static FE routing into its own plug. | Phil Hagelberg | |
| Previously it was piggybacking on FallbackRedirectController for users and OStatusController for notices; now it's all in one place. | |||
| 2019-11-06 | Fix TrailingFormatPlug not being active for /api/oauth_tokens | rinpatch | |
| 2019-10-16 | [#1304] Moved all non-mutes / non-blocks fields from User.Info to User. WIP. | Ivan Tashkinov | |
 |
index : pleroma.git | |
| [no description] |
| aboutsummaryrefslogtreecommitdiff |