60 Commits

Author	SHA1	Message	Date
Claire	607449336d	Merge commit from fork	2025-12-08 15:44:08 +01:00
Matt Jankowski	fd779c25b9	Avoid return not_found in statuses controller (#35585)	2025-07-30 09:28:20 +00:00
Matt Jankowski	f3c4874522	Remove unused statuses#embed body class assignment (#31787)	2024-09-12 13:38:15 +00:00
Matt Jankowski	7efe0bde9d	Add have_http_link_header matcher and set header values as strings (#31010)	2024-09-05 20:05:38 +00:00
Matt Jankowski	340f1a68be	Simplify instance presenter view access (#26046)	2023-09-28 16:52:37 +02:00
Emelia Smith	e258b4cb64	Refactor: replace whitelist_mode mentions with limited_federation_mode (#26252)	2023-08-02 19:32:48 +02:00
Claire	fea0830614	Remove invalid X-Frame-Options: ALLOWALL (#25070)	2023-05-23 14:27:17 +02:00
Claire	58a1b2e330	Fix caching logic with regards to Accept-Language, Cookie, and Signature (#24604)	2023-04-23 22:27:24 +02:00
Eugen Rochko	e98c86050a	Refactor Cache-Control and Vary definitions (#24347)	2023-04-19 16:07:29 +02:00
Matt Jankowski	0663803348	Move link header setting to after_action (#24251)	2023-03-26 00:40:01 +01:00
Matt Jankowski	e633b26f4f	Add allow_other_host in redirects which may go outside app (#24252)	2023-03-26 00:38:32 +01:00
David Vega	1b5d207131	Fix single name variables on controller folder (#20092) ... Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: petrokoriakin1 <116151189+petrokoriakin1@users.noreply.github.com> Co-authored-by: Effy Elden <effy@effy.space>	2022-12-15 17:11:58 +01:00
Claire	86f6631d28	Remove dead code and refactor status threading code (#20357) ... * Remove dead code * Remove unneeded/broken parameters and refactor descendant computation	2022-11-10 22:30:00 +01:00
Eugen Rochko	839f893168	Change public accounts pages to mount the web UI (#19319) ... * Change public accounts pages to mount the web UI * Fix handling of remote usernames in routes - When logged in, serve web app - When logged out, redirect to permalink - Fix `app-body` class not being set sometimes due to name conflict * Fix missing `multiColumn` prop * Fix failing test * Use `discoverable` attribute to control indexing directives * Fix `<ColumnLoading />` not using `multiColumn` * Add `noindex` to accounts in REST API * Change noindex directive to not be rendered by default before a route is mounted * Add loading indicator for detailed status in web UI * Fix missing indicator appearing while account is loading in web UI	2022-10-20 14:35:29 +02:00
Eugen Rochko	62782babd0	Change public statuses pages to mount the web UI (#19301)	2022-10-06 02:26:34 +02:00
Claire	8cf7006d4e	Refactor ActivityPub handling to prepare for non-Account actors (#19212) ... * Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`	2022-09-21 22:45:57 +02:00
Eugen Rochko	351c744590	Fix error when trying to render component for media without meta (#16112)	2021-05-05 21:16:55 +02:00
ThibG	2ff01f78f7	Fix /activity endpoint not require signature in authorized fetch mode (#15592) ... Fixes #15589 Co-authored-by: Claire <claire.github-309c@sitedethib.com>	2021-01-19 06:47:36 +01:00
ThibG	ac8a788370	Fix functional user requirements in whitelist mode (#14093) ... Fixes #14092	2020-06-19 19:18:47 +02:00
Eugen Rochko	5d8398c8b8	Add E2EE API (#13820)	2020-06-02 19:24:53 +02:00
Eugen Rochko	988b0493fe	Add more tests for ActivityPub controllers (#13585)	2020-05-03 16:30:36 +02:00
Eugen Rochko	c4c315ea40	Fix OEmbed leaking information about existence of non-public statuses (#12930)	2020-01-24 00:20:51 +01:00
Eugen Rochko	de5305a3a5	Fix redirecting non-functional accounts on public pages (#11978) ... Fix #11969	2019-09-28 01:33:27 +02:00
ThibG	646f96d448	Fix ActivityPub and REST API queries setting cookies and preventing caching (#11539) ... Regression from #8657	2019-08-11 22:59:40 +02:00
Eugen Rochko	c669bb42ba	Add (back) rails-level JSON caching (#11333)	2019-07-21 22:32:16 +02:00
Eugen Rochko	5bf67ca913	Add ActivityPub secure mode (#11269) ... * Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method	2019-07-11 20:11:09 +02:00
Eugen Rochko	63c7fe8e48	Refactor controllers for statuses, accounts, and more (#11249)	2019-07-08 12:03:45 +02:00
Eugen Rochko	b851456139	Remove Atom feeds and old URLs in the form of GET /:username/updates/:id (#11247)	2019-07-07 16:16:51 +02:00
ThibG	cac9110533	Cleanup various controllers (#10972) ... * Remove skip_session! as it is not supported in Rails 5 * Minor cleanup in StreamEntriesController * Remove redundant mark_cacheable! calls	2019-06-05 14:02:59 +02:00
ThibG	7fa23ec697	Fix potential private status leak (#10969)	2019-06-05 13:40:20 +02:00
ThibG	26fc21c188	Add some caching for HTML versions of statuses pages (#10701)	2019-05-09 22:03:44 +02:00
Ben Lubar	c3d1594576	Reduce server load caused by anonymous viewing. (#9059) ... Do not start a session if the current user is not logged in for public-facing pages. Mark pages that don't care about sessions as publicly cacheable. Keep the max age as 0 so proxies and browsers will still try to retrieve an updated version but can still fall back to the stale version if the site is down or too slow. Fixes #9035.	2019-03-17 15:39:25 +01:00
ThibG	d8498b3983	Give the replies collection an identifier and enable pagination (#10128)	2019-02-28 18:16:34 +01:00
ThibG	e88c6a5c3c	Fix thread depth computation in statuses_controller (#9426) ... * Add test that should currently fail * Fix depth computation (will still fail if statuses have been filtered out) * Fix handling of broken threads	2018-12-05 02:12:29 +01:00
ThibG	2d27c11061	Set Content-Security-Policy rules through RoR's config (#8957) ... * Set CSP rules in RoR's configuration * Override CSP setting in the embed controller to allow frames	2018-10-11 20:35:46 +02:00
Renato "Lond" Cerqueira	11658d8653	Add animate custom emoji param to embed pages (#8507) ... * Add animate custom emoji param to embed pages * Rename param, use it for avatars and gifs * Fix issues pointed by codeclimate and breaking test * Ignore brakeman warning	2018-08-30 23:14:01 +02:00
abcang	9e75aa30cd	Unuse ActiveRecord::Base#cache_key (#8185) ... * Unuse ActiveRecord::Base#cache_key * Enable cache_versioning * Call cache_collection	2018-08-19 15:52:38 +02:00
Eugen Rochko	60df87f6f0	Compensate for scrollbar disappearing when media modal visible (#8100) ... * Compensate for scrollbar disappearing when media modal visible Make auth pages backgrounds lighter * Fix typo	2018-07-31 01:14:33 +02:00
Eugen Rochko	bb71538bb5	Redesign public profiles and toots (#8068)	2018-07-28 19:25:33 +02:00
Eugen Rochko	2092d5c0ad	Improve embeds (#7919) ... * Make embeds cacheable by reverse proxy * Make follow button on embeds open remote follow modal Instead of web+mastodon://, also, turn the button blue, and add a sign up prompt to the remote follow modal	2018-07-01 04:12:34 +02:00
Eugen Rochko	da61352fab	Fix "Show more" URL on paginated threads for remote statuses (#7285) ... * Fix URL of "Show more" link in paginated threads (ancestors side) Increase item limits in threads Fix #7268 * Fix "Show more" link in paginated threads (descendants side)	2018-04-30 01:59:42 +02:00
Akihiko Odaki	1258efa882	Paginate descendant statuses in public page (#7148)	2018-04-23 19:27:35 +02:00
Eugen Rochko	aab5581c43	Set Referrer-Policy to origin in web UI and public pages of private toots (#7162) ... Fix #7115	2018-04-17 13:51:01 +02:00
Akihiko Odaki	519119f657	Paginate ancestor statuses in public page (#7102) ... This also limits the statuses returned by API, but pagination is not implemented in Web API yet. I still expect it brings user experience better than making a user wait to fetch all ancestor statuses and flooding the column with them.	2018-04-11 12:35:09 +02:00
puckipedia	8e4cf6282b	Allow retrieval of private statuses (single or in outbox) using HTTP signatures (#6225)	2018-02-02 10:19:59 +01:00
ThibG	3bee0996c5	Make sure private toots remain private and do not end up in HTTP caches (#6175)	2018-01-04 14:39:38 +01:00
Eugen Rochko	c10f4bdb03	Cache JSON of immutable ActivityPub representations (#6171)	2018-01-04 01:21:38 +01:00
ThibG	99f962ba73	Allow HTTP caching of json view of public statuses (#6115) ... * Allow HTTP caching of json view of public statuses HTML views are not cached as they can contain private statuses as well * Disable session cookies for ActivityPub json rendering of public toots	2018-01-03 04:57:57 +01:00
Eugen Rochko	3a3475450e	Encode custom emojis as resolveable objects in ActivityPub (#5243) ... * Encode custom emojis as resolveable objects in ActivityPub * Improve code style	2017-10-07 17:43:42 +02:00
Eugen Rochko	e95bdec7c5	Update status embeds (#4742) ... - Use statuses controller for embeds instead of stream entries controller - Prefer /@:username/:id/embed URL for embeds - Use /@:username as author_url in OEmbed - Add follow link to embeds which opens web intent in new window - Use redis cache in development - Cache entire embed	2017-08-30 10:23:43 +02:00