Commit graph

31 commits

Author SHA1 Message Date
Thomas Citharel e31433cf83
Allow for resource providers to register a csp policy
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 11:50:15 +01:00
Thomas Citharel 57fac37347
Support CSP report_uri, report_to and the Report-To and Reporting-Endpoints headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 10:55:26 +01:00
Thomas Citharel e97206077c
Add CSP Policy for pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 09:26:45 +01:00
Thomas Citharel a1726fc12e
Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest
Follow-up to !1300

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-02 11:36:32 +01:00
Thomas Citharel 4db13046b7
Provide an accept CSP policy for global search pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-08-28 10:02:06 +02:00
Thomas Citharel e3adc0684f
Make FrontEndAnalytics provide CSP configuration
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-04-06 19:56:09 +02:00
Thomas Citharel d7fd30f8e6
Federation fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-19 19:25:49 +01:00
Thomas Citharel cc9c2c878c
Fix some HTTP signatures issues
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-17 16:01:39 +01:00
Thomas Citharel f35db6540b
Various HTTP signature code improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-16 16:45:38 +01:00
Thomas Citharel d7ef8f3280
Adding some debug logs
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-16 15:43:53 +01:00
Thomas Citharel 55af776df9
Improve group refreshment and fixed date signature generation
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-14 16:28:27 +01:00
Thomas Citharel 5de0cee025
Allow to access to a language directly though instance.tld/:lang
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-07 21:09:31 +01:00
Thomas Citharel b5d9b82bdd
Refactor Mobilizon.Federation.ActivityPub and add typespecs
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-29 16:31:11 +02:00
Thomas Citharel 41f086e2c9
Spec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-27 09:42:12 +02:00
Thomas Citharel 1893d9f55b
Various refactoring and typespec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-26 17:52:24 +02:00
Thomas Citharel de047c8939
Various typespec and compilation improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-26 17:52:20 +02:00
Thomas Citharel a670a7d7a7
Fix and improve language handling
- Refactor plugs to detect and set language
- Translate ecto validation errors
- Use Gettext directly, not Mobilizon.Web.Gettext
- Set the language in the <html> attribute according to the one loaded
  on front-end

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-07-27 20:11:56 +02:00
Thomas Citharel ae25cba97a
Use correct default language when no Accept-Language is set
Closes #792

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-07-22 17:01:34 +02:00
Thomas Citharel b196719238
Remove unsafe-inline from CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-07-02 09:46:38 +02:00
Thomas Citharel bac2d3188c
Fix GraphiQL CSP headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-28 11:57:11 +02:00
Thomas Citharel 280f461ba7
Refactor the ActivityPub module
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-22 19:29:47 +02:00
Thomas Citharel f2175c6498
Refactor CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-16 14:57:02 +02:00
Thomas Citharel bbfe3de471
Handle NotAcceptableError better
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-12 12:01:50 +02:00
Thomas Citharel 8508558945
Allow every origin for connect-src because of Webfinger
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-02-26 11:44:27 +01:00
Thomas Citharel e933004daf
Fix CSP issues in production
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-01-26 17:00:15 +01:00
Thomas Citharel e0e46a81e3
Refactor CSP config by using Pleroma's HTTPSecurityPlug
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-01-25 18:06:49 +01:00
Thomas Citharel c9457fe0d3
Track usage of media files and add a job to clean them
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-11-26 17:53:33 +01:00
Thomas Citharel 49a5725da3
Improve and activate groups
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-09-29 10:25:00 +02:00
Thomas Citharel 3a753312c1
Validate Date header in HTTPSignatures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-02-14 09:22:17 +01:00
rustra 97651e88e9 Implement Credo software design suggestions 2020-01-28 19:18:33 +01:00
rustra 8856cc2f55 Rename MobilizonWeb to Mobilizon.Web 2020-01-26 21:39:49 +01:00