2ec1181ee5 
								
							 
						 
						
							
							
								
								Fix contrast between background and form elements on some pages ( #31266 )  
							
							
							
						 
						
							2024-08-02 13:55:31 +00:00  
				
					
						
							
							
								 
						
							
								85d9053b36 
								
							 
						 
						
							
							
								
								Move `pagination_params` into `API::BaseController` ( #28845 )  
							
							
							
						 
						
							2024-05-30 14:56:48 +00:00  
				
					
						
							
							
								 
						
							
								65e82211cd 
								
							 
						 
						
							
							
								
								Rename `cache_*` methods to `preload_*` in controller concern ( #30209 )  
							
							
							
						 
						
							2024-05-16 08:03:46 +00:00  
				
					
						
							
							
								 
						
							
								1d3ecd3fba 
								
							 
						 
						
							
							
								
								Add `API::Pagination` concern ( #28826 )  
							
							
							
						 
						
							2024-04-17 09:22:45 +00:00  
				
					
						
							
							
								 
						
							
								babbf6017d 
								
							 
						 
						
							
							
								
								Remove caching in `cache_collection` ( #29862 )  
							
							
							
						 
						
							2024-04-08 13:46:13 +00:00  
				
					
						
							
							
								 
						
							
								edde54e991 
								
							 
						 
						
							
							
								
								Update stoplight to version 4.1.0 ( #28366 )  
							
							
							
						 
						
							2024-04-02 15:47:40 +00:00  
				
					
						
							
							
								 
						
							
								f9100743ec 
								
							 
						 
						
							
							
								
								Add `Api::ErrorHandling` concern for api/base controller ( #29574 )  
							
							
							
						 
						
							2024-03-14 09:09:47 +00:00  
				
					
						
							
							
								 
						
							
								7efc33b909 
								
							 
						 
						
							
							
								
								Move HTTP Signature parsing code to its own class ( #28932 )  
							
							
							
						 
						
							2024-02-07 13:35:37 +00:00  
				
					
						
							
							
								 
						
							
								1726085db5 
								
							 
						 
						
							
							
								
								Merge pull request from GHSA-3fjr-858r-92rw  
							
							... 
							
							
							
							* Fix insufficient origin validation
* Bump version to 4.3.0-alpha.1 
							
						 
						
							2024-02-01 15:56:46 +01:00  
				
					
						
							
							
								 
						
							
								b19ae521b7 
								
							 
						 
						
							
							
								
								Add confirmation when redirecting logged-out requests to permalink ( #27792 )  
							
							... 
							
							
							
							Co-authored-by: Claire <claire.github-309c@sitedethib.com> 
							
						 
						
							2024-01-24 10:49:19 +00:00  
				
					
						
							
							
								 
						
							
								3593ee2e36 
								
							 
						 
						
							
							
								
								Add rate-limit of TOTP authentication attempts at controller level ( #28801 )  
							
							
							
						 
						
							2024-01-19 12:19:49 +00:00  
				
					
						
							
							
								 
						
							
								5a6d533c53 
								
							 
						 
						
							
							
								
								Enable Rails 7.1 Marshalling format ( #28609 )  
							
							
							
						 
						
							2024-01-05 21:57:47 +00:00  
				
					
						
							
							
								 
						
							
								092bb8a27a 
								
							 
						 
						
							
							
								
								Fix Mastodon not correctly processing HTTP Signatures with query strings ( #28476 )  
							
							
							
						 
						
							2024-01-03 11:29:26 +00:00  
				
					
						
							
							
								 
						
							
								963354978a 
								
							 
						 
						
							
							
								
								Add `Account#unavailable?` and `Account#permanently_unavailable?` aliases ( #28053 )  
							
							
							
						 
						
							2023-11-30 15:43:26 +00:00  
				
					
						
							
							
								 
						
							
								1f1c75bba5 
								
							 
						 
						
							
							
								
								File cleanup/organization in `controllers/concerns` ( #27846 )  
							
							
							
						 
						
							2023-11-30 14:39:41 +00:00  
				
					
						
							
							
								 
						
							
								291dc04e67 
								
							 
						 
						
							
							
								
								Remove un-needed `action` and `template` options to `render` in controllers ( #28022 )  
							
							
							
						 
						
							2023-11-29 10:38:05 +00:00  
				
					
						
							
							
								 
						
							
								d562fb8459 
								
							 
						 
						
							
							
								
								Specs for minimal CSP policy in `Api::` controllers ( #27845 )  
							
							
							
						 
						
							2023-11-14 14:34:30 +00:00  
				
					
						
							
							
								 
						
							
								33f8c1c5eb 
								
							 
						 
						
							
							
								
								Remove version check from update cache_concern.rb ( #27592 )  
							
							
							
						 
						
							2023-10-30 14:04:12 +00:00  
				
					
						
							
							
								 
						
							
								379115e601 
								
							 
						 
						
							
							
								
								Add SELF_DESTRUCT env variable to process self-destructions in the background ( #26439 )  
							
							
							
						 
						
							2023-10-23 15:46:21 +00:00  
				
					
						
							
							
								 
						
							
								d4c2dca874 
								
							 
						 
						
							
							
								
								Fix haml-lint `InstanceVariables` rule for auth/sessions/two_factor/o… ( #27372 )  
							
							
							
						 
						
							2023-10-12 09:44:20 +02:00  
				
					
						
							
							
								 
						
							
								40ba6e119b 
								
							 
						 
						
							
							
								
								Fix Vary headers not being set on some redirects ( #27272 )  
							
							
							
						 
						
							2023-10-05 09:50:08 +02:00  
				
					
						
							
							
								 
						
							
								340f1a68be 
								
							 
						 
						
							
							
								
								Simplify instance presenter view access ( #26046 )  
							
							
							
						 
						
							2023-09-28 16:52:37 +02:00  
				
					
						
							
							
								 
						
							
								9a70cac9de 
								
							 
						 
						
							
							
								
								Fix   #26849  by adding the domain of the current SSO provider to the form-action CSP ( #26857 )  
							
							
							
						 
						
							2023-09-12 13:04:51 +02:00  
				
					
						
							
							
								 
						
							
								09ec9c6aa5 
								
							 
						 
						
							
							
								
								Downgrade signature verification debug logging from `warn` to `debug` ( #26812 )  
							
							
							
						 
						
							2023-09-06 12:17:22 +02:00  
				
					
						
							
							
								 
						
							
								25bf640629 
								
							 
						 
						
							
							
								
								Add debug logging on signature verification failure ( #26637 )  
							
							
							
						 
						
							2023-08-29 10:29:07 +02:00  
				
					
						
							
							
								 
						
							
								8b37dd2c86 
								
							 
						 
						
							
							
								
								Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts ( #26388 )  
							
							
							
						 
						
							2023-08-08 15:41:38 +02:00  
				
					
						
							
							
								 
						
							
								120f5802c0 
								
							 
						 
						
							
							
								
								Add direct link to the Single-Sign On provider if there is only one sign up method available ( #26083 )  
							
							
							
						 
						
							2023-08-03 16:43:15 +02:00  
				
					
						
							
							
								 
						
							
								e258b4cb64 
								
							 
						 
						
							
							
								
								Refactor: replace whitelist_mode mentions with limited_federation_mode ( #26252 )  
							
							
							
						 
						
							2023-08-02 19:32:48 +02:00  
				
					
						
							
							
								 
						
							
								2e1391fdd2 
								
							 
						 
						
							
							
								
								Fix `Naming/MemoizedInstanceVariableName` cop ( #25928 )  
							
							
							
						 
						
							2023-07-12 10:08:51 +02:00  
				
					
						
							
							
								 
						
							
								5134fc65e2 
								
							 
						 
						
							
							
								
								Fix `Naming/AccessorMethodName` cop ( #25924 )  
							
							
							
						 
						
							2023-07-12 10:03:19 +02:00  
				
					
						
							
							
								 
						
							
								39110d1d0a 
								
							 
						 
						
							
							
								
								Fix CAPTCHA page not following design pattern of sign-up flow ( #25395 )  
							
							
							
						 
						
							2023-06-13 22:30:40 +02:00  
				
					
						
							
							
								 
						
							
								bec6a1cad4 
								
							 
						 
						
							
							
								
								Add hCaptcha support ( #25019 )  
							
							
							
						 
						
							2023-05-16 23:27:35 +02:00  
				
					
						
							
							
								 
						
							
								d5a185d721 
								
							 
						 
						
							
							
								
								Autofix Rubocop Style/CaseLikeIf ( #23756 )  
							
							
							
						 
						
							2023-05-04 05:51:18 +02:00  
				
					
						
							
							
								 
						
							
								668a19a2f3 
								
							 
						 
						
							
							
								
								Fix Performance/DeletePrefix cop ( #24796 )  
							
							
							
						 
						
							2023-05-02 21:07:45 +02:00  
				
					
						
							
							
								 
						
							
								b0bf6216e6 
								
							 
						 
						
							
							
								
								Fix /api/v1/instance/domain_blocks being unconditionally cached ( #24662 )  
							
							
							
						 
						
							2023-04-26 11:42:47 +02:00  
				
					
						
							
							
								 
						
							
								276c39361b 
								
							 
						 
						
							
							
								
								Fix anonymous visitors getting a session cookie on first visit ( #24584 )  
							
							
							
						 
						
							2023-04-25 16:51:38 +02:00  
				
					
						
							
							
								 
						
							
								6084461cd0 
								
							 
						 
						
							
							
								
								Change unauthenticated responses to be cached in REST API ( #24348 )  
							
							
							
						 
						
							2023-04-25 15:41:34 +02:00  
				
					
						
							
							
								 
						
							
								58a1b2e330 
								
							 
						 
						
							
							
								
								Fix caching logic with regards to Accept-Language, Cookie, and Signature ( #24604 )  
							
							
							
						 
						
							2023-04-23 22:27:24 +02:00  
				
					
						
							
							
								 
						
							
								e98c86050a 
								
							 
						 
						
							
							
								
								Refactor `Cache-Control` and `Vary` definitions ( #24347 )  
							
							
							
						 
						
							2023-04-19 16:07:29 +02:00  
				
					
						
							
							
								 
						
							
								0663803348 
								
							 
						 
						
							
							
								
								Move link header setting to after_action ( #24251 )  
							
							
							
						 
						
							2023-03-26 00:40:01 +01:00  
				
					
						
							
							
								 
						
							
								2626097869 
								
							 
						 
						
							
							
								
								Fix Rails cache namespace being overriden with `v2` for cached statuses ( #24202 )  
							
							
							
						 
						
							2023-03-22 15:47:44 +01:00  
				
					
						
							
							
								 
						
							
								160f38f03d 
								
							 
						 
						
							
							
								
								Workaround the ActiveRecord / Marshal serialization bug on Ruby 3.2 ( #24142 )  
							
							... 
							
							
							
							Co-authored-by: Jean Boussier <jean.boussier@gmail.com> 
							
						 
						
							2023-03-17 14:37:30 +01:00  
				
					
						
							
							
								 
						
							
								25d36b6edd 
								
							 
						 
						
							
							
								
								Autofix Rubocop Style/RedundantArgument ( #23798 )  
							
							
							
						 
						
							2023-03-16 10:34:00 +09:00  
				
					
						
							
							
								 
						
							
								717683d1c3 
								
							 
						 
						
							
							
								
								Autofix Rubocop remaining Layout rules ( #23679 )  
							
							
							
						 
						
							2023-02-20 06:58:28 +01:00  
				
					
						
							
							
								 
						
							
								aef0051fd0 
								
							 
						 
						
							
							
								
								Enable Rubocop HTTP status rules ( #23717 )  
							
							
							
						 
						
							2023-02-20 11:16:40 +09:00  
				
					
						
							
							
								 
						
							
								2177daeae9 
								
							 
						 
						
							
							
								
								Autofix Rubocop Style/RedundantBegin ( #23703 )  
							
							
							
						 
						
							2023-02-19 07:09:40 +09:00  
				
					
						
							
							
								 
						
							
								a6f77aa28a 
								
							 
						 
						
							
							
								
								Autofix Rubocop Lint/AmbiguousOperatorPrecedence ( #23681 )  
							
							
							
						 
						
							2023-02-18 04:30:23 +01:00  
				
					
						
							
							
								 
						
							
								2e652aa81c 
								
							 
						 
						
							
							
								
								Apply Rubocop Performance/RedundantSplitRegexpArgument ( #23443 )  
							
							... 
							
							
							
							* Apply Rubocop Performance/RedundantSplitRegexpArgument
* Update app/controllers/concerns/signature_verification.rb 
							
						 
						
							2023-02-08 02:25:20 +01:00  
				
					
						
							
							
								 
						
							
								68dcbcb7bf 
								
							 
						 
						
							
							
								
								Add more specific error messages to HTTP signature verification ( #21617 )  
							
							... 
							
							
							
							* Return specific error on failure to parse Date header
* Add error message when preferredUsername is not set
* Change error report to be JSON and include more details
* Change error report to differentiate unknown account and failed refresh
* Add tests 
							
						 
						
							2023-01-18 16:47:56 +01:00  
				
					
						
							
							
								 
						
							
								fcc4c9b34a 
								
							 
						 
						
							
							
								
								Change domain block CSV parsing to be more robust and handle more lists ( #21470 )  
							
							... 
							
							
							
							* Change domain block CSV parsing to be more robust and handle more lists
* Add some tests
* Improve domain block import validation and reporting 
							
						 
						
							2023-01-18 16:20:52 +01:00