Haelwenn (lanodan) Monnier
|
6da6540036
|
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
|
5 years ago |
feld
|
36becd5573
|
Update http_security_plug.ex
|
5 years ago |
Egor Kislitsyn
|
e07e7888d7
|
Fix credo warning
|
5 years ago |
Egor Kislitsyn
|
2bd4d6289b
|
Make the warning more scarier
|
5 years ago |
Egor Kislitsyn
|
6302b40791
|
Warn if HTTPSecurityPlug is disabled
|
5 years ago |
rinpatch
|
92213fb87c
|
Replace Mix.env with Pleroma.Config.get(:env)
Mix.env/0 is not availible in release environments such as distillery or
elixir's built-in releases.
|
5 years ago |
Alex S
|
aa11fa4864
|
add report uri and report to
|
5 years ago |
feld
|
acb04306b6
|
Standardize construction of websocket URL
This follows up on the change made in d747bd98
|
5 years ago |
Haelwenn (lanodan) Monnier
|
fc37e5815f
|
Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src
Closes: https://git.pleroma.social/pleroma/pleroma/merge_requests/469
|
6 years ago |
Haelwenn (lanodan) Monnier
|
da4c662af3
|
Plugs.HTTPSecurityPlug: Add webpacker to connect-src
|
6 years ago |
Haelwenn (lanodan) Monnier
|
00e8f0b07d
|
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
|
6 years ago |
shibayashi
|
ea1058929c
|
Use url[:scheme] instead of protocol to determine if https is enabled
|
6 years ago |
William Pitcock
|
980b5288ed
|
update copyright years to 2019
|
6 years ago |
William Pitcock
|
2791ce9a1f
|
add license boilerplate to pleroma core
|
6 years ago |
Maksim Pechnikov
|
074fa790ba
|
fix compile warnings
|
6 years ago |
Haelwenn (lanodan) Monnier
|
04daa0fa44
|
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
This fixes running mastofe with MIX_ENV=dev
|
6 years ago |
shibayashi
|
591b11eafc
|
Add manifest-src to allow manifest.json
|
6 years ago |
William Pitcock
|
c07464607d
|
http security: remove form-action from CSP definitions
|
6 years ago |
William Pitcock
|
ee5932a504
|
http security: allow referrer-policy to be configured
|
6 years ago |
William Pitcock
|
fe67665e19
|
rename CSPPlug to HTTPSecurityPlug.
|
6 years ago |