captain_arepa/akkoma-cachapa - akkoma-cachapa - Cachapa Gitea: Git with a cup of tea (and cachapas)

Author	SHA1	Message	Date
Mark Felder	7f7a1a4676	Check for media proxy base_url, not Upload base_url	4 years ago
rinpatch	99afc7f4e4	HTTP security plug: add media proxy base url host to csp	4 years ago
rinpatch	d23b3701d8	Merge branch 'bugfix/csp-unproxied' into 'develop' http_security_plug.ex: Fix non-proxied media See merge request pleroma/pleroma!2610	4 years ago
rinpatch	109af93227	Apply suggestion to lib/pleroma/plugs/http_security_plug.ex	4 years ago
Alex Gleason	d38f28870e	Add blob: to connect-src CSP	4 years ago
Haelwenn (lanodan) Monnier	da1e31fae3	http_security_plug.ex: Fix non-proxied media	4 years ago
rinpatch	27180611df	HTTP Security plug: make starting csp string generation more readable	4 years ago
rinpatch	29ff6d414b	HTTP security plug: Harden img-src and media-src when MediaProxy is enabled	4 years ago
rinpatch	455a402c8a	HTTP Security plug: rewrite &csp_string/0 - Directives are now separated with ";" instead of " ;", according to https://www.w3.org/TR/CSP2/#policy-parsing the space is optional - Use an IO list, which at the end gets converted to a binary as opposed to ++ing a bunch of arrays with binaries together and joining them to a string. I doubt it gives any significant real world advantage, but the code is cleaner and now I can sleep at night. - The static part of csp is pre-joined to a single binary at compile time. Same reasoning as the last point.	4 years ago
Alex Gleason	1bd9749a8f	Let blob: pass CSP	4 years ago
Haelwenn (lanodan) Monnier	6da6540036	Bump copyright years of files changed after 2020-01-07 Done via the following command: git diff `fcd5dd259a` --stat --name-only \| xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'	5 years ago
feld	36becd5573	Update http_security_plug.ex	5 years ago
Egor Kislitsyn	e07e7888d7	Fix credo warning	5 years ago
Egor Kislitsyn	2bd4d6289b	Make the warning more scarier	5 years ago
Egor Kislitsyn	6302b40791	Warn if HTTPSecurityPlug is disabled	5 years ago
rinpatch	92213fb87c	Replace Mix.env with Pleroma.Config.get(:env) Mix.env/0 is not availible in release environments such as distillery or elixir's built-in releases.	5 years ago
Alex S	aa11fa4864	add report uri and report to	5 years ago
feld	acb04306b6	Standardize construction of websocket URL This follows up on the change made in `d747bd98`	5 years ago
Haelwenn (lanodan) Monnier	fc37e5815f	Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src Closes: https://git.pleroma.social/pleroma/pleroma/merge_requests/469	6 years ago
Haelwenn (lanodan) Monnier	da4c662af3	Plugs.HTTPSecurityPlug: Add webpacker to connect-src	6 years ago
Haelwenn (lanodan) Monnier	00e8f0b07d	Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode This is needed to run dev mode mastofe at the same time	6 years ago
shibayashi	ea1058929c	Use url[:scheme] instead of protocol to determine if https is enabled	6 years ago
William Pitcock	980b5288ed	update copyright years to 2019	6 years ago
William Pitcock	2791ce9a1f	add license boilerplate to pleroma core	6 years ago
Maksim Pechnikov	074fa790ba	fix compile warnings	6 years ago
Haelwenn (lanodan) Monnier	04daa0fa44	Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https This fixes running mastofe with MIX_ENV=dev	6 years ago
shibayashi	591b11eafc	Add manifest-src to allow manifest.json	6 years ago
William Pitcock	c07464607d	http security: remove form-action from CSP definitions	6 years ago
William Pitcock	ee5932a504	http security: allow referrer-policy to be configured	6 years ago
William Pitcock	fe67665e19	rename CSPPlug to HTTPSecurityPlug.	6 years ago