activitypub: object view: avoid leaking private details

[akkoma] / config / config.exs

diff --git a/config/config.exs b/config/config.exs
index a71fedf1cbb01b5354e26e6e1126091385684b6c..af0fdca9aae4d79745df95b405f91bedde938000 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -23,6 +23,10 @@ config :pleroma, Pleroma.Uploaders.S3,
   public_endpoint: "https://s3.amazonaws.com",
   force_media_proxy: false
 
+config :pleroma, Pleroma.Uploaders.MDII,
+  cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi",
+  files: "https://mdii.sakura.ne.jp"
+
 config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"]
 
 config :pleroma, :uri_schemes,
@@ -85,6 +89,9 @@ config :pleroma, :instance,
   description: "A Pleroma instance, an alternative fediverse server",
   limit: 5000,
   upload_limit: 16_000_000,
+  avatar_upload_limit: 2_000_000,
+  background_upload_limit: 4_000_000,
+  banner_upload_limit: 4_000_000,
   registrations_open: true,
   federating: true,
   allow_relay: true,
@@ -173,6 +180,27 @@ config :pleroma, :suggestions,
   limit: 23,
   web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
 
+config :pleroma, :http_security,
+  enabled: true,
+  sts: false,
+  sts_max_age: 31_536_000,
+  ct_max_age: 2_592_000,
+  referrer_policy: "same-origin"
+
+config :cors_plug,
+  max_age: 86_400,
+  methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],
+  expose: [
+    "Link",
+    "X-RateLimit-Reset",
+    "X-RateLimit-Limit",
+    "X-RateLimit-Remaining",
+    "X-Request-Id",
+    "Idempotency-Key"
+  ],
+  credentials: true,
+  headers: ["Authorization", "Content-Type", "Idempotency-Key"]
+
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env()}.exs"