floatingghost [Mon, 12 Dec 2022 04:26:43 +0000 (04:26 +0000)]
Update '.gitea/issue_template/feat.yml'
floatingghost [Mon, 12 Dec 2022 04:26:24 +0000 (04:26 +0000)]
Update '.gitea/issue_template/bug.yml'
FloatingGhost [Mon, 12 Dec 2022 02:34:13 +0000 (02:34 +0000)]
Add `mail` to make the gmail adapter in swoosh work
FloatingGhost [Sun, 11 Dec 2022 23:50:31 +0000 (23:50 +0000)]
Test removed HTTP adapter
FloatingGhost [Sun, 11 Dec 2022 23:33:58 +0000 (23:33 +0000)]
Allow mock in http adapter checking
FloatingGhost [Sun, 11 Dec 2022 23:22:35 +0000 (23:22 +0000)]
Remove quack, ensure adapter is finch
FloatingGhost [Sun, 11 Dec 2022 22:58:26 +0000 (22:58 +0000)]
uppdate excoveralls
FloatingGhost [Sun, 11 Dec 2022 22:57:18 +0000 (22:57 +0000)]
Add diagnostics http
FloatingGhost [Sun, 11 Dec 2022 19:26:21 +0000 (19:26 +0000)]
Ensure Gun is Gone
FloatingGhost [Sun, 11 Dec 2022 19:19:31 +0000 (19:19 +0000)]
Remove hackney/gun in favour of finch
FloatingGhost [Sat, 10 Dec 2022 14:50:02 +0000 (14:50 +0000)]
Bump versions
floatingghost [Sat, 10 Dec 2022 14:43:03 +0000 (14:43 +0000)]
Merge pull request 'Don't listen Erlang Port Mapper Daemon (4369/tcp) on 0.0.0.0' (#358) from r3g_5z/akkoma:close-open-ports into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/358
floatingghost [Sat, 10 Dec 2022 14:41:23 +0000 (14:41 +0000)]
Merge pull request 'Add dark and light theme mode to docs, detection, and button' (#360) from r3g_5z/akkoma:docs-dark-mode into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/360
r3g_5z [Sat, 10 Dec 2022 03:49:25 +0000 (22:49 -0500)]
Add dark and light theme mode to docs, detection, and button
my eyes hurt
Signed-off-by: r3g_5z <june@girlboss.ceo>
r3g_5z [Sat, 10 Dec 2022 02:36:21 +0000 (21:36 -0500)]
Don't listen Erlang Port Mapper Daemon (4369/tcp) on 0.0.0.0
Signed-off-by: r3g_5z <june@girlboss.ceo>
floatingghost [Sat, 10 Dec 2022 00:24:28 +0000 (00:24 +0000)]
Merge pull request 'Remove unnecessary KillMode=process' (#359) from r3g_5z/akkoma:remove-unnecessary-killmode into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/359
FloatingGhost [Sat, 10 Dec 2022 00:10:24 +0000 (00:10 +0000)]
Merge remote-tracking branch 'origin/translations' into develop
r3g_5z [Sat, 10 Dec 2022 00:10:20 +0000 (19:10 -0500)]
Remove unnecessary KillMode=process
It's unclear why this is the default as this is highly not recommended.
KillMode=process ends up leaving leftover orphaned processes that
escape resource management and process lifecycles, wasting resources
on servers.
Signed-off-by: r3g_5z <june@girlboss.ceo>
FloatingGhost [Sat, 10 Dec 2022 00:09:45 +0000 (00:09 +0000)]
Do not fetch anything from blocked instances
FloatingGhost [Fri, 9 Dec 2022 23:45:51 +0000 (23:45 +0000)]
Add some extra info around possible nils
Weblate [Wed, 7 Dec 2022 15:39:41 +0000 (15:39 +0000)]
Update translation files
Updated by "Squash Git commits" hook in Weblate.
Translation: Pleroma fe/Akkoma Backend (Static pages)
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/
Weblate [Wed, 7 Dec 2022 15:39:41 +0000 (15:39 +0000)]
Translated using Weblate (Indonesian)
Currently translated at 21.6% (18 of 83 strings)
Added translation using Weblate (Indonesian)
Co-authored-by: Weblate <noreply@weblate.org>
Co-authored-by: t1 <taaa@fedora.email>
Translate-URL: http://translate.akkoma.dev/projects/akkoma/akkoma-backend-static-pages/id/
Translation: Pleroma fe/Akkoma Backend (Static pages)
floatingghost [Fri, 9 Dec 2022 21:12:49 +0000 (21:12 +0000)]
Merge pull request 'Magical patches' (#357) from magical-patches into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/357
FloatingGhost [Fri, 9 Dec 2022 20:59:26 +0000 (20:59 +0000)]
Revert "mandate published on notes"
This reverts commit
e49b583147748be73062acc92ea510f6f55a503a.
floatingghost [Fri, 9 Dec 2022 20:28:48 +0000 (20:28 +0000)]
Merge pull request 'Skip posts in indexer where publish date is nil' (#356) from sn0w/akkoma:feature/indexer-skip-broken-activities into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/356
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
FloatingGhost [Fri, 9 Dec 2022 20:27:54 +0000 (20:27 +0000)]
mandate published on notes
fixes #356
FloatingGhost [Fri, 9 Dec 2022 20:13:31 +0000 (20:13 +0000)]
Add URL and code to :not_found errors
Ref #355
FloatingGhost [Fri, 9 Dec 2022 20:04:48 +0000 (20:04 +0000)]
Underscore unused variable
FloatingGhost [Fri, 9 Dec 2022 20:01:38 +0000 (20:01 +0000)]
Do not pass transient undo-y activities through MRF
FloatingGhost [Fri, 9 Dec 2022 19:59:27 +0000 (19:59 +0000)]
Remove FollowBotPolicy
FloatingGhost [Fri, 9 Dec 2022 19:57:29 +0000 (19:57 +0000)]
extend reject MRF to check if originating instance is blocked
sn0w [Thu, 8 Dec 2022 09:04:20 +0000 (10:04 +0100)]
Skip posts in indexer where publish date is nil
FloatingGhost [Fri, 9 Dec 2022 10:31:22 +0000 (10:31 +0000)]
Merge remote-tracking branch 'ilja/fix_tagpolicy_to_also_work_on_updates' into develop
FloatingGhost [Fri, 9 Dec 2022 10:24:38 +0000 (10:24 +0000)]
mix format
ilja [Thu, 8 Dec 2022 22:12:27 +0000 (23:12 +0100)]
Fix MRF policies to also work with Update
Objects who got updated would just pass through several of the MRF policies, undoing moderation in some situations.
In the relevant cases we now check not only for Create activities, but also Update activities.
I checked which ones checked explicitly on type Create using `grep '"type" => "Create"' lib/pleroma/web/activity_pub/mrf/*`.
The following from that list have not been changed:
* lib/pleroma/web/activity_pub/mrf/follow_bot_policy.ex
* Not relevant for moderation
* lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
* Already had a test for Update
* lib/pleroma/web/activity_pub/mrf/object_age_policy.ex
* In practice only relevant when fetching old objects (e.g. through Like or Announce). These are always wrapped in a Create.
* lib/pleroma/web/activity_pub/mrf/reject_non_public.ex
* We don't allow changing scope with Update, so not relevant here
ilja [Thu, 8 Dec 2022 20:53:42 +0000 (21:53 +0100)]
Fix tagpolicy to also work with Update
Objects who got updated would just pass the TagPolicy, undoing the moderation that was set in place for the Actor.
Now we check not only for Create activities, but also Update activities.
floatingghost [Thu, 8 Dec 2022 18:40:45 +0000 (18:40 +0000)]
Merge pull request 'Add YAML issue templates for bug and feat' (#353) from sfr/akkoma:issue-template into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/353
Sol Fisher Romanoff [Thu, 8 Dec 2022 16:07:24 +0000 (18:07 +0200)]
Add YAML issue templates for bug and feat
floatingghost [Wed, 7 Dec 2022 22:37:23 +0000 (22:37 +0000)]
Update 'ISSUE_TEMPLATE.md'
floatingghost [Wed, 7 Dec 2022 22:27:00 +0000 (22:27 +0000)]
Add issue template
FloatingGhost [Wed, 7 Dec 2022 15:39:19 +0000 (15:39 +0000)]
Add misskey markdown to format suggestions
Fixes #345
FloatingGhost [Wed, 7 Dec 2022 13:41:12 +0000 (13:41 +0000)]
Add check for null reply_to_user
FloatingGhost [Wed, 7 Dec 2022 13:35:00 +0000 (13:35 +0000)]
Redirect to standard FE if logged in
FloatingGhost [Wed, 7 Dec 2022 11:45:53 +0000 (11:45 +0000)]
Document custom.css
FloatingGhost [Wed, 7 Dec 2022 11:41:24 +0000 (11:41 +0000)]
GOOGLE
sfr [Wed, 7 Dec 2022 11:20:53 +0000 (11:20 +0000)]
static-fe overhaul (#236)
makes static-fe look more like pleroma-fe, with the stylesheets matching pleroma-dark and pleroma-light based on `prefers-color-scheme`.
- [x] navbar
- [x] about sidebar
- [x] background image
- [x] statuses
- [x] "reply to" or "edited" tags
- [x] accounts
- [x] show more / show less
- [x] posts / with replies / media / followers / following
- [x] followers/following would require user card snippets
- [x] admin/bot indicators
- [x] attachments
- [x] nsfw attachments
- [x] fontawesome icons
- [x] clean up and sort css
- [x] add pleroma-light
- [x] replace hardcoded strings
also i forgot
- [x] repeated headers
how it looks + sneak peek at statuses:
![](https://akkoma.dev/attachments/
c0d3a025-6987-4630-8eb9-
5f4db6858359)
Co-authored-by: Sol Fisher Romanoff <sol@solfisher.com>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/236
Co-authored-by: sfr <sol@solfisher.com>
Co-committed-by: sfr <sol@solfisher.com>
floatingghost [Wed, 7 Dec 2022 11:12:34 +0000 (11:12 +0000)]
Diagnostics tasks (#348)
a bunch of ways to get query plans to help with debugging
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/348
floatingghost [Wed, 7 Dec 2022 11:07:06 +0000 (11:07 +0000)]
Merge pull request 'Small improvements to the Gentoo installation isntructions' (#335) from timorl/akkoma:i-use-gentoo-btw into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/335
ilja [Wed, 7 Dec 2022 11:05:35 +0000 (11:05 +0000)]
DOCS: backup restore improvements (#332)
Mostly add how to speed up restoration by adding activities_visibility_index later. Also some small other improvements.
This is based on what I did on a Pleroma instance. I assume the activities_visibility_index taking so long is still true for Akkoma, but can't really test because I don't have a big enough Akkoma DB yet 🙃
Co-authored-by: ilja <git@ilja.space>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/332
Reviewed-by: floatingghost <hannah@coffee-and-dreams.uk>
Co-authored-by: ilja <akkoma.dev@ilja.space>
Co-committed-by: ilja <akkoma.dev@ilja.space>
FloatingGhost [Tue, 6 Dec 2022 10:57:10 +0000 (10:57 +0000)]
Allow dashes in domain name search
FloatingGhost [Mon, 5 Dec 2022 13:47:52 +0000 (13:47 +0000)]
update default favicon
FloatingGhost [Mon, 5 Dec 2022 13:45:36 +0000 (13:45 +0000)]
Doc branding
floatingghost [Mon, 5 Dec 2022 13:39:27 +0000 (13:39 +0000)]
varnish config/docs (#342)
Co-authored-by: Mark Felder <feld@feld.me>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/342
floatingghost [Mon, 5 Dec 2022 12:58:48 +0000 (12:58 +0000)]
Remerge of hashtag following (#341)
this time with less idiot
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/341
floatingghost [Sun, 4 Dec 2022 20:04:09 +0000 (20:04 +0000)]
revert
4a94c9a31ef11f63ea71ad9c1f085c18cf8ef083
revert Add ability to follow hashtags (#336)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
floatingghost [Sun, 4 Dec 2022 18:35:04 +0000 (18:35 +0000)]
Add changelog entry for hashtag following
floatingghost [Sun, 4 Dec 2022 17:36:59 +0000 (17:36 +0000)]
Add ability to follow hashtags (#336)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/336
timorl [Sun, 4 Dec 2022 15:37:49 +0000 (16:37 +0100)]
Small improvements to the Gentoo installation isntructions
floatingghost [Sat, 3 Dec 2022 23:17:43 +0000 (23:17 +0000)]
Purge Rejected Follow requests in daily task (#334)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/334
floatingghost [Sat, 3 Dec 2022 22:24:34 +0000 (22:24 +0000)]
Merge pull request 'Manually define PATH for Arch Linux users in systemd unit' (#333) from r3g_5z/akkoma:arch-perl-modules into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/333
r3g_5z [Sat, 3 Dec 2022 19:17:54 +0000 (14:17 -0500)]
Manually define PATH for Arch Linux users in systemd unit
Signed-off-by: r3g_5z <june@girlboss.ceo>
FloatingGhost [Fri, 2 Dec 2022 12:00:56 +0000 (12:00 +0000)]
Add maskable to logo
floatingghost [Fri, 2 Dec 2022 11:13:29 +0000 (11:13 +0000)]
Merge pull request 'Add PWA config' (#329) from pwa into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/329
floatingghost [Fri, 2 Dec 2022 11:12:37 +0000 (11:12 +0000)]
Resolve follow activity from accept/reject without ID (#328)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/328
FloatingGhost [Fri, 2 Dec 2022 11:09:55 +0000 (11:09 +0000)]
still use mask
FloatingGhost [Mon, 28 Nov 2022 22:44:20 +0000 (22:44 +0000)]
Add PWA info
floatingghost [Thu, 1 Dec 2022 15:00:53 +0000 (15:00 +0000)]
Fixing up deletes a bit (#327)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/327
floatingghost [Thu, 1 Dec 2022 12:59:50 +0000 (12:59 +0000)]
Merge pull request 'docs: Remove quarantine section' (#324) from norm/akkoma:remove-quarantine into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/324
Norm [Tue, 29 Nov 2022 18:31:24 +0000 (18:31 +0000)]
docs: Remove quarantine section
Quarantining was deprecated back in 2022.08.
Also added that SimplePolicy's `reject` also prevents outbound federation to servers listed there.
floatingghost [Mon, 28 Nov 2022 13:34:54 +0000 (13:34 +0000)]
Add ability to set a default post expiry (#321)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/321
floatingghost [Sun, 27 Nov 2022 21:59:41 +0000 (21:59 +0000)]
Merge pull request 'Spin off imports into n oban jobs' (#319) from spin-off-imports into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/319
FloatingGhost [Sun, 27 Nov 2022 21:45:41 +0000 (21:45 +0000)]
Spin off imports into n oban jobs
floatingghost [Sun, 27 Nov 2022 20:56:54 +0000 (20:56 +0000)]
Merge pull request 'Delete 'installation/download-mastofe-build.sh'' (#317) from norm/akkoma:delete-download-mastofe-build.sh into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/317
Norm [Sun, 27 Nov 2022 00:27:48 +0000 (00:27 +0000)]
Delete 'installation/download-mastofe-build.sh'
AFAIK, this isn't being used anymore, and it's outdated anyways.
FloatingGhost [Sat, 26 Nov 2022 21:16:21 +0000 (21:16 +0000)]
Merge branch 'normalise-markup-by-default' into develop
FloatingGhost [Sat, 26 Nov 2022 21:15:10 +0000 (21:15 +0000)]
weirdly no, images should not have classes
floatingghost [Sat, 26 Nov 2022 21:06:20 +0000 (21:06 +0000)]
normalise markup by default (#316)
why was this _not_ default?
honestly i'm surprised pleroma hasn't exploded yet
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/316
FloatingGhost [Sat, 26 Nov 2022 21:05:04 +0000 (21:05 +0000)]
document normalizemarkup and inlinequote MRFs
FloatingGhost [Sat, 26 Nov 2022 20:52:49 +0000 (20:52 +0000)]
Add tests, changelog entry
FloatingGhost [Sat, 26 Nov 2022 20:46:08 +0000 (20:46 +0000)]
Turn on markup normalisation by default
floatingghost [Sat, 26 Nov 2022 20:45:47 +0000 (20:45 +0000)]
fix tests broken by relay defaults changing (#314)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/314
@r3g_5z@plem.sapphic.site [Sat, 26 Nov 2022 19:27:58 +0000 (19:27 +0000)]
minor-changes (#313)
Only real change here is making MRF rejects log as debug instead of info (https://akkoma.dev/AkkomaGang/akkoma/issues/234)
I don't know if it's the best way to do it, but it seems it's just MRF using this and almost always this is intended.
The rest are just minor docs changes and syncing the restricted nicknames stuff.
I compiled and ran my changes with Docker and they all work.
Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/313
Co-authored-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
@luna@f.l4.pm [Sat, 26 Nov 2022 19:22:56 +0000 (19:22 +0000)]
Add Signed Fetch Statistics (#312)
Close #304.
Notes:
- This patch was made on top of Pleroma develop, so I created a separate cachex worker for request signature actions, instead of Akkoma's instance cache. If that is a merge blocker, I can attempt to move logic around for that.
- Regarding the `has_request_signatures: true -> false` state transition: I think that is a higher level thing (resetting instance state on new instance actor key) which is separate from the changes relevant to this one.
Co-authored-by: Luna <git@l4.pm>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/312
Co-authored-by: @luna@f.l4.pm <akkoma@l4.pm>
Co-committed-by: @luna@f.l4.pm <akkoma@l4.pm>
FloatingGhost [Fri, 25 Nov 2022 15:24:39 +0000 (15:24 +0000)]
Note that openbsd needs erlang-wx
floatingghost [Fri, 25 Nov 2022 09:57:34 +0000 (09:57 +0000)]
Merge pull request 'Remove reference to city.jpg in COPYING' (#310) from norm/akkoma:copying-city-jpg into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/310
floatingghost [Fri, 25 Nov 2022 09:57:01 +0000 (09:57 +0000)]
Merge pull request 'change default allow_relay to false' (#309) from nocebo/akkoma:default-no-relay into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/309
Norm [Fri, 25 Nov 2022 07:29:50 +0000 (07:29 +0000)]
Remove reference to city.jpg in COPYING
Again forgot to remove a reference to a deleted file...
Hopefully this should be the last one.
astra akari [Fri, 25 Nov 2022 00:45:32 +0000 (00:45 +0000)]
change default allow_relay to false
relay functionality should be opt-in
floatingghost [Thu, 24 Nov 2022 12:27:16 +0000 (12:27 +0000)]
http timeout config (#307)
Ref https://meta.akkoma.dev/t/increase-timeout-on-libretranslate-request-how/156/2
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/307
ave [Thu, 24 Nov 2022 11:27:01 +0000 (11:27 +0000)]
Change follow_operation schema to use type BooleanLike (#301)
Changes follow_operation schema to use BooleanLike instead of :boolean so that strings like "0" and "1" (used by mastodon.py) can be accepted. Rest of file uses the same. For more info please see https://git.pleroma.social/pleroma/pleroma/-/issues/2999
(I'm also sending this here as I'm not hopeful about upstream not ignoring it)
Co-authored-by: ave <ave@ave.zone>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/301
Co-authored-by: ave <ave@noreply.akkoma>
Co-committed-by: ave <ave@noreply.akkoma>
floatingghost [Thu, 24 Nov 2022 11:00:50 +0000 (11:00 +0000)]
Merge pull request 'Remove reference to pleroma-fox-tan-shy.png in COPYING' (#298) from norm/akkoma:copying-remove-pleroma-tan-shy into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/298
Francis Dinh [Tue, 22 Nov 2022 18:07:34 +0000 (13:07 -0500)]
Remove reference to pleroma-fox-tan-shy.png in COPYING
Forgot to remove this in https://akkoma.dev/AkkomaGang/akkoma/pulls/285.
This image was also removed a while back.
FloatingGhost [Sun, 20 Nov 2022 22:21:56 +0000 (22:21 +0000)]
Add conversationDisplay to settings
floatingghost [Sun, 20 Nov 2022 21:53:24 +0000 (21:53 +0000)]
Merge pull request 'Additional timeline query improvements from upstream' (#291) from norm/akkoma:timeline-query-improvements into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/291
FloatingGhost [Sun, 20 Nov 2022 21:44:32 +0000 (21:44 +0000)]
Add favicon, frontend docs
@r3g_5z@plem.sapphic.site [Sun, 20 Nov 2022 21:20:06 +0000 (21:20 +0000)]
HTTP header improvements (#294)
- Drop Expect-CT
Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
- Raise HSTS to 2 years and explicitly preload
The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.
- Drop X-Download-Options
This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.
- Set base-uri to 'none'
This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.
I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.
I have not compiled my Elixr changes, but I don't see why they'd break.
Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
floatingghost [Sun, 20 Nov 2022 04:00:25 +0000 (04:00 +0000)]
Merge pull request 'Drop XSS auditor' (#292) from r3g_5z/akkoma:drop-xss-auditor into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/292
r3g_5z [Sun, 20 Nov 2022 01:40:20 +0000 (20:40 -0500)]
Drop XSS auditor
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.
Signed-off-by: r3g_5z <june@terezi.dev>
Mark Felder [Sat, 12 Nov 2022 23:05:58 +0000 (18:05 -0500)]
Add same optimized join for excluding invisible users
Mark Felder [Sat, 12 Nov 2022 22:52:37 +0000 (17:52 -0500)]
Fix reports which do not have a user
The check for deactivated users was being applied to report activities.