ThibG
aa80292170
Improve streaming server security ( #10818 )
...
* Check OAuth token scopes in the streaming API
* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token
Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:23:38 +02:00
ThibG
130fbf839b
Fix possible race condition when processing statuses ( #10815 )
2019-05-24 15:23:38 +02:00
ThibG
39d1d022de
Move signature verification stoplight to the requests themselves ( #10813 )
...
* Move signature verification stoplight to the requests themselves
This avoids blocking messages from known keys for 5 minutes when only one fails…
* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-24 15:23:38 +02:00
ThibG
9a881c70e2
Retry ActivityPub inbox delivery on HTTP 401 and 408 errors ( #10812 )
...
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.
Also added HTTP 408 as that error is by nature temporary.
2019-05-24 15:23:38 +02:00
ThibG
d63c3c0cef
Improve streaming server security ( #10818 )
...
* Check OAuth token scopes in the streaming API
* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token
Inspired by https://github.com/kubevirt/kubevirt/issues/1242
2019-05-24 15:21:42 +02:00
Eugen Rochko
84dc21d55d
Various improvements to single column layout ( #10809 )
...
- Add potential side panels to single column layout
- Hide FAB on large screens
2019-05-23 20:01:10 +02:00
ThibG
9a5561a5b8
Fix possible race condition when processing statuses ( #10815 )
2019-05-23 20:00:39 +02:00
ThibG
89d600bedb
Move signature verification stoplight to the requests themselves ( #10813 )
...
* Move signature verification stoplight to the requests themselves
This avoids blocking messages from known keys for 5 minutes when only one fails…
* Put the stoplight on the actual client IP, not a potential reverse proxy
2019-05-23 15:22:39 +02:00
Yamagishi Kazutoshi
369eb63321
Add sponsor button to GitHub web UI ( #10814 )
...
- https://help.github.com/en/articles/displaying-a-sponsor-button-in-your-repository
2019-05-23 15:00:54 +02:00
ThibG
9efcca3c54
Retry ActivityPub inbox delivery on HTTP 401 and 408 errors ( #10812 )
...
HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.
Also added HTTP 408 as that error is by nature temporary.
2019-05-23 15:00:30 +02:00
Eugen Rochko
9ddeb30f90
Add forceSingleColumn
prop to <UI />
( #10807 )
...
* Move TabsBar rendering logic from CSS to the ColumnsArea component
* Add forceSingleColumn mode
* Add unread notifications counter to tabs bar
* Add toggle to control `forceSingleColumn`
* Increase paddings in mobile layout responsively at large sizes
2019-05-23 01:35:22 +02:00
abcang
ca6c93a2f5
Migrate from uws to cws ( #10805 )
2019-05-22 18:19:16 +02:00
nzws
8a378d4c3d
Fix stacking order of emoji picker ( #10801 )
2019-05-22 18:00:34 +02:00
dependabot[bot]
ce8de3a6e5
Bump aws-sdk-s3 from 1.39.0 to 1.40.0 ( #10803 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.39.0...v1.40.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-22 22:31:05 +09:00
dependabot[bot]
bc23de458e
Bump rubocop from 0.69.0 to 0.70.0 ( #10802 )
...
Bumps [rubocop](https://github.com/rubocop-hq/rubocop ) from 0.69.0 to 0.70.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases )
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.69.0...v0.70.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-22 22:09:10 +09:00
dxwc
ee0e68e97a
i18n: Complete frontend Bengali translation ( #10800 )
...
* i18n: Complete frontend Bengali translation
* run yarn manage:translations
2019-05-22 10:00:58 +09:00
trwnh
e3b39ea4a4
Update remote bio test from 160 to 500 ( #10799 )
2019-05-21 13:29:06 +02:00
Paul Woolcock
0c933c1b8c
Add account_id
param to GET /api/v1/notifications
( #10796 )
...
* Add `from_account` to notifications API
this adds the ability to filter notifications by the account they
originated from
* passing a non-existent user should cause none to be returned
* Fix codeclimate warnings
* fix more codeclimate warnings
* make requested changes:
* use account id instead of user@domain
* name the param `account_id` instead of `from_account`
* Don't use `return` in a lambda
2019-05-21 13:28:49 +02:00
dependabot[bot]
4d65740663
Bump httplog from 1.2.2 to 1.3.0 ( #10795 )
...
Bumps [httplog](https://github.com/trusche/httplog ) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/trusche/httplog/releases )
- [Changelog](https://github.com/trusche/httplog/blob/master/CHANGELOG.md )
- [Commits](https://github.com/trusche/httplog/commits/v1.3.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-21 15:41:15 +09:00
Marek Ľach
f261dadefa
Update sk.yml ( #10788 )
...
* Update sk.yml
* Update sk.yml
* Update sk.yml
* Update sk.yml
* Update sk.yml
* Update sk.yml
* normalize
2019-05-20 15:42:19 +09:00
dependabot[bot]
77e2b68b66
Bump lograge from 0.11.0 to 0.11.1 ( #10793 )
...
Bumps [lograge](https://github.com/roidrage/lograge ) from 0.11.0 to 0.11.1.
- [Release notes](https://github.com/roidrage/lograge/releases )
- [Changelog](https://github.com/roidrage/lograge/blob/master/CHANGELOG.md )
- [Commits](https://github.com/roidrage/lograge/compare/v0.11.0...v0.11.1 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-20 15:19:56 +09:00
dependabot[bot]
ace6bd3570
Bump capybara from 3.20.0 to 3.20.2 ( #10794 )
...
Bumps [capybara](https://github.com/teamcapybara/capybara ) from 3.20.0 to 3.20.2.
- [Release notes](https://github.com/teamcapybara/capybara/releases )
- [Changelog](https://github.com/teamcapybara/capybara/blob/master/History.md )
- [Commits](https://github.com/teamcapybara/capybara/compare/3.20.0...3.20.2 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-20 15:18:28 +09:00
trwnh
a6caf919e2
Change bio limit from 160 to 500 ( #10790 )
...
* Change note_length validator from 160 to 500
* Change input maxlength from 160 to 500
* update bio test from 160 to 500
* Multiply a string 30 times instead of 10
2019-05-19 22:51:44 +02:00
Eugen Rochko
370ec7e771
Bump version to 2.8.3
2019-05-19 22:35:49 +02:00
ThibG
9222c26e19
Fix “invited by” not showing up for invited accounts in admin interface ( #10791 )
2019-05-19 22:32:25 +02:00
Hinaloe
94439a1da7
fix isSubmitting
prop case ( #10785 )
2019-05-19 22:32:14 +02:00
ThibG
ae18386558
Fix “invited by” not showing up for invited accounts in admin interface ( #10791 )
2019-05-19 21:40:36 +02:00
Marek Ľach
37a04c329c
sk.yml grammar update ( #10786 )
...
* sk.yml grammar update
* bundle exec i18n-tasks normalize
2019-05-20 02:27:32 +09:00
Hinaloe
bb9d7fad9f
fix isSubmitting
prop case ( #10785 )
2019-05-19 18:41:41 +02:00
ThibG
a6815a7578
Add post-deployment migration script to delete public-boosts-of-private-toots ( #10783 )
2019-05-19 16:27:11 +02:00
Ben Lubar
d587a943a5
add og:image:alt for media attachments in embeds ( #10779 )
2019-05-19 16:26:00 +02:00
ThibG
3c27687a6e
Prevent from publicly boosting one's own private toots ( #10775 )
2019-05-19 16:25:40 +02:00
ThibG
ee17d81b8a
Minor performance improvements and cleanup in formatter ( #10765 )
2019-05-19 16:25:39 +02:00
Neil Moore
9e95af3391
Adds click-able div that expands status ( #10733 ) ( #10766 )
...
The clickable div is positioned under the account avatar and covers
all empty space below it to the end of the status.
2019-05-19 16:25:20 +02:00
nzws
91e25a20ce
Fix some colors in light theme ( #10754 )
...
* Fix typo in light theme
* Fix background color of empty column
2019-05-19 16:25:20 +02:00
ThibG
47e0928c5b
Change icon and label depending on whether media is marked as sensitive ( #10748 )
...
* Change icon and label depending on whether media is marked as sensitive
* WiP use a checkbox
2019-05-19 16:25:20 +02:00
Maciek Baron
c407a4edf8
Improve poll link accessibility ( #10720 )
...
* Add distinction between hover and active/focus states
* Resolves #10198
2019-05-19 16:25:20 +02:00
Jeong Arm
7a6464bea0
Bring back crossed eye icon on gallery ( #10715 )
2019-05-19 16:25:20 +02:00
nzws
9679ec4fcb
Fix some colors of high contrast theme ( #10711 )
...
* Fix "nothing here" text color of high contrast
* Fix counter border color of high contrast
2019-05-19 16:25:20 +02:00
ThibG
b40dfc124b
Add description on hover in media gallery ( #10713 )
2019-05-19 16:25:20 +02:00
Marek Ľach
692e7cea2a
Small corrections for sk translation ( #10784 )
2019-05-19 22:42:10 +09:00
ThibG
4edf5213dc
Add post-deployment migration script to delete public-boosts-of-private-toots ( #10783 )
2019-05-19 13:49:31 +02:00
Shlee
ab829d4aa8
Upgrade redis in docker-compose.yml from 4 to 5 ( #9063 )
2019-05-19 11:29:26 +02:00
Aditoo17
5ff06af2d2
I18n: Update Czech translation ( #10781 )
2019-05-19 14:39:16 +09:00
Ben Lubar
2f3e4a64be
add og:image:alt for media attachments in embeds ( #10779 )
2019-05-18 20:57:45 +02:00
Eugen Rochko
6fe474837c
Change poll options to alphabetic letters when status text is hidden ( #10685 )
...
Fix #10569
2019-05-18 14:41:16 +02:00
Yusuke Nakamura
2c12620adb
Remove 'Weblate' from CONTRIBUTING.md ( #10778 )
...
The mastodon project no longer used weblate to translate UI
sentences. (ref #10385 )
2019-05-18 14:40:55 +02:00
ThibG
a1519a8ef5
Prevent from publicly boosting one's own private toots ( #10775 )
2019-05-18 00:28:51 +02:00
dependabot[bot]
e976a9dfbd
Bump aws-sdk-s3 from 1.38.0 to 1.39.0 ( #10773 )
...
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby ) from 1.38.0 to 1.39.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases )
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/v1.38.0...v1.39.0 )
Signed-off-by: dependabot[bot] <support@dependabot.com>
2019-05-17 15:23:21 +09:00
Alix Rossi
520cfde793
i18n: Update Corsican translation ( #10770 )
...
* i18n: update Corsican translation
* Fix typo in co.yml
2019-05-17 06:32:46 +02:00