5df4d420de
Whitelist object types in the index query
...
Select the outbox object types that we want to show on the notes page
instead of removing objects that we don't want to show.
That way, it's easier to ensure that there are no objects messing up the
object count/empty checks.
Partially fixes https://todo.sr.ht/~tsileo/microblog.pub/65
2022-11-30 14:10:28 +01:00
46a592b11e
Switch back to HTTP1 for the media proxy client
2022-11-30 12:26:31 +01:00
5f0b8f5dfd
Tweak media proxy client
2022-11-28 20:58:16 +01:00
e30e0de10e
No more HTTP sig check on the actor profile
2022-11-27 11:36:15 +01:00
4c6eb51ae2
Proper mf2 for replies
2022-11-20 11:12:34 +01:00
d36102255f
Merge branch 'v2' into indieweb-merge-part2
2022-11-20 10:48:43 +01:00
ef4608f348
Switch back the proxy client to HTTP2 mode
2022-11-20 09:49:19 +01:00
822280c280
Tweak proxy client (increased timeout, no more HTTP2)
2022-11-19 08:32:44 +01:00
9d312bc229
Fix typing
2022-11-19 08:15:36 +01:00
b37b77ad34
Make local actor icon optional
...
If a remote actor has no icon, we show our local default icon.
If we have no icon, we should allow remote instances to show their
default icon, instead of sending ours.
2022-11-19 08:12:49 +01:00
9ee3f3b971
More progess on webmention replies
2022-11-19 08:12:33 +01:00
120f92a9ed
Display Webmention as replies when applicable
2022-11-18 20:20:58 +01:00
434fd98cd9
Merge IndieWeb likes/reposts with their AP counterpart
2022-11-17 21:03:24 +01:00
89c90fba56
Start to merge IndieWeb and AP interactions
2022-11-17 09:18:06 +01:00
0c5ce67d4e
Tweak remote instance redirection
2022-11-13 17:37:19 +01:00
9db7bdf0fb
remote follow: use HTML redirect to work around CSP issue
...
In Chrome, I get the following when trying to use the remote follow form:
Refused to send form data to 'https://example.com/remote_follow '
because it violates the following Content Security Policy directive:
"form-action 'self'".
It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint. See:
https://github.com/w3c/webappsec-csp/issues/8
In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
62c9327500
Add support for setting a custom CSP
2022-11-09 21:26:43 +01:00
a4cfd65009
Sign media URLs to avoid becoming an open proxy
...
Signatures are valid for ~1 week.
2022-11-04 19:36:26 +01:00
242bf7b515
fixup! Fix URL generation when not at domain root
...
Oops -- missed these two! Sorry for the noise; let me know if you'd
like me to squash and resubmit.
2022-11-04 19:22:30 +01:00
32692a7dcd
First shot at supporting custom handler
2022-11-02 08:51:21 +01:00
3d049da2e5
Add slug support for Article
2022-10-30 17:50:59 +01:00
c8a9793638
Make hashtag case insensitive
2022-10-05 20:27:21 +02:00
6216b316e8
Add remote interaction button
2022-09-23 20:09:05 +02:00
4c86cd4be3
Always show followers/following page when admin
2022-09-13 22:33:20 +02:00
b2f268682c
New config item to hide followers/following
2022-09-13 21:03:35 +02:00
5f20eab3f1
More work towards support moving/deleting instance
2022-09-01 20:42:20 +02:00
c740813b57
Ensure pinned posts appear on front page before others
2022-08-31 08:19:47 +02:00
db8f0cb141
Harden the CSP a bit for values that don't inherit default-src. Set Permissions-Policy. Remove TODO
2022-08-30 08:21:11 +02:00
ebdba62a06
No more inline CSS
2022-08-29 21:42:54 +02:00
a02c8cf0bb
Fix NGINX setup instructions
2022-08-29 19:28:54 +02:00
ee5265f4dd
Small tweaks/typos
2022-08-29 09:09:28 +02:00
87f035d298
HTML error page
2022-08-28 17:36:58 +02:00
4e445a7207
Prevent replay attacks with TLS1.3 0-RTT
2022-08-26 23:35:58 +02:00
40c4a4413d
Tweak media proxy error
2022-08-26 22:04:38 +02:00
88cb82c9bb
Improve static assets caching
2022-08-26 20:26:41 +02:00
edf9e28ed1
Tweak cache size
2022-08-26 18:58:21 +02:00
84203fc66e
More webp support
2022-08-26 09:28:00 +02:00
53a31ae562
Webp support
2022-08-26 08:48:14 +02:00
953a6c3b91
Fix empty tag page
2022-08-24 20:52:15 +02:00
601313cf65
Yunohost config utils
2022-08-21 15:40:25 +02:00
6b670c74cf
Tweak logger
2022-08-21 09:42:28 +02:00
e16dbb4590
Enable CORS for the webfinger endpoint
2022-08-21 09:36:03 +02:00
691ad500c6
Tweak logging
2022-08-20 09:11:48 +02:00
d3b7f6ccbb
Template fixes
2022-08-18 20:53:51 +02:00
2d28ca3614
Cleanup inbox processing
2022-08-18 20:21:28 +02:00
02c09f2363
Add support for Move activity
2022-08-16 22:15:05 +02:00
d1b4bd0181
Improve lookup and handle visibility in threads
2022-08-15 21:34:57 +02:00
c711096262
Allow to interact with objects via lookup
2022-08-15 12:49:07 +02:00
d381bb3fec
Improve actor-level blocking
2022-08-15 10:50:13 +02:00
51bfc4bd30
Various tweaks about AP types
2022-08-13 22:37:44 +02:00
