Commit Graph

35 Commits

Author SHA1 Message Date
feld
48f7e12e6c Merge branch 'ostatus-controller-no-auth-check-on-non-federating-instances' into 'develop'
OStatus / Static FE access control fixes

See merge request pleroma/pleroma!3053
2020-11-05 16:23:56 +03:00
Alexander Strizhakov
c6baa811d6
EnsureAuthenticatedPlug module name 2020-10-13 16:43:57 +03:00
Alexander Strizhakov
8c993c5f63
FederatingPlug module name 2020-10-13 16:43:55 +03:00
Egor Kislitsyn
317e2b8d61
Use atoms as keys in ActivityPub.fetch_* functions options 2020-06-04 21:36:26 +04:00
Ivan Tashkinov
2c4844237f Refactoring of :if_func / :unless_func plug options (general availability). Added tests for Pleroma.Web.Plug. 2020-04-30 18:19:51 +03:00
Egor Kislitsyn
5a34dca8ed
Add emoji support in statuses in staticfe 2020-03-23 14:03:31 +04:00
Haelwenn (lanodan) Monnier
8176ca9e40 static_fe: Sanitize HTML in users 2020-03-15 20:44:04 +01:00
Haelwenn (lanodan) Monnier
0ac6e29654 static_fe: Sanitize HTML in posts
Note: Seems to have different sanitization with TwitterCard generator giving
the following:

<meta content=\"“alert(&#39;xss&#39;)”\" property=\"twitter:description\">
2020-03-15 20:44:04 +01:00
Ivan Tashkinov
5b696a8ac1 [#1560] Enforced authentication for non-federating instances in StaticFEController. 2020-03-11 14:05:56 +03:00
Mark Felder
05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
Phil Hagelberg
3c60adbc1f Support redirecting by activity UUID in static FE as well. 2019-11-13 08:22:11 -08:00
Phil Hagelberg
0867cb083e Support redirecting by object ID in static FE.
This matches the behavior of pleroma-fe better.

Fixes #1412.
2019-11-13 08:02:02 -08:00
Phil Hagelberg
62f3a93049 For remote notices, redirect to the original instead of 404.
We shouldn't treat these like local statuses, but I don't think a 404
is the right choice either here, because within pleroma-fe, these are
valid URLs. So with remote notices you have the awkward situation
where clicking a link will behave differently depending on whether you
open it in a new tab or not; the new tab will 404 if it hits static-fe.

This new redirecting behavior should improve that situation.
2019-11-12 09:40:29 -08:00
Phil Hagelberg
ef7c3bdc7a Add some further test cases.
Including like ... private visibility, cos that's super important.
2019-11-09 18:08:45 -08:00
Phil Hagelberg
4729027f91 Prevent non-local notices from rendering. 2019-11-09 18:08:45 -08:00
Phil Hagelberg
b0080fa730 Render errors in HTML, not with JS. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
bfd5d79826 Include metadata in static FE conversations and profiles. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
828259fb65 Catch 404s. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
df2f59be91 Pagination for user profiles. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
8969c5522d Make many of the improvements suggested in review. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
dc3b87d153 Move static FE routing into its own plug.
Previously it was piggybacking on FallbackRedirectController for users
and OStatusController for notices; now it's all in one place.
2019-11-09 18:08:08 -08:00
Phil Hagelberg
c6c706161e Make sure notice link is remote if the post is remote. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
274cc18e8a Visually separate header. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
2ac1ece652 Fix a bug where reblogs were displayed under the wrong user. 2019-11-09 18:08:08 -08:00
Phil Hagelberg
e4b9784c39 Show counts for replies, likes, and announces for selected notice.
Using text instead of an icon, for now.
2019-11-09 18:07:50 -08:00
Phil Hagelberg
918e1353f6 Add header to profile/notice pages linking to pleroma-fe. 2019-11-09 18:07:50 -08:00
Phil Hagelberg
33a26b61c3 Remove activity/user representer; move logic to controller. 2019-11-09 18:07:50 -08:00
Phil Hagelberg
41fde63def Get rid of @data in views and use separate fields. 2019-11-09 18:07:50 -08:00
Phil Hagelberg
2d1897e8a7 Apply all suggested changes from reviewers. 2019-11-09 18:07:50 -08:00
Phil Hagelberg
cc1b07132f Notices should show entire thread from context. 2019-11-09 18:07:08 -08:00
Phil Hagelberg
e79d8985ab Don't show 404 in static-fe controller unless it's actually not found. 2019-11-09 18:06:51 -08:00
William Pitcock
2b5bd5236d static fe: add user profile rendering 2019-11-09 18:06:51 -08:00
William Pitcock
8f08da750a static fe: use a generic activity representer to render activities 2019-11-09 18:06:51 -08:00
William Pitcock
ff8d0902f3 static fe: formatting 2019-11-09 18:06:51 -08:00
William Pitcock
a4d3a8ec03 static fe: proof of concept 2019-11-09 18:06:51 -08:00