index
:
pleroma.git
0-cycles-rough
1570-levenshtein-distance-user-search
1668/default-disable-prometheus
1754-bio-length-stable
1918-avatar-background-header-reset
2023-06-deps-update
2061-chat-deletion
2151-conversation-stream
2168-media-preview-proxy
2232-double-delete
2298-weird-follow-issue
2307-object-activities-index-issue
2788-fix-user-timeline-when-pins-are-nil
2795-small-fix-for-elixir-1-13
3259-objects-attachments-media-background-migration
add-assets-to-static-file-constants
add/block-gptbot
akkoma/notifications-fix
akoma/deactivated-users
alexgleason-oauth-form
anti-mention-spam-mrf
arm64test
attachment-meta
auth-fetch-exception
bad_inbox_request
benchmark-fixes
birth-dates
block-behavior
blocking-use-index
bookwyrm-entities
bugfix-ccworks
bugfix/apc2s-published
bugfix/elixir-1.15
bugfix/erlang-24-format
bugfix/full-revert-media-host-validation
bugfix/inbox-misleading-warning
bugfix/inline-image-class
bugfix/mime-validation-no-list
bugfix/mix-dotgit
bugfix/non-ap_enabled-direct_follow
build-docker/feature/object-hashtags-rework
bump-elixir
bump-gettext
bump/http_signatures-0.1.1
cflags
changelog-update
chore/benchmark-dedicated-db
chore/expose-invalidation-to-adminfe
chore/tag-settings-with-reboot
chore/unhide-features
chore/update-floki-find-usage
chores/non-pipeline-cleanup
chores/our-libs-hex-releases
ci-coverage
cleanup-webfinger-xml
cleanup/ostatus-user-upgrade
cockroachdb
contrib/munin-healthcheck
csp-flash
cycles
cycles-config-url
cycles-context
cycles-ensure-plug
cycles-validator
debug-remote-ip
delete-account-fix
delete-chats-for-deleted-users
deletion-resilience
deps-update
descriptions-automatic-tabs
develop
disable-instance-preload
docker-compose
docs-asdf
docs-otp-support
docs/max-elixir-erlang
earmark
elixir-1.11-ci
elixir-1.12
elixir-1.15-otp26
email-list
embedding-search
endpoint-url
explicitly-allow-unsafe
feat/fedsocket-simplify
feat/heif-upload-filter
feat/mrf-dnsrbl
feat/user-deletion-transaction
feature/1392-support-irreversible-filters
feature/1469-webfinger-expanding
feature/1820-unify-settings
feature/1902-attachment-filename
feature/2145-installer-and-configdb-changes
feature/2295-email-mention-notification
feature/2389-adding-tabs-into-descriptions
feature/2515-admin-statuses
feature/add-subject-to-text-search
feature/compile_get
feature/config-versioning
feature/dynamic-supervisor
feature/installer
feature/mrf_auto_subject
feature/reply-filtering-mk3
feature/undo-validator
feature/update-description-for-dynamic-render
feature/user-whitelist
features/ap_c2s_proxyUrl
features/attachment_direct
features/attachment_validator
features/emoji_reactions_list
features/image-object
features/ingestion-listen
features/ingestion-unfollow
features/link-previews-disable-remote
features/mrf-id_filter
features/validators-note-2
federation_status-access
fep-fffd-url
finch
finch_everywhere
finger
fix-attachment-dimensions
fix-deprecation-text
fix-dockerfile-perms
fix-home-timeline
fix-muted-web-push
fix-object-deletion-timeout
fix-relme
fix-search-dos
fix-tags-again
fix-tests
fix-tests-warn
fix-varnish7-support
fix/1518-admin-reports-timeout
fix/1604-emoji-path
fix/1650-domain-mutes
fix/2189-remote-user-deletion
fix/2782-nodeinfo-active-users
fix/admin-api-grouped-reports-closed-reports
fix/articlenote-fixup-attachments
fix/disable-favicons-in-tests
fix/dont-expose-remote-accounts-to-search-engines
fix/epmd-loopback
fix/featured-collection-without-orderedItems-property
fix/grouped-reports-for-deprecated-format
fix/http_secury_plug
fix/mediaproxy-http-invalidation
fix/newlines-in-push-and-link-previews
fix/rich-media-test-escape-unicrud
fix/user-delete
fixyfix
flag-stuff
flash-support-csp
floki-fast_html-2-electric-boogalo
followers-export
frontend-caching
frontend-dl-task
frontend-enable
frontends/logic-flow
frontends/static
gentoo_otp
gin-speedup
gitlab-fixes
groups
gun-memory-leak
handle_object_fetch_failures
hj-develop-patch-68148-maintainers
ilja_simple_policy_reasons_for_instance_specific_policies
image-description-summary
inbox-latency
inner-joins
instance-deletion
instance-nodeinfo-metadata
instance-view-recompilation
integration/alex.s/gun
issue/1469
issue/1969
issue/2190
issue/2205
issue/2315-poll-notify
live-dashboard
log-slow-queries
logger-metadata
maint/niou-curses
make-hashtags-fast-again
manifest
matrix
matrix-explorations
media-mime-filter
media-preview-proxy
message-debug-mode
moderators
mongoose-im-deactivated-users
more-efficient-ci
mrf-hashtag-default
mrf-tuples-fix
namespace-move-notification
new_users_digest
no-ci-base
no_new_privs
note-update
notice-routes
nsfw-api-mrf
object-flake
object-id-column
operation-warpsneed
phoenix1.7
pipeline-local-create
pleroma-fe-2020-05-01-c67e9daf
pleroma-meilisearch
poll-notification-fixes
previewcard-get.remove
previewcard-void-fill
prometheus-docs
quote-post
rate-limiter-compile-time-and-runtime-settings-mix-with-increased-complexity
refactor/fe-bundles
refactor/start-restart-pleroma
refactor/uploads
relay-list-change-for-stable
release/1.0
release/1.0.1
release/1.0.2
release/1.0.3
release/1.0.4
release/1.0.5
release/1.0.6
release/2.2.3
release/2.4.2
release/2.5.1
release/2.5.2
release/2.6.0
remote-follow-auth-fix
remove-scrobbles
request-logger
revert-6dd1575c
revert/attachment-cleanup
rich-media
rich-media-db
shrink-ci
simplePolicy_reasons_for_instance_specific_policies
stable
status-view
store-ip
systemd-template-unit
telemtry
test-speedup
test-warnings
test/buildperf
test_cleanup
testfix/system-config-use
tests/openapi-oauth
thumbnail-proxy
tusooa/2810-punycode-mention
tusooa/3018-unified-stream
tusooa/3054-banned-delete
tusooa/3065-scopes
tusooa/3154-attachment-type-check
tusooa/3205-group-actor
tusooa/extract-fix
tusooa/media-altdomain
tusooa/quote
unused_indexes
update-deps
upgrade/crypt
use-shared-inbox-test
use-system-time
userfeed-fe-fallback
v2-suggestions
varnish-fix-changelog
vips
warnings-as-errors
webfinger-spoofing
weblate
weblate-extract
youtube-fix
Lightweight fediverse server
Robby Zambito
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
lib
/
pleroma
/
plugs
/
http_security_plug.ex
Age
Commit message (
Expand
)
Author
2020-10-13
moving plugs into web dir
Alexander Strizhakov
2020-07-12
MediaProxy whitelist setting now supports hosts with scheme
Alexander Strizhakov
2020-07-09
Use the Pleroma.Config alias
Mark Felder
2020-07-06
IO list, not concatenation
Mark Felder
2020-07-06
Simplify the logic
Mark Felder
2020-07-05
Ensure all CSP parameters for remote hosts have a scheme
Mark Felder
2020-07-03
Rename function and clarify that CSP is only strict with MediaProxy enabled
Mark Felder
2020-07-03
Add Captcha endpoint to CSP headers when MediaProxy is enabled.
Mark Felder
2020-06-11
Check for media proxy base_url, not Upload base_url
Mark Felder
2020-06-10
HTTP security plug: add media proxy base url host to csp
rinpatch
2020-05-29
Merge branch 'bugfix/csp-unproxied' into 'develop'
rinpatch
2020-05-29
Apply suggestion to lib/pleroma/plugs/http_security_plug.ex
rinpatch
2020-05-29
Add blob: to connect-src CSP
Alex Gleason
2020-05-29
http_security_plug.ex: Fix non-proxied media
Haelwenn (lanodan) Monnier
2020-05-29
HTTP Security plug: make starting csp string generation more readable
rinpatch
2020-05-27
HTTP security plug: Harden img-src and media-src when MediaProxy is enabled
rinpatch
2020-05-27
HTTP Security plug: rewrite &csp_string/0
rinpatch
2020-04-26
Let blob: pass CSP
Alex Gleason
2020-03-02
Bump copyright years of files changed after 2020-01-07
Haelwenn (lanodan) Monnier
2020-01-30
Update http_security_plug.ex
feld
2020-01-29
Fix credo warning
Egor Kislitsyn
2020-01-29
Make the warning more scarier
Egor Kislitsyn
2020-01-28
Warn if HTTPSecurityPlug is disabled
Egor Kislitsyn
2019-06-06
Replace Mix.env with Pleroma.Config.get(:env)
rinpatch
2019-05-16
add report uri and report to
Alex S
2019-05-03
Standardize construction of websocket URL
feld
2019-03-05
Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src
Haelwenn (lanodan) Monnier
2019-02-12
Plugs.HTTPSecurityPlug: Add webpacker to connect-src
Haelwenn (lanodan) Monnier
2019-02-12
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
Haelwenn (lanodan) Monnier
2019-02-12
Use url[:scheme] instead of protocol to determine if https is enabled
shibayashi
2018-12-31
update copyright years to 2019
William Pitcock
2018-12-23
add license boilerplate to pleroma core
William Pitcock
2018-12-09
fix compile warnings
Maksim Pechnikov
2018-11-26
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is...
Haelwenn (lanodan) Monnier
2018-11-26
Add manifest-src to allow manifest.json
shibayashi
2018-11-16
http security: remove form-action from CSP definitions
William Pitcock
2018-11-12
http security: allow referrer-policy to be configured
William Pitcock
2018-11-12
rename CSPPlug to HTTPSecurityPlug.
William Pitcock
