Skip to content
Snippets Groups Projects
Select Git revision
  • mathstodon-4.3.6
  • mathstodon-4.3.x
  • mathstodon-4.2.15
  • mathstodon-4.2.10
  • mathstodon-4.2.7
  • mathstodon-4.2.6
  • v4.2.5
  • v4.2.2
  • mathstodon-4.2.5
  • mathstodon-4.2
  • mathstodon-4.1
  • mastodon-4.1.3
  • v4.1.3
  • v4.1.0-diff
  • mathstodon-4.1.0
  • mastodon-v4.1.0
  • main default protected
  • v4.0.2
  • mathstodon-4.0.2
  • mathstodon-3.5.3
  • v4.0.0rc3
  • v4.0.0rc2
  • v4.0.0rc1
  • v3.5.3
  • v3.4.8
  • v3.5.2
  • v3.5.1
  • v3.4.7
  • v3.3.3
  • v3.5.0
  • v3.5.0rc3
  • v3.5.0rc2
  • v3.5.0rc1
  • v3.4.6
  • v3.3.2
  • v3.3.1
  • v3.4.5
  • v3.4.4
  • v3.4.3
  • v3.4.2
40 results
Search by author
  • Any Author
  • Pierre Boudes Pierre Boudes boudes
1 author
  1. Nov 18, 2021
  3. Nov 17, 2021
  5. Nov 16, 2021
    • Eugen Rochko's avatar
      Add manual GitHub Actions runs (#17000) · f603de1f
      Eugen Rochko authored
      f603de1f
    • Claire's avatar
      Fix upload of remote media with OpenStack Swift sometimes failing (#16998) · 48f8658d
      Claire authored 
      Under certain conditions, files fetched from remotes trigger an error when
being uploaded using OpenStack Swift. This is because in some cases, the
remote server will not return a content-length, so our ResponseWithLimitAdapter
will hold a `nil` value for `#size`, which will lead to an invalid value
for the Content-Length header of the Swift API call.

This commit fixes that by taking the size from the actually-downloaded file
size rather than the upstream-provided Content-Length header value.
      48f8658d
  7. Nov 14, 2021
  9. Nov 13, 2021
  11. Nov 12, 2021
  13. Nov 11, 2021
  15. Nov 06, 2021
  17. Nov 05, 2021
    • Claire's avatar
      Fix reviving revoked sessions and invalidating login (#16943) · 6da135a4
      Claire authored 
      Up until now, we have used Devise's Rememberable mechanism to re-log users
after the end of their browser sessions. This mechanism relies on a signed
cookie containing a token. That token was stored on the user's record,
meaning it was shared across all logged in browsers, meaning truly revoking
a browser's ability to auto-log-in involves revoking the token itself, and
revoking access from *all* logged-in browsers.

We had a session mechanism that dynamically checks whether a user's session
has been disabled, and would log out the user if so. However, this would only
clear a session being actively used, and a new one could be respawned with
the `remember_user_token` cookie.

In practice, this caused two issues:
- sessions could be revived after being closed from /auth/edit (security issue)
- auto-log-in would be disabled for *all* browsers after logging out from one
  of them

This PR removes the `remember_token` mechanism and treats the `_session_id`
cookie/token as a browser-specific `remember_token`, fixing both issues.
      6da135a4
    • Claire's avatar
      Fix AccountNote not having a maximum length (#16942) · 87085a51
      Claire authored
      87085a51
    • Eugen Rochko's avatar
      Add support for structured data and more OpenGraph tags to link cards (#16938) · 39cdf61a
      Eugen Rochko authored 
      Save preview cards under their canonical URL

Increase max redirects to follow from 2 to 3
      39cdf61a
    • Claire's avatar
      Fix handling announcements with links (#16941) · 989c67d2
      Claire authored 
      Broken since #15827
      989c67d2
  19. Nov 04, 2021