cybrespace/mastodon
4
3
Fork 3
Code Issues 7 Pull requests Releases Activity
mastodon/config
History
Ben Lubar 13e049d772 Allow cross-origin requests to /.well-known/* URLs. (#9083) 
Right now, this includes three endpoints: host-meta, webfinger, and change-password.

host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser.

change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled.

The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.
2018-10-25 03:13:35 +02:00
..
environments Fix missing protocol in dns-prefetch, improve code style (#8963) 2018-10-12 02:19:10 +02:00
initializers Allow cross-origin requests to /.well-known/* URLs. (#9083) 2018-10-25 03:13:35 +02:00
locales Add consistent interpolations check to CircleCI (#9072) 2018-10-25 01:17:01 +02:00
webpack Improve production build config (#8899) 2018-10-06 15:12:05 +09:00
application.rb Add Czech language option and locale data (#8594) 2018-09-05 08:50:06 +09:00
boot.rb Lint pass (#8876) 2018-10-04 12:36:53 +02:00
brakeman.ignore Add animate custom emoji param to embed pages (#8507) 2018-08-30 23:14:01 +02:00
database.yml use-DB_NAME-in-development (#5430) 2017-10-17 11:45:37 +02:00
deploy.rb Update dependencies for Ruby (2018-04-23) (#7237) 2018-04-23 11:29:17 +02:00
environment.rb Make PreviewCard records reuseable between statuses (#4642) 2017-09-01 16:20:16 +02:00
i18n-tasks.yml Revert #6479, hide sensitive text/images from OpenGraph previews (#6818) 2018-03-18 20:33:07 +01:00
navigation.rb Revert Font Awesome 5 upgrade (#8810) 2018-09-28 02:11:14 +02:00
puma.rb lint pass 2 (#8878) 2018-10-04 17:38:04 +02:00
routes.rb Add unread indicator to conversations (#9009) 2018-10-19 01:47:29 +02:00
secrets.yml
settings.yml Add a new preference to always hide all media (#8569) 2018-09-25 05:09:35 +02:00
sidekiq.yml Track historical space stats in PgHero to determine PostgreSQL growth (#8906) 2018-10-09 19:35:14 +02:00
themes.yml More polished light theme (#7620) 2018-05-25 18:36:26 +02:00
webpacker.yml Fix building assets in test environment (#8691) 2018-09-13 15:18:47 +02:00