* Revert "Fix image and media loading when using external storage server"
This reverts commit 6cfa0245ca.
* Revert "Change glitch-soc's CSP config to match upstream's closer (#2474)"
This reverts commit d59196e170.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Upstream changed how asset host CSP directives are used, and glitch-soc has
a pretty different CSP file.
It may be worth reconsidering the differences between upstream and glitch-soc
but for now, just port the change.
Conflicts:
- `config/environments/production.rb`:
Upstream enforced a code style change and glitch-soc had a few different lines.
Applied upstream's code style to glitch-soc's changes.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Upstream added some code to add the Identity Provider's sign-in endpoint to
the `form-action` Content Security Policy directive but our version of the
file is pretty different.
Ported the change.
Conflicts:
- `app/models/account.rb`:
Upstream added new validations close to lines on which glitch-soc had
modified validations to handle custom limits set through environment
variables.
Ported upstream changes.
- `config/initializers/content_security_policy.rb`:
Upstream added `AZURE_ALIAS_HOST`. Glitch-soc's version of the file is
completely different.
Added `AZURE_ALIAS_HOST` to our version of the file.
Conflicts:
- `db/migrate/20180831171112_create_bookmarks.rb`:
Upstream ran a lint fix on this file, but this file is different in
glitch-soc because the feature was added much earlier.
Ran the lint fix on our own version of the file.
Conflicts:
- `config/initializers/content_security_policy.rb`:
Our config file is pretty different from upstream.
Upstream changed CSP directive `script-src` to include
`wasm-unsafe-eval` instead of `unsafe-eval`, which we
did not include.
Added `wasm-unsafe-eval` to `script-src` to fix
execution of the OCR web worker.
- `package.json`:
Upstream updated a dependency (`array-includes`) textually
adjacent to a glitch-soc-only dependency (`atrament`).
Updated `array-includes` as upstream did.
Conflicts:
- `README.md`:
Upstream updated copyright year, we don't mention it so kept our version.
- `app/controllers/admin/dashboard_controller.rb`:
Not really a conflict, upstream change (removing the spam checker) too close
to glitch-soc changes. Ported upstream changes.
- `app/models/form/admin_settings.rb`:
Same.
- `app/services/remove_status_service.rb`:
Same.
- `app/views/admin/settings/edit.html.haml`:
Same.
- `config/settings.yml`:
Same.
- `config/environments/production.rb`:
Not a real conflict, upstream added a default HTTP header, but we have
extra headers in glitch-soc.
Added the header.
* Update devise-two-factor to unreleased fork for Rails 6 support
Update tests to match new `rotp` version.
* Update nsa gem to unreleased fork for Rails 6 support
* Update rails to 6.1.3 and rails-i18n to 6.0
* Update to unreleased fork of pluck_each for Ruby 6 support
* Run "rails app:update"
* Add missing ActiveStorage config file
* Use config.ssl_options instead of removed ApplicationController#force_ssl
Disabled force_ssl-related tests as they do not seem to be easily testable
anymore.
* Fix nonce directives by removing Rails 5 specific monkey-patching
* Fix fixture_file_upload deprecation warning
* Fix yield-based test failing with Rails 6
* Use Rails 6's index_with when possible
* Use ActiveRecord::Cache::Store#delete_multi from Rails 6
This will yield better performances when deleting an account
* Disable Rails 6.1's automatic preload link headers
Since Rails 6.1, ActionView adds preload links for javascript files
in the Links header per default.
In our case, that will bloat headers too much and potentially cause
issues with reverse proxies. Furhermore, we don't need those links,
as we already output them as HTML link tags.
* Switch to Rails 6.0 default config
* Switch to Rails 6.1 default config
* Do not include autoload paths in the load path
Conflicts:
- `Gemfile.lock`:
Not a real conflict, just a glitch-soc-only dependency too close to a
dependency that got updated upstream. Updated as well.
- `app/models/status.rb`:
Not a real conflict, just a change too close to glitch-soc-changed code
for optionally showing boosts in public timelines.
Applied upstream changes.
- `app/views/layouts/application.html.haml`:
Upstream a new, static CSS file, conflict due to glitch-soc's theming
system, include the file regardless of the theme.
- `config/initializers/content_security_policy.rb`:
Upstream dropped 'unsafe-inline' from the 'style-src' directive, but
both files are very different. Removed 'unsafe-inline' as well.
Conflicts:
- `app/javascript/mastodon/features/compose/components/poll_form.js`:
Upstream bumped poll option character limit, but we already had
a higher one, kept ours.
- `app/validators/poll_validator.rb`:
Upstream bumped poll option character limit, but we already had
a higher one, kept ours.
- `config/initializers/content_security_policy.rb`:
Upstream added a rule, the way we compute ours is different, but
that added rule has been ported.
- `package.json`:
No real conflict, dependency update. Performed the same update.
- `yarn.lock`:
No real conflict, dependency update. Performed the same update.
