This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
mastodon/config/initializers
Sorin Davidoi 6f3d934bc1 feat(cookies): Use the same-site attribute to lax (#8626)
CSFR-prevention is already implemented but adding this doesn't hurt.

A brief introduction to Same-Site cookies (and the difference between strict and
lax) can be found at
https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/

TLDR: We use lax since we want the cookies to be sent when the user navigates
safely from an external site.
2018-09-08 23:54:28 +02:00
..
0_post_deployment_migrations.rb Add post-deployment migration system (#8182) 2018-08-13 13:40:01 +02:00
active_model_serializers.rb Disable AMS logging (#7623) 2018-05-26 01:08:31 +02:00
application_controller_renderer.rb
assets.rb HTML e-mails for UserMailer (#6256) 2018-01-16 03:29:11 +01:00
backtrace_silencers.rb
blacklists.rb
chewy.rb Fix #6509: Use pull queue for chewy jobs (#6513) 2018-02-20 17:25:16 +01:00
content_security_policy.rb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
cookies_serializer.rb
cors.rb Upgrade Rails to version 5.2.0 (#5898) 2018-04-12 14:45:17 +02:00
devise.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
doorkeeper.rb Add more granular OAuth scopes (#7929) 2018-07-05 18:31:35 +02:00
fast_blank.rb
filter_parameter_logging.rb
http_client_proxy.rb Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) 2018-06-29 15:36:02 +02:00
httplog.rb
inflections.rb
instrumentation.rb
kaminari_config.rb adjust public profile pages 2 (#5223) 2017-10-04 22:49:36 +02:00
mime_types.rb Set correct content-type for ActivityPub JSON (#4592) 2017-08-14 04:16:43 +02:00
oj.rb Remove rabl dependency (#5894) 2017-12-06 15:04:49 +09:00
omniauth.rb Add additional first_name and last_name SAML attribute statement options, and modify Omniauthable concern to use full_name or first_name + last_name if not available (#6669) 2018-03-07 06:19:10 +01:00
open_uri_redirection.rb
ostatus.rb enforce LOCAL_HTTPS=true in production (#6061) 2017-12-22 02:17:59 +01:00
pagination.rb
paperclip.rb Rename S3_CLOUDFRONT_HOST to S3_ALIAS_HOST. (#8423) 2018-08-25 13:27:08 +02:00
premailer_rails.rb HTML e-mails for UserMailer (#6256) 2018-01-16 03:29:11 +01:00
rack_attack.rb Add a missing question mark in rack_attack.rb (#7338) 2018-05-03 18:51:00 +02:00
rack_attack_logging.rb Log rate limit hits (#7096) 2018-04-10 01:20:18 +02:00
redis.rb
session_activations.rb
session_store.rb feat(cookies): Use the same-site attribute to lax (#8626) 2018-09-08 23:54:28 +02:00
sidekiq.rb Use RAILS_LOG_LEVEL to set log level of Sidekiq, too (#7079) 2018-04-10 16:08:28 +02:00
simple_form.rb
single_user_mode.rb
statsd.rb Allow specifying STATSD_NAMESPACE (#5700) 2017-11-15 07:22:43 +09:00
stoplight.rb Add a circuit breaker for ActivityPub deliveries (#7053) 2018-04-07 21:36:58 +02:00
strong_migrations.rb Fix migration failure due to StrongMigrations on production env (#5283) 2017-10-09 10:05:35 +02:00
suppress_csrf_warnings.rb Suppress CSRF token warnings (#6240) 2018-01-15 06:51:23 +01:00
trusted_proxies.rb
twitter_regex.rb Add dat, dweb, ipfs, ipns, ssb, gopher protocols to URL extractor (#7810) 2018-06-15 20:21:47 +02:00
vapid.rb
wrap_parameters.rb