ThibG fa929d8b81

Tweak signature verification (#15069) ...

* Add more specific error message when request body digest is invalid

This may help other implementors debug their implementation.

* Relax Host parameter requirement to GET requests

The only POST requests processed by Mastodon need objects/actors (including
their host) to be explicitly mentioned in the request's body, so replaying
a legitimate request to another host should not be a security issue.

* Support Digest headers using multiple algorithms or lowercase alogirthm names

2020-11-01 23:38:31 +01:00

..

chewy

Change tootctl search deploy algorithm (#14300)

2020-07-14 18:10:35 +02:00

controllers

Tweak signature verification (#15069)

2020-11-01 23:38:31 +01:00

helpers

Add IP-based rules (#14963)

2020-10-12 16:33:49 +02:00

javascript

Fix some account media gallery items having empty labels (#15073)

2020-11-01 18:31:39 +01:00

lib

Add follower synchronization mechanism (#14510)

2020-10-21 18:04:09 +02:00

mailers

Change account suspensions to be reversible by default (#14726)

2020-09-15 14:37:58 +02:00

models

Add follower synchronization mechanism (#14510)

2020-10-21 18:04:09 +02:00

policies

Add IP-based rules (#14963)

2020-10-12 16:33:49 +02:00

presenters

Add user notes on accounts (#14148)

2020-06-30 19:19:50 +02:00

serializers

Add duration parameter to muting. (#13831)

2020-10-13 01:01:14 +02:00

services

Fix followers synchronization mechanism not being triggered on mentions (#15026)

2020-10-23 14:22:16 +02:00

validators

Improve email address validation (#14565)

2020-08-12 12:40:25 +02:00

views

Make visibility icon clickable as part of the time of a toot (#15053)

2020-10-27 03:00:47 +01:00

workers

Fix poll ending notifications being created for each vote (#15071)

2020-11-01 06:34:43 +01:00