Commit graph

22 commits

Author SHA1 Message Date
@r3g_5z@plem.sapphic.site
565ead8397 minor-changes (#313)
Only real change here is making MRF rejects log as debug instead of info (https://akkoma.dev/AkkomaGang/akkoma/issues/234)

I don't know if it's the best way to do it, but it seems it's just MRF using this and almost always this is intended.

The rest are just minor docs changes and syncing the restricted nicknames stuff.

I compiled and ran my changes with Docker and they all work.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/313
Co-authored-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@girlboss.ceo>
2022-11-26 19:27:58 +00:00
FloatingGhost
ec1d903f2e Note that openbsd needs erlang-wx 2022-11-25 15:24:39 +00:00
FloatingGhost
cc75b313f3 Add favicon, frontend docs 2022-11-20 21:44:32 +00:00
@r3g_5z@plem.sapphic.site
0e4c201f8d HTTP header improvements (#294)
- Drop Expect-CT

Expect-CT has been redundant since 2018 when Certificate Transparency became mandated and required for all CAs and browsers. This header is only implemented in Chrome and is now deprecated. HTTP header analysers do not check this anymore as this is enforced by default. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

- Raise HSTS to 2 years and explicitly preload

The longer age for HSTS, the better. Header analysers prefer 2 years over 1 year now as free TLS is very common using Let's Encrypt.
For HSTS to be fully effective, you need to submit your root domain (domain.tld) to https://hstspreload.org. However, a requirement for this is the "preload" directive in Strict-Transport-Security. If you do not have "preload", it will reject your domain.

- Drop X-Download-Options

This is an IE8-era header when Adobe products used to use the IE engine for making outbound web requests to embed webpages in things like Adobe Acrobat (PDFs). Modern apps are using Microsoft Edge WebView2 or Chromium Embedded Framework. No modern browser checks or header analyser check for this.

- Set base-uri to 'none'

This is to specify the domain for relative links (`<base>` HTML tag). pleroma-fe does not use this and it's an incredibly niche tag.

I use all of these myself on my instance by rewriting the headers with zero problems. No breakage observed.

I have not compiled my Elixr changes, but I don't see why they'd break.

Co-authored-by: r3g_5z <june@terezi.dev>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/294
Co-authored-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
Co-committed-by: @r3g_5z@plem.sapphic.site <june@terezi.dev>
2022-11-20 21:20:06 +00:00
r3g_5z
f90552f62e
Drop XSS auditor
It's deprecated, removed in some, by all modern browsers and is known
to create XSS vulnerabilities in itself.

Signed-off-by: r3g_5z <june@terezi.dev>
2022-11-19 20:40:20 -05:00
FloatingGhost
53fbe26c80 reference "stable" in all URLs 2022-11-09 13:22:44 +00:00
FloatingGhost
e0032e4799 Add rollbacks for associated_object_id 2022-11-07 00:08:20 +00:00
FloatingGhost
5231d436d1 Add docker migration guide 2022-10-18 16:16:55 +01:00
FloatingGhost
deba1d25f5 add DB restart to docker file 2022-10-17 16:29:36 +01:00
floatingghost
66f913355a Docker builds (#231)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/231
2022-10-16 19:25:54 +00:00
floatingghost
5827f7781f Add installation note about flavour, support special cases (#222)
Fixes #210

Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/222
2022-09-20 11:04:26 +00:00
floatingghost
b8190f19dc 2022.09 stable release chores (#206)
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/206
2022-09-10 14:44:17 +00:00
FloatingGhost
25111bb407 include frontend installation document on all install guides 2022-08-30 10:56:33 +01:00
ShariVegas
273e51cb4a Update 'docs/docs/installation/migrating_to_akkoma.md'
I ran into an issue after migrating, admin-fe wouldn't function properly. Ran the above command for my build, and got that functionality back.
2022-08-05 16:30:33 +00:00
Norm
499d8a1056 Merge branch 'develop' into fedora-install 2022-08-05 05:03:00 +00:00
Norm
6b85b36e3a Fix postgres install and setup for fedora guide
Fedora requires some additional setup to work with Pleroma compared to Ubuntu/Debian.
2022-08-05 05:02:42 +00:00
Norm
b5d06a3db8 docs/installation: Update required Elixir version to 1.12
Some dependencies will refuse to work on Elixir 1.10 (and presumably 1.9). One dependency states 1.13 as a requirement but will still work on 1.12 just fine.
2022-08-03 12:01:13 +00:00
floatingghost
2c8f57db98 rename-flavours (#123)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/123
2022-07-28 10:36:51 +00:00
Fristi
7380dc0256 Added installation guides for redhat linux distributions, includes OTP build guide for fedora. (#122)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/122
Co-authored-by: Fristi <fristi@noreply.akkoma>
Co-committed-by: Fristi <fristi@noreply.akkoma>
2022-07-28 10:19:32 +00:00
floatingghost
645f0390bc Prepare for ubuntu22 murdering openssl (#120)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/120
2022-07-27 21:48:13 +00:00
floatingghost
729f45ccd2 purge ldap authenticator (#92)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/92
2022-07-20 12:49:13 +00:00
floatingghost
d2a185c013 Documentation updates for stable release (#73)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/73
2022-07-15 12:27:16 +00:00