itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity
akkoma/lib/pleroma/web/plugs
History
Oneric 0a9e7d4712 federation/in: improve reply on requests from blocked domains 
Previously all such requests led to '401 Unauthorized'
whih might have triggered retries.
Now, to not leak any MRF info, we just indicate an
accept for POST requests without actually processing the object
and indiscriminately return "not found" for GET requests.

Notably this change also now causes all signed fetch requests from
blocked domains to be rejected even if authorized_fetch isn’t enabled.

Fixes: https://akkoma.dev/AkkomaGang/akkoma/issues/929
2025-06-10 20:43:33 +02:00
..
parsers giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
rate_limiter Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
admin_secret_authentication_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
authentication_plug.ex argon2 password hashing (#406) 2022-12-30 02:46:58 +00:00
basic_auth_decoder_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
cache.ex Skip cache when /objects or /activities is authenticated 2022-06-29 20:47:27 +01:00
csp_nonce_plug.ex Add prometheus metrics to router 2022-12-15 02:02:07 +00:00
digest_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
ensure_authenticated_plug.ex [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
ensure_http_signature_plug.ex Simplified HTTP signature processing 2022-12-19 20:41:48 +00:00
ensure_public_or_authenticated_plug.ex [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
ensure_staff_privileged_plug.ex EnsureStaffPrivilegedPlug: don't let non-moderators through 2021-12-27 17:18:26 -06:00
ensure_user_token_assigns_plug.ex [#2510] Improved support for app-bound OAuth tokens. Auth-related refactoring. 2021-02-11 15:02:50 +03:00
expect_authenticated_check_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
expect_public_or_authenticated_check_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
federating_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
frontend_static.ex ensure only pickable frontends can be returned 2023-04-14 17:42:40 +01:00
http_security_plug.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
http_signature_plug.ex federation/in: improve reply on requests from blocked domains 2025-06-10 20:43:33 +02:00
idempotency_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
instance_static.ex Fix Content-Type sanitisation for emoji and local uploads 2025-03-10 19:45:26 +01:00
mapped_signature_to_identity_plug.ex Adapt to new http_signature API 2025-06-07 20:27:58 +02:00
o_auth_plug.ex OAuthPlug: use user cache instead of joining 2022-09-11 19:55:55 +01:00
o_auth_scopes_plug.ex Add URI matchers 2023-08-06 15:51:21 +01:00
plug_helper.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
rate_limiter.ex Support elixir1.15 2023-08-03 17:44:09 +01:00
remote_ip.ex giant massive dep upgrade and dialyxir-found error emporium (#371) 2022-12-14 12:38:48 +00:00
set_format_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
set_locale_plug.ex Support multiple locales from userLanguage cookie 2022-06-29 20:47:10 +01:00
set_user_session_id_plug.ex Revert "Fix oauth2 (for real) (#179)" 2022-08-21 17:52:02 +01:00
static_fe_plug.ex Redirect to standard FE if logged in 2022-12-07 13:35:00 +00:00
trailing_format_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
uploaded_media.ex Fix Content-Type sanitisation for emoji and local uploads 2025-03-10 19:45:26 +01:00
user_enabled_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_fetcher_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_is_admin_plug.ex Bump Copyright to 2021 2021-01-13 07:49:50 +01:00
user_is_staff_plug.ex Moderators: add UserIsStaffPlug 2021-07-12 21:57:52 -05:00
user_tracking_plug.ex Add active user count 2021-01-27 18:20:06 +04:00
utils.ex Limit instance emoji to image types 2024-03-18 22:33:10 -01:00