5 files changed, 93 insertions, 10 deletions

diff --git a/lib/pleroma/list.ex b/lib/pleroma/list.ex
index ff975e7a6..fe5721c34 100644
--- a/lib/pleroma/list.ex
+++ b/lib/pleroma/list.ex
@@ -113,11 +113,15 @@ defmodule Pleroma.List do
     end
   end
 
-  def follow(%Pleroma.List{following: following} = list, %User{} = followed) do
+  def follow(%Pleroma.List{id: id}, %User{} = followed) do
+    list = Repo.get(Pleroma.List, id)
+    %{following: following} = list
     update_follows(list, %{following: Enum.uniq([followed.follower_address | following])})
   end
 
-  def unfollow(%Pleroma.List{following: following} = list, %User{} = unfollowed) do
+  def unfollow(%Pleroma.List{id: id}, %User{} = unfollowed) do
+    list = Repo.get(Pleroma.List, id)
+    %{following: following} = list
     update_follows(list, %{following: List.delete(following, unfollowed.follower_address)})
   end
 
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 94703cd05..8e274de88 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -23,6 +23,18 @@ defmodule Pleroma.Web.Endpoint do
   # InstanceStatic needs to be before Plug.Static to be able to override shipped-static files
   # If you're adding new paths to `only:` you'll need to configure them in InstanceStatic as well
   # Cache-control headers are duplicated in case we turn off etags in the future
+  plug(
+    Pleroma.Web.Plugs.InstanceStatic,
+    at: "/",
+    from: :pleroma,
+    only: ["emoji", "images"],
+    gzip: true,
+    cache_control_for_etags: "public, max-age=1209600",
+    headers: %{
+      "cache-control" => "public, max-age=1209600"
+    }
+  )
+
   plug(Pleroma.Web.Plugs.InstanceStatic,
     at: "/",
     gzip: true,
diff --git a/lib/pleroma/web/mastodon_api/views/poll_view.ex b/lib/pleroma/web/mastodon_api/views/poll_view.ex
index d6b544037..71bc8b949 100644
--- a/lib/pleroma/web/mastodon_api/views/poll_view.ex
+++ b/lib/pleroma/web/mastodon_api/views/poll_view.ex
@@ -11,7 +11,7 @@ defmodule Pleroma.Web.MastodonAPI.PollView do
     {end_time, expired} = end_time_and_expired(object)
     {options, votes_count} = options_and_votes_count(options)
 
-    %{
+    poll = %{
       # Mastodon uses separate ids for polls, but an object can't have
       # more than one poll embedded so object id is fine
       id: to_string(object.id),
@@ -21,9 +21,16 @@ defmodule Pleroma.Web.MastodonAPI.PollView do
       votes_count: votes_count,
       voters_count: voters_count(object),
       options: options,
-      voted: voted?(params),
       emojis: Pleroma.Web.MastodonAPI.StatusView.build_emojis(object.data["emoji"])
     }
+
+    if params[:for] do
+      # when unauthenticated Mastodon doesn't include `voted` & `own_votes` keys in response
+      {voted, own_votes} = voted_and_own_votes(params, options)
+      Map.merge(poll, %{voted: voted, own_votes: own_votes})
+    else
+      poll
+    end
   end
 
   def render("show.json", %{object: object} = params) do
@@ -67,12 +74,29 @@ defmodule Pleroma.Web.MastodonAPI.PollView do
 
   defp voters_count(_), do: 0
 
-  defp voted?(%{object: object} = opts) do
-    if opts[:for] do
-      existing_votes = Pleroma.Web.ActivityPub.Utils.get_existing_votes(opts[:for].ap_id, object)
-      existing_votes != [] or opts[:for].ap_id == object.data["actor"]
+  defp voted_and_own_votes(%{object: object} = params, options) do
+    if params[:for] do
+      existing_votes =
+        Pleroma.Web.ActivityPub.Utils.get_existing_votes(params[:for].ap_id, object)
+
+      voted = existing_votes != [] or params[:for].ap_id == object.data["actor"]
+
+      own_votes =
+        if voted do
+          titles = Enum.map(options, & &1[:title])
+
+          Enum.reduce(existing_votes, [], fn vote, acc ->
+            data = vote |> Map.get(:object) |> Map.get(:data)
+            index = Enum.find_index(titles, &(&1 == data["name"]))
+            [index | acc]
+          end)
+        else
+          []
+        end
+
+      {voted, own_votes}
     else
-      false
+      {false, []}
     end
   end
 end
diff --git a/lib/pleroma/web/media_proxy/invalidation/script.ex b/lib/pleroma/web/media_proxy/invalidation/script.ex
index 0f66c2fe3..87a21166c 100644
--- a/lib/pleroma/web/media_proxy/invalidation/script.ex
+++ b/lib/pleroma/web/media_proxy/invalidation/script.ex
@@ -13,6 +13,7 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do
   def purge(urls, opts \\ []) do
     args =
       urls
+      |> maybe_format_urls(Keyword.get(opts, :url_format))
       |> List.wrap()
       |> Enum.uniq()
       |> Enum.join(" ")
@@ -40,4 +41,22 @@ defmodule Pleroma.Web.MediaProxy.Invalidation.Script do
     Logger.error("Error while cache purge: #{inspect(error)}")
     {:error, inspect(error)}
   end
+
+  def maybe_format_urls(urls, :htcacheclean) do
+    urls
+    |> Enum.map(fn url ->
+      uri = URI.parse(url)
+
+      query =
+        if !is_nil(uri.query) do
+          "?" <> uri.query
+        else
+          "?"
+        end
+
+      uri.scheme <> "://" <> uri.host <> ":#{inspect(uri.port)}" <> uri.path <> query
+    end)
+  end
+
+  def maybe_format_urls(urls, _), do: urls
 end
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index 4b84f575d..0025b042a 100644
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -20,9 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
     end
   end
 
-  defp headers do
+  def primary_frontend do
+    with %{"name" => frontend} <- Config.get([:frontends, :primary]),
+         available <- Config.get([:frontends, :available]),
+         %{} = primary_frontend <- Map.get(available, frontend) do
+      {:ok, primary_frontend}
+    end
+  end
+
+  def custom_http_frontend_headers do
+    with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do
+      custom_headers
+    else
+      _ -> []
+    end
+  end
+
+  def headers do
     referrer_policy = Config.get([:http_security, :referrer_policy])
     report_uri = Config.get([:http_security, :report_uri])
+    custom_http_frontend_headers = custom_http_frontend_headers()
 
     headers = [
       {"x-xss-protection", "1; mode=block"},
@@ -34,6 +51,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
       {"content-security-policy", csp_string()}
     ]
 
+    headers =
+      if custom_http_frontend_headers do
+        custom_http_frontend_headers ++ headers
+      else
+        headers
+      end
+
     if report_uri do
       report_group = %{
         "group" => "csp-endpoint",