From 16307da3115a840163be149c3847fc600b260bc6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 9 Sep 2018 12:12:31 +0000 Subject: twitterapi: frontend config: add formattingOptionsEnabled --- config/config.exs | 1 + 1 file changed, 1 insertion(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 2290119f7..c3094eb2b 100644 --- a/config/config.exs +++ b/config/config.exs @@ -98,6 +98,7 @@ config :pleroma, :fe, redirect_root_login: "/main/friends", show_instance_panel: true, scope_options_enabled: false, + formatting_options_enabled: false, collapse_message_with_subject: false config :pleroma, :activitypub, -- cgit v1.2.3 From 285ac80c36cbd943b16eb5e1ee4447376f8f555f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Fri, 5 Oct 2018 21:02:17 +0000 Subject: config: allow for accepted post formats to be configured --- config/config.exs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index c3094eb2b..608c035b0 100644 --- a/config/config.exs +++ b/config/config.exs @@ -74,7 +74,12 @@ config :pleroma, :instance, rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy, public: true, quarantined_instances: [], - managed_config: true + managed_config: true, + allowed_post_formats: [ + "text/plain", + "text/html", + "text/markdown" + ] config :pleroma, :markup, # XXX - unfortunately, inline images must be enabled by default right now, because -- cgit v1.2.3 From 7b3fff9af87bbf8e6b0cc824b7ebf681e4a614f1 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 7 Oct 2018 01:05:59 +0000 Subject: {mastodon api, twitter api}: make the follow handshake timeout configurable --- config/config.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 608c035b0..c32ac9da2 100644 --- a/config/config.exs +++ b/config/config.exs @@ -109,7 +109,8 @@ config :pleroma, :fe, config :pleroma, :activitypub, accept_blocks: true, unfollow_blocked: true, - outgoing_blocks: true + outgoing_blocks: true, + follow_handshake_timeout: 500 config :pleroma, :user, deny_follow_blocked: true -- cgit v1.2.3 From 08d5ad71b68e44334911c63aada418fab2c17df2 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 7 Oct 2018 01:23:38 +0000 Subject: nodeinfo: allow opting out of MRF transparency --- config/config.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index c32ac9da2..320296991 100644 --- a/config/config.exs +++ b/config/config.exs @@ -79,7 +79,8 @@ config :pleroma, :instance, "text/plain", "text/html", "text/markdown" - ] + ], + mrf_transparency: true config :pleroma, :markup, # XXX - unfortunately, inline images must be enabled by default right now, because -- cgit v1.2.3 From 2154c5dcd891cf2a85c0251e07424b5681aa88a2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 18 Oct 2018 07:36:58 +0200 Subject: lib/pleroma/html.ex: Use macros for valid_schemes, change config for schemes --- config/config.exs | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 320296991..e5f0b4f6f 100644 --- a/config/config.exs +++ b/config/config.exs @@ -24,7 +24,23 @@ config :pleroma, Pleroma.Uploaders.S3, config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] -config :pleroma, :uri_schemes, additionnal_schemes: [] +config :pleroma, :uri_schemes, + valid_schemes: [ + "https", + "http", + "dat", + "dweb", + "gopher", + "ipfs", + "ipns", + "irc", + "ircs", + "magnet", + "mailto", + "mumble", + "ssb", + "xmpp" + ] # Configures the endpoint config :pleroma, Pleroma.Web.Endpoint, -- cgit v1.2.3 From 3e79d941c81e741c1268523db23a9024ca67bd29 Mon Sep 17 00:00:00 2001 From: scarlett Date: Sun, 21 Oct 2018 12:54:37 +0100 Subject: Defaults for new frontend options in config.exs --- config/config.exs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index e5f0b4f6f..225ca914a 100644 --- a/config/config.exs +++ b/config/config.exs @@ -121,7 +121,9 @@ config :pleroma, :fe, show_instance_panel: true, scope_options_enabled: false, formatting_options_enabled: false, - collapse_message_with_subject: false + collapse_message_with_subject: false, + hide_post_stats: false, + hide_user_stats: false config :pleroma, :activitypub, accept_blocks: true, -- cgit v1.2.3 From ae5beb7b6464d9bc4532693987d9d94cd5bac6bd Mon Sep 17 00:00:00 2001 From: scarlett Date: Thu, 25 Oct 2018 17:58:46 +0100 Subject: Make finmoji optional --- config/config.exs | 1 + 1 file changed, 1 insertion(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 225ca914a..2d2cdda45 100644 --- a/config/config.exs +++ b/config/config.exs @@ -96,6 +96,7 @@ config :pleroma, :instance, "text/html", "text/markdown" ], + finmoji_enabled: true, mrf_transparency: true config :pleroma, :markup, -- cgit v1.2.3 From 167d3789a5a334859dfb9bf1612bdfc993032667 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 16:30:12 +0000 Subject: activitypub: upload: pass through an upload limit if one is provided --- config/config.exs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 2d2cdda45..3abb6e695 100644 --- a/config/config.exs +++ b/config/config.exs @@ -84,6 +84,9 @@ config :pleroma, :instance, description: "A Pleroma instance, an alternative fediverse server", limit: 5000, upload_limit: 16_000_000, + avatar_upload_limit: 2_000_000, + background_upload_limit: 4_000_000, + banner_upload_limit: 4_000_000, registrations_open: true, federating: true, allow_relay: true, -- cgit v1.2.3 From 36825932eb04d9db3e2d24b02368d7dd709dea23 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 29 Oct 2018 18:00:59 +0000 Subject: s3 uploader: add new feature to force public attachment URIs to go through media proxy --- config/config.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 2d2cdda45..a71fedf1c 100644 --- a/config/config.exs +++ b/config/config.exs @@ -20,7 +20,8 @@ config :pleroma, Pleroma.Uploaders.Local, config :pleroma, Pleroma.Uploaders.S3, bucket: nil, - public_endpoint: "https://s3.amazonaws.com" + public_endpoint: "https://s3.amazonaws.com", + force_media_proxy: false config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] -- cgit v1.2.3 From ee41dbeca5e57f013a924625d641801b849f432d Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 10:13:29 +0100 Subject: config/config.md: Create --- config/config.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 config/config.md (limited to 'config') diff --git a/config/config.md b/config/config.md new file mode 100644 index 000000000..b75ff2aa8 --- /dev/null +++ b/config/config.md @@ -0,0 +1,32 @@ +# Configuration + +## Pleroma.Upload +* `uploader`: Select which `Pleroma.Uploaders` to use +* `strip_exif`: boolean, uses ImageMagick(!) to strip exif. + +## Pleroma.Uploaders.Local +* `uploads``: Which directory to store the user-uploads in, relative to pleroma’s working directory +* `uploads_url`: The URL to access a user-uploaded file, ``{{base_url}}`` is replaced to the instance URL and ``{{file}}`` to the filename. Useful when you want to proxy the media files via another host. + +## ``:uri_schemes`` +* `valid_schemes`: List of the scheme part that is considered valid to be an URL + +## ``:instance`` +* ``name`` +* ``email``: Email used to reach an Administrator/Moderator of the instance +* ``description`` +* ``limit``: Posts character limit +* ``upload_limit``: File size limit of uploads (except for avatar, background, banner) +* ``avatar_upload_limit``: File size limit of user’s profile avatars +* ``background_upload_limit``: File size limit of user’s profile backgrounds +* ``banner_upload_limit``: File size limit of user’s profile backgrounds +* ``registerations_open`` +* ``federating`` +* ``allow_relay`` +* ``rewrite_policy``: Message Rewrite Policy, either one or a list. +* ``public`` +* ``quarantined_instances``: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. +* ``managed_config``: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` +* ``allowed_post_formats``: MIME-type list of formats allowed to be posted (transformed into HTML) +* ``finmoji_enabled`` +* ``mrf_transparency``: Make the content of your Message Rewrite Facility settings public (via nodeinfo). -- cgit v1.2.3 From 0189ccd4d9651396fcfd7a3959c5353acd0785c6 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 2 Nov 2018 10:32:43 +0100 Subject: config/config.md: Complete it [WIP] --- config/config.md | 73 ++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 52 insertions(+), 21 deletions(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index b75ff2aa8..3c3f69282 100644 --- a/config/config.md +++ b/config/config.md @@ -5,28 +5,59 @@ * `strip_exif`: boolean, uses ImageMagick(!) to strip exif. ## Pleroma.Uploaders.Local -* `uploads``: Which directory to store the user-uploads in, relative to pleroma’s working directory +* `uploads`: Which directory to store the user-uploads in, relative to pleroma’s working directory * `uploads_url`: The URL to access a user-uploaded file, ``{{base_url}}`` is replaced to the instance URL and ``{{file}}`` to the filename. Useful when you want to proxy the media files via another host. -## ``:uri_schemes`` +## :uri_schemes * `valid_schemes`: List of the scheme part that is considered valid to be an URL -## ``:instance`` -* ``name`` -* ``email``: Email used to reach an Administrator/Moderator of the instance -* ``description`` -* ``limit``: Posts character limit -* ``upload_limit``: File size limit of uploads (except for avatar, background, banner) -* ``avatar_upload_limit``: File size limit of user’s profile avatars -* ``background_upload_limit``: File size limit of user’s profile backgrounds -* ``banner_upload_limit``: File size limit of user’s profile backgrounds -* ``registerations_open`` -* ``federating`` -* ``allow_relay`` -* ``rewrite_policy``: Message Rewrite Policy, either one or a list. -* ``public`` -* ``quarantined_instances``: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. -* ``managed_config``: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` -* ``allowed_post_formats``: MIME-type list of formats allowed to be posted (transformed into HTML) -* ``finmoji_enabled`` -* ``mrf_transparency``: Make the content of your Message Rewrite Facility settings public (via nodeinfo). +## :instance +* `name` +* `email`: Email used to reach an Administrator/Moderator of the instance +* `description` +* `limit`: Posts character limit +* `upload_limit`: File size limit of uploads (except for avatar, background, banner) +* `avatar_upload_limit`: File size limit of user’s profile avatars +* `background_upload_limit`: File size limit of user’s profile backgrounds +* `banner_upload_limit`: File size limit of user’s profile backgrounds +* `registerations_open` +* `federating` +* `allow_relay` +* `rewrite_policy`: Message Rewrite Policy, either one or a list. +* `public` +* `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. +* `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` +* `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML) +* `finmoji_enabled` +* `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). + +## :fe +* `theme` +* `logo` +* `logo_mask` +* `logo_margin` +* `background` +* `redirect_root_no_login` +* `redirect_root_login` +* `show_instance_panel` +* `scope_options_enabled`: Enable setting an notice visibility when posting +* `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` +* `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default +* `hide_post_stats`: Hide notices statistics(repeats, favorites, …) +* `hide_user_stats`: Hide profile statistics(posts, posts per day, followers, followings, …) + +## :mrf_simple +* `media_removal`: List of instances to remove medias from +* `media_nsfw`: List of instances to put medias as NSFW(sensitive) from +* `federated_timeline_removal`: List of instances to remove from Federated (aka The Whole Known Network) Timeline +* `reject`: List of instances to reject any activities from +* `accept`: List of instances to accept any activities from + +## :media_proxy +* `enabled`: Enables proxying of remote media to the instance’s proxy +* `redirect_on_failure`: Use the original URL when Media Proxy fails to get it + +## :gopher +* `enabled`: Enables the gopher interface +* `ip`: IP address to bind to +* `port`: Port to bind to -- cgit v1.2.3 From 79bdc3db1932955314815d57f8c4a40b3744fa0b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:27:21 +0100 Subject: config/config.md: Fill all the blanks --- config/config.md | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 3c3f69282..75cb4f683 100644 --- a/config/config.md +++ b/config/config.md @@ -12,34 +12,36 @@ * `valid_schemes`: List of the scheme part that is considered valid to be an URL ## :instance -* `name` +* `name`: The instance’s name * `email`: Email used to reach an Administrator/Moderator of the instance -* `description` -* `limit`: Posts character limit +* `description`: The instance’s description, can be seen in nodeinfo and ``/api/v1/instance`` +* `limit`: Posts character limit (CW/Subject included in the counter) * `upload_limit`: File size limit of uploads (except for avatar, background, banner) * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds * `banner_upload_limit`: File size limit of user’s profile backgrounds -* `registerations_open` +* `registerations_open`: Enable registerations for anyone, invitations can be used when false. * `federating` -* `allow_relay` +* `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance * `rewrite_policy`: Message Rewrite Policy, either one or a list. -* `public` +* `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML) -* `finmoji_enabled` +* `finmoji_enabled`: Whenether to enable the finmojis in the custom emojis. * `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). ## :fe -* `theme` -* `logo` -* `logo_mask` -* `logo_margin` -* `background` -* `redirect_root_no_login` -* `redirect_root_login` -* `show_instance_panel` +This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:instance`` is set to false. + +* `theme`: Which theme to use, they are defined in ``styles.json`` +* `logo`: URL of the logo, defaults to Pleroma’s logo +* `logo_mask`: Whenether to mask the logo +* `logo_margin`: What margin to use around the logo +* `background`: URL of the background, unless viewing a user profile with a background that is set +* `redirect_root_no_login`: relative URL which indicates where to redirect when a user isn’t logged in. +* `redirect_root_login`: relative URL which indicates where to redirect when a user is logged in. +* `show_instance_panel`: Whenether to show the instance’s specific panel. * `scope_options_enabled`: Enable setting an notice visibility when posting * `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` * `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default -- cgit v1.2.3 From db67c9b118542dc0010cee5589c1e8ba97d61a1b Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:33:05 +0100 Subject: config/config.md: scope_options_enabled also addresses subject --- config/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 75cb4f683..bbcea619f 100644 --- a/config/config.md +++ b/config/config.md @@ -42,7 +42,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `redirect_root_no_login`: relative URL which indicates where to redirect when a user isn’t logged in. * `redirect_root_login`: relative URL which indicates where to redirect when a user is logged in. * `show_instance_panel`: Whenether to show the instance’s specific panel. -* `scope_options_enabled`: Enable setting an notice visibility when posting +* `scope_options_enabled`: Enable setting an notice visibility and subject/CW when posting * `formatting_options_enabled`: Enable setting a formatting different than plain-text (ie. HTML, Markdown) when posting, relates to ``:instance, allowed_post_formats`` * `collapse_message_with_subjects`: When a message has a subject(aka Content Warning), collapse it by default * `hide_post_stats`: Hide notices statistics(repeats, favorites, …) -- cgit v1.2.3 From d1a7a9fd24403600851cb541a2021d32b7cc8fc5 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Thu, 8 Nov 2018 14:59:44 +0100 Subject: config/config.md: Add lines inspired/copied from CONFIGURATION.md --- config/config.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index bbcea619f..51172fc4d 100644 --- a/config/config.md +++ b/config/config.md @@ -1,5 +1,8 @@ # Configuration +This file describe the configuration, it is recommended to edit the relevant *.secret.exs file instead of the others founds in the ``config`` directory. +If you run Pleroma with ``MIX_ENV=prod`` the file is ``prod.secret.exs``, otherwise it is ``dev.secret.exs``. + ## Pleroma.Upload * `uploader`: Select which `Pleroma.Uploaders` to use * `strip_exif`: boolean, uses ImageMagick(!) to strip exif. @@ -23,7 +26,11 @@ * `registerations_open`: Enable registerations for anyone, invitations can be used when false. * `federating` * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance -* `rewrite_policy`: Message Rewrite Policy, either one or a list. +* `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default: + * `Pleroma.Web.ActivityPub.MRF.NoOpPolicy`: Doesn’t modify activities (default) + * `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production + * `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See ``:mrf_simple`` section) + * `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See ``:mrf_rejectnonpublic`` section) * `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` @@ -55,6 +62,10 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `reject`: List of instances to reject any activities from * `accept`: List of instances to accept any activities from +## :mrf_rejectnonpublic +* `allow_followersonly`: whether to allow followers-only posts +* `allow_direct`: whether to allow direct messages + ## :media_proxy * `enabled`: Enables proxying of remote media to the instance’s proxy * `redirect_on_failure`: Use the original URL when Media Proxy fails to get it @@ -63,3 +74,9 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * `enabled`: Enables the gopher interface * `ip`: IP address to bind to * `port`: Port to bind to + +## :activitypub +* ``accept_blocks``: Whether to accept incoming block activities from other instances +* ``unfollow_blocked``: Whether blocks result in people getting unfollowed +* ``outgoing_blocks``: Whether to federate blocks to other instances +* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question -- cgit v1.2.3 From 234e471289e7556b0a9f70a01ceefc5814396f9f Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 05:40:55 +0000 Subject: config: properly configure CORSPlug. --- config/config.exs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index a6be69620..e82c490e3 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,20 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :cors_plug, + max_age: 86_400, + methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], + expose: [ + "Link", + "X-RateLimit-Reset", + "X-RateLimit-Limit", + "X-RateLimit-Remaining", + "X-Request-Id", + "Idempotency-Key" + ], + credentials: true, + headers: ["Authorization", "Content-Type", "Idempotency-Key"] + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. import_config "#{Mix.env()}.exs" -- cgit v1.2.3 From 69f5dfcfb3f2b498e1f9957244f0896b6f9d5c2a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:37:18 +0000 Subject: config: add default parameters for CSPPlug --- config/config.exs | 5 +++++ config/config.md | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index e82c490e3..ad8653025 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,11 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :pleroma, :csp, + enabled: true, + sts: false, + sts_max_age: 31_536_000 + config :cors_plug, max_age: 86_400, methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], diff --git a/config/config.md b/config/config.md index 51172fc4d..e08d206b6 100644 --- a/config/config.md +++ b/config/config.md @@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``unfollow_blocked``: Whether blocks result in people getting unfollowed * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question + +## :csp +* ``enabled``: Whether the managed content security policy is enabled +* ``sts``: Whether to additionally send a `Strict-Transport-Security` header +* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From df72978dce3805157537e8fa1a2fec35fcf9a7cd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:53:42 +0000 Subject: csp plug: add support for certificate transparency --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index ad8653025..1d918919d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -179,7 +179,8 @@ config :pleroma, :suggestions, config :pleroma, :csp, enabled: true, sts: false, - sts_max_age: 31_536_000 + sts_max_age: 31_536_000, + ct_max_age: 2_592_000 config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index e08d206b6..34f703560 100644 --- a/config/config.md +++ b/config/config.md @@ -85,3 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent +* ``ct_max_age``: The maximum age for the `Except-CT` header if sent -- cgit v1.2.3 From 5dda13ee5f9302cfef215c8ffaa527e9a572a37b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 07:27:36 +0000 Subject: config docs: typo fix --- config/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 34f703560..446b0ce67 100644 --- a/config/config.md +++ b/config/config.md @@ -85,4 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -* ``ct_max_age``: The maximum age for the `Except-CT` header if sent +* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent -- cgit v1.2.3 From fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:08:02 +0000 Subject: rename CSPPlug to HTTPSecurityPlug. --- config/config.exs | 2 +- config/config.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 1d918919d..be9c03ceb 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,7 +176,7 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" -config :pleroma, :csp, +config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, diff --git a/config/config.md b/config/config.md index 446b0ce67..48af1c236 100644 --- a/config/config.md +++ b/config/config.md @@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question -## :csp +## :http_security * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:14:46 +0000 Subject: http security: allow referrer-policy to be configured --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index be9c03ceb..9cc558564 100644 --- a/config/config.exs +++ b/config/config.exs @@ -180,7 +180,8 @@ config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, - ct_max_age: 2_592_000 + ct_max_age: 2_592_000, + referrer_policy: "same-origin" config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index 48af1c236..5b4110646 100644 --- a/config/config.md +++ b/config/config.md @@ -86,3 +86,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent +* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. -- cgit v1.2.3 From 58af0787be605d0b382b30aba3749c7c8bbf10bc Mon Sep 17 00:00:00 2001 From: Hakaba Hitoyo Date: Thu, 15 Nov 2018 14:19:10 +0900 Subject: add mdii uploader --- config/config.exs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 9cc558564..ef69368e6 100644 --- a/config/config.exs +++ b/config/config.exs @@ -23,6 +23,9 @@ config :pleroma, Pleroma.Uploaders.S3, public_endpoint: "https://s3.amazonaws.com", force_media_proxy: false +config :pleroma, Pleroma.Uploaders.Mdii, + host_name: "mdii.sakura.ne.jp" + config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] config :pleroma, :uri_schemes, -- cgit v1.2.3 From 8e707aba29921666a50878c39751cd53ee5cde7e Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Thu, 15 Nov 2018 15:11:59 +0900 Subject: format --- config/config.exs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index ef69368e6..f222c1aa4 100644 --- a/config/config.exs +++ b/config/config.exs @@ -23,8 +23,7 @@ config :pleroma, Pleroma.Uploaders.S3, public_endpoint: "https://s3.amazonaws.com", force_media_proxy: false -config :pleroma, Pleroma.Uploaders.Mdii, - host_name: "mdii.sakura.ne.jp" +config :pleroma, Pleroma.Uploaders.Mdii, host_name: "mdii.sakura.ne.jp" config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] -- cgit v1.2.3 From 55abd8482ed604587ffa9f5f3f64d36d4d5aa296 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Fri, 16 Nov 2018 20:41:12 +0900 Subject: better config --- config/config.exs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index f222c1aa4..8ce443f9e 100644 --- a/config/config.exs +++ b/config/config.exs @@ -23,7 +23,9 @@ config :pleroma, Pleroma.Uploaders.S3, public_endpoint: "https://s3.amazonaws.com", force_media_proxy: false -config :pleroma, Pleroma.Uploaders.Mdii, host_name: "mdii.sakura.ne.jp" +config :pleroma, Pleroma.Uploaders.Mdii, + cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi", + files: "https://mdii.sakura.ne.jp" config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] -- cgit v1.2.3 From 8fd0556c78472f8bdeee3520d6192ce96339d545 Mon Sep 17 00:00:00 2001 From: hakabahitoyo Date: Sat, 17 Nov 2018 18:14:42 +0900 Subject: better config reading --- config/config.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 8ce443f9e..af0fdca9a 100644 --- a/config/config.exs +++ b/config/config.exs @@ -23,7 +23,7 @@ config :pleroma, Pleroma.Uploaders.S3, public_endpoint: "https://s3.amazonaws.com", force_media_proxy: false -config :pleroma, Pleroma.Uploaders.Mdii, +config :pleroma, Pleroma.Uploaders.MDII, cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi", files: "https://mdii.sakura.ne.jp" -- cgit v1.2.3 From bcecdc3ab194135d5bc17496b8091a6c17775c87 Mon Sep 17 00:00:00 2001 From: href Date: Fri, 16 Nov 2018 21:35:08 +0100 Subject: Various runtime configuration fixes --- config/config.exs | 1 + config/prod.exs | 1 + 2 files changed, 2 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index af0fdca9a..faeac8ed1 100644 --- a/config/config.exs +++ b/config/config.exs @@ -52,6 +52,7 @@ config :pleroma, Pleroma.Web.Endpoint, url: [host: "localhost"], protocol: "https", secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl", + signing_salt: "CqaoopA2", render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)], pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2], secure_cookie_flag: true diff --git a/config/prod.exs b/config/prod.exs index d0cfd1ac2..e5e5a977e 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -14,6 +14,7 @@ use Mix.Config # manifest is generated by the mix phoenix.digest task # which you typically run after static files are built. config :pleroma, Pleroma.Web.Endpoint, + server: true, http: [port: 4000], protocol: "http" -- cgit v1.2.3 From bc5cf2c1926225a43589abf330fe984ea439cb00 Mon Sep 17 00:00:00 2001 From: href Date: Tue, 20 Nov 2018 17:55:03 +0100 Subject: Improved version string --- config/config.exs | 8 -------- 1 file changed, 8 deletions(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index af0fdca9a..ac841d907 100644 --- a/config/config.exs +++ b/config/config.exs @@ -72,18 +72,10 @@ config :pleroma, :websub, Pleroma.Web.Websub config :pleroma, :ostatus, Pleroma.Web.OStatus config :pleroma, :httpoison, Pleroma.HTTP -version = - with {version, 0} <- System.cmd("git", ["rev-parse", "HEAD"]) do - "Pleroma #{Mix.Project.config()[:version]} #{String.trim(version)}" - else - _ -> "Pleroma #{Mix.Project.config()[:version]} dev" - end - # Configures http settings, upstream proxy etc. config :pleroma, :http, proxy_url: nil config :pleroma, :instance, - version: version, name: "Pleroma", email: "example@example.com", description: "A Pleroma instance, an alternative fediverse server", -- cgit v1.2.3 From 6979eeda34a7c9c201c0816f322c3a29c6d947e6 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 26 Nov 2018 23:54:46 +0000 Subject: config: document mrf_user_allowlist --- config/config.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'config') diff --git a/config/config.md b/config/config.md index 5b4110646..c843bca5d 100644 --- a/config/config.md +++ b/config/config.md @@ -87,3 +87,16 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent * ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. + +## :mrf_user_allowlist + +The keys in this section are the domain names that the policy should apply to. +Each key should be assigned a list of users that should be allowed through by +their ActivityPub ID. + +An example: + +``` +config :pleroma, :mrf_user_allowlist, + "example.org": ["https://example.org/users/admin"] +``` -- cgit v1.2.3 From 761ed2355fceccbc267af3d8e0784b07c288819e Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Fri, 30 Nov 2018 03:05:34 +0100 Subject: config/prod.exs: Remove server: true This breaks mix tasks in regular Elixir --- config/prod.exs | 1 - 1 file changed, 1 deletion(-) (limited to 'config') diff --git a/config/prod.exs b/config/prod.exs index e5e5a977e..d0cfd1ac2 100644 --- a/config/prod.exs +++ b/config/prod.exs @@ -14,7 +14,6 @@ use Mix.Config # manifest is generated by the mix phoenix.digest task # which you typically run after static files are built. config :pleroma, Pleroma.Web.Endpoint, - server: true, http: [port: 4000], protocol: "http" -- cgit v1.2.3