aboutsummaryrefslogtreecommitdiff
path: root/config/initializers
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/cache_buster.rb10
-rw-r--r--config/initializers/chewy.rb5
-rw-r--r--config/initializers/devise.rb2
-rw-r--r--config/initializers/makara.rb2
-rw-r--r--config/initializers/omniauth.rb1
-rw-r--r--config/initializers/paperclip.rb14
-rw-r--r--config/initializers/rack_attack.rb4
-rw-r--r--config/initializers/session_store.rb6
-rw-r--r--config/initializers/twitter_regex.rb2
9 files changed, 42 insertions, 4 deletions
diff --git a/config/initializers/cache_buster.rb b/config/initializers/cache_buster.rb
new file mode 100644
index 000000000..227e450f3
--- /dev/null
+++ b/config/initializers/cache_buster.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+Rails.application.configure do
+ config.x.cache_buster_enabled = ENV['CACHE_BUSTER_ENABLED'] == 'true'
+
+ config.x.cache_buster = {
+ secret_header: ENV['CACHE_BUSTER_SECRET_HEADER'],
+ secret: ENV['CACHE_BUSTER_SECRET'],
+ }
+end
diff --git a/config/initializers/chewy.rb b/config/initializers/chewy.rb
index 8f54abf77..9fc9b2f1a 100644
--- a/config/initializers/chewy.rb
+++ b/config/initializers/chewy.rb
@@ -12,6 +12,10 @@ Chewy.settings = {
sidekiq: { queue: 'pull' },
}
+# We use our own async strategy even outside the request-response
+# cycle, which takes care of checking if ElasticSearch is enabled
+# or not. However, mind that for the Rails console, the :urgent
+# strategy is set automatically with no way to override it.
Chewy.root_strategy = :custom_sidekiq
Chewy.request_strategy = :custom_sidekiq
Chewy.use_after_commit_callbacks = false
@@ -37,6 +41,7 @@ Elasticsearch::Transport::Client.prepend Module.new {
super arguments
end
}
+
Elasticsearch::API::Indices::IndicesClient.prepend Module.new {
def create(arguments = {})
arguments[:include_type_name] = true
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 59e69ad37..ef612e177 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -10,6 +10,7 @@ Warden::Manager.after_set_user except: :fetch do |user, warden|
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
+ same_site: :lax,
}
end
@@ -20,6 +21,7 @@ Warden::Manager.after_fetch do |user, warden|
expires: 1.year.from_now,
httponly: true,
secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
+ same_site: :lax,
}
else
warden.logout
diff --git a/config/initializers/makara.rb b/config/initializers/makara.rb
new file mode 100644
index 000000000..dc88fa63c
--- /dev/null
+++ b/config/initializers/makara.rb
@@ -0,0 +1,2 @@
+Makara::Cookie::DEFAULT_OPTIONS[:same_site] = :lax
+Makara::Cookie::DEFAULT_OPTIONS[:secure] = Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index e8d7697a1..9e037f421 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -60,6 +60,7 @@ Devise.setup do |config|
saml_options[:attribute_statements][:verified] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED']
saml_options[:attribute_statements][:verified_email] = [ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']] if ENV['SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL']
saml_options[:uid_attribute] = ENV['SAML_UID_ATTRIBUTE'] if ENV['SAML_UID_ATTRIBUTE']
+ saml_options[:allowed_clock_drift] = ENV['SAML_ALLOWED_CLOCK_DRIFT'] if ENV['SAML_ALLOWED_CLOCK_DRIFT']
config.omniauth :saml, saml_options
end
end
diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb
index b4849370d..9ad7fd814 100644
--- a/config/initializers/paperclip.rb
+++ b/config/initializers/paperclip.rb
@@ -62,7 +62,7 @@ if ENV['S3_ENABLED'] == 'true'
s3_options: {
signature_version: ENV.fetch('S3_SIGNATURE_VERSION') { 'v4' },
http_open_timeout: ENV.fetch('S3_OPEN_TIMEOUT'){ '5' }.to_i,
- http_read_timeout: 5,
+ http_read_timeout: ENV.fetch('S3_READ_TIMEOUT'){ '5' }.to_i,
http_idle_timeout: 5,
retry_limit: 0,
}
@@ -107,10 +107,20 @@ elsif ENV['SWIFT_ENABLED'] == 'true'
else
Paperclip::Attachment.default_options.merge!(
storage: :filesystem,
- use_timestamp: true,
path: File.join(ENV.fetch('PAPERCLIP_ROOT_PATH', File.join(':rails_root', 'public', 'system')), ':prefix_path:class', ':attachment', ':id_partition', ':style', ':filename'),
url: ENV.fetch('PAPERCLIP_ROOT_URL', '/system') + '/:prefix_url:class/:attachment/:id_partition/:style/:filename',
)
end
Paperclip.options[:content_type_mappings] = { csv: Import::FILE_TYPES }
+
+# In some places in the code, we rescue this exception, but we don't always
+# load the S3 library, so it may be an undefined constant:
+
+unless defined?(Seahorse)
+ module Seahorse
+ module Client
+ class NetworkingError < StandardError; end
+ end
+ end
+end
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index cd29afac5..6662ef40b 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -42,6 +42,10 @@ class Rack::Attack
req.remote_ip == '127.0.0.1' || req.remote_ip == '::1'
end
+ Rack::Attack.blocklist('deny from blocklist') do |req|
+ IpBlock.blocked?(req.remote_ip)
+ end
+
throttle('throttle_authenticated_api', limit: 300, period: 5.minutes) do |req|
req.authenticated_user_id if req.api_request?
end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 3dc0edd6f..e5d1be4c6 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,7 @@
# Be sure to restart your server when you modify this file.
-Rails.application.config.session_store :cookie_store, key: '_mastodon_session', secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true')
+Rails.application.config.session_store :cookie_store, {
+ key: '_mastodon_session',
+ secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
+ same_site: :lax,
+}
diff --git a/config/initializers/twitter_regex.rb b/config/initializers/twitter_regex.rb
index f84f7c0cb..7f99a0005 100644
--- a/config/initializers/twitter_regex.rb
+++ b/config/initializers/twitter_regex.rb
@@ -29,7 +29,7 @@ module Twitter
( # $1 total match
(#{REGEXEN[:valid_url_preceding_chars]}) # $2 Preceding character
( # $3 URL
- ((?:https?|dat|dweb|ipfs|ipns|ssb|gopher):\/\/)? # $4 Protocol (optional)
+ ((?:https?|dat|dweb|ipfs|ipns|ssb|gopher|gemini):\/\/)? # $4 Protocol (optional)
(#{REGEXEN[:valid_domain]}) # $5 Domain(s)
(?::(#{REGEXEN[:valid_port_number]}))? # $6 Port number (optional)
(/#{REGEXEN[:valid_url_path]}*)? # $7 URL Path and anchor
generated by cgit v1.2.3-70-g09d2 (git 2.50.0) at 2025-08-09 21:16:00 +0000