Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- app/controllers/admin/base_controller.rb
  Some refactoring made upstream, no real conflict.
- app/javascript/mastodon/features/compose/components/compose_form.js
  Updated using upstream's code but using maxChars instead of the
  hardcoded length of 500 characters per toot.
- app/javascript/styles/mastodon/components.scss
  Upstream redesigned the onboarding modal. Not sure why we had a
  conflict there.

app/controllers/admin/base_controller.rb

@@ -20,5 +20,9 @@ module Admin
     def set_pack
       use_pack 'admin'
     end
+
+    def set_user
+      @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
+    end
   end
 end

app/controllers/admin/confirmations_controller.rb

@@ -25,10 +25,6 @@ module Admin
 
     private
 
-    def set_user
-      @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
-    end
-
     def check_confirmation
       if @user.confirmed?
         flash[:error] = I18n.t('admin.accounts.resend_confirmation.already_confirmed')

app/controllers/admin/resets_controller.rb

@@ -10,11 +10,5 @@ module Admin
       log_action :reset_password, @user
       redirect_to admin_accounts_path
     end
-
-    private
-
-    def set_user
-      @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
-    end
   end
 end

app/controllers/admin/roles_controller.rb

@@ -17,11 +17,5 @@ module Admin
       log_action :demote, @user
       redirect_to admin_account_path(@user.account_id)
     end
-
-    private
-
-    def set_user
-      @user = Account.find(params[:account_id]).user || raise(ActiveRecord::RecordNotFound)
-    end
   end
 end

app/controllers/admin/two_factor_authentications_controller.rb

@@ -2,7 +2,7 @@
 
 module Admin
   class TwoFactorAuthenticationsController < BaseController
-    before_action :set_user
+    before_action :set_target_user
 
     def destroy
       authorize @user, :disable_2fa?
@@ -13,7 +13,7 @@ module Admin
 
     private
 
-    def set_user
+    def set_target_user
       @user = User.find(params[:user_id])
     end
   end

app/controllers/directories_controller.rb

@@ -37,22 +37,12 @@ class DirectoriesController < ApplicationController
   end
 
   def set_accounts
-    @accounts = Account.searchable.discoverable.page(params[:page]).per(50).tap do |query|
+    @accounts = Account.discoverable.page(params[:page]).per(30).tap do |query|
       query.merge!(Account.tagged_with(@tag.id)) if @tag
-
-      if popular_requested?
-        query.merge!(Account.popular)
-      else
-        query.merge!(Account.by_recent_status)
-      end
     end
   end
 
   def set_instance_presenter
     @instance_presenter = InstancePresenter.new
   end
-
-  def popular_requested?
-    request.path.ends_with?('/popular')
-  end
 end

app/controllers/media_controller.rb

@@ -6,12 +6,17 @@ class MediaController < ApplicationController
   before_action :set_media_attachment
   before_action :verify_permitted_status!
 
+  content_security_policy only: :player do |p|
+    p.frame_ancestors(false)
+  end
+
   def show
     redirect_to @media_attachment.file.url(:original)
   end
 
   def player
     @body_classes = 'player'
+    response.headers['X-Frame-Options'] = 'ALLOWALL'
     raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
   end