Merge remote-tracking branch 'origin/master' into gs-master

Conflicts: app/controllers/home_controller.rb app/controllers/stream_entries_controller.rb app/javascript/mastodon/locales/ja.json app/javascript/mastodon/locales/pl.json
2018-04-18 18:48:12 -05:00
parent 813da6788e ff87d1bc3e
commit 16d5217502
124 changed files with 2089 additions and 995 deletions
--- a/app/controllers/api/web/base_controller.rb
+++ b/app/controllers/api/web/base_controller.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Api::Web::BaseController < Api::BaseController
+  protect_from_forgery with: :exception
+
+  rescue_from ActionController::InvalidAuthenticityToken do
+    render json: { error: "Can't verify CSRF token authenticity." }, status: 422
+  end
+end
--- a/app/controllers/api/web/embeds_controller.rb
+++ b/app/controllers/api/web/embeds_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true

-class Api::Web::EmbedsController < Api::BaseController
+class Api::Web::EmbedsController < Api::Web::BaseController
  respond_to :json

  before_action :require_user!
--- a/app/controllers/api/web/push_subscriptions_controller.rb
+++ b/app/controllers/api/web/push_subscriptions_controller.rb
@@ -1,10 +1,9 @@
 # frozen_string_literal: true

-class Api::Web::PushSubscriptionsController < Api::BaseController
+class Api::Web::PushSubscriptionsController < Api::Web::BaseController
  respond_to :json

  before_action :require_user!
-  protect_from_forgery with: :exception

  def create
    active_session = current_session
--- a/app/controllers/api/web/settings_controller.rb
+++ b/app/controllers/api/web/settings_controller.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true

-class Api::Web::SettingsController < Api::BaseController
+class Api::Web::SettingsController < Api::Web::BaseController
  respond_to :json

  before_action :require_user!
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -2,7 +2,9 @@

 class HomeController < ApplicationController
  before_action :authenticate_user!
+
  before_action :set_pack
+  before_action :set_referrer_policy_header
  before_action :set_initial_state_json

  def index
@@ -67,4 +69,8 @@ class HomeController < ApplicationController
      about_path
    end
  end
+
+  def set_referrer_policy_header
+    response.headers['Referrer-Policy'] = 'origin'
+  end
 end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -13,6 +13,7 @@ class StatusesController < ApplicationController
  before_action :set_link_headers
  before_action :check_account_suspension
  before_action :redirect_to_original, only: [:show]
+  before_action :set_referrer_policy_header, only: [:show]
  before_action :set_cache_headers

  def show
@@ -83,4 +84,9 @@ class StatusesController < ApplicationController
  def redirect_to_original
    redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog?
  end
+
+  def set_referrer_policy_header
+    return if @status.public_visibility? || @status.unlisted_visibility?
+    response.headers['Referrer-Policy'] = 'origin'
+  end
 end
--- a/app/controllers/stream_entries_controller.rb
+++ b/app/controllers/stream_entries_controller.rb
@@ -16,8 +16,7 @@ class StreamEntriesController < ApplicationController
    respond_to do |format|
      format.html do
        use_pack 'public'
-        @ancestors   = @stream_entry.activity.reply? ? cache_collection(@stream_entry.activity.ancestors(current_account), Status) : []
-        @descendants = cache_collection(@stream_entry.activity.descendants(current_account), Status)
+        redirect_to short_account_status_url(params[:account_username], @stream_entry.activity) if @type == 'status'
      end

      format.atom do