Merge branch 'security-2.9' into release/2.9.0

config/config.exs

@@ -150,7 +150,10 @@ config :mime, :types, %{
   "application/xrd+xml" => ["xrd+xml"],
   "application/jrd+json" => ["jrd+json"],
   "application/activity+json" => ["activity+json"],
-  "application/ld+json" => ["activity+json"]
+  "application/ld+json" => ["activity+json"],
+  # Can be removed when bumping MIME past 2.0.5
+  # see https://akkoma.dev/AkkomaGang/akkoma/issues/657
+  "image/apng" => ["apng"]
 }
 
 config :tesla, adapter: Tesla.Adapter.Hackney
@@ -359,7 +362,8 @@ config :pleroma, :activitypub,
   follow_handshake_timeout: 500,
   note_replies_output_limit: 5,
   sign_object_fetches: true,
-  authorized_fetch_mode: false
+  authorized_fetch_mode: false,
+  client_api_enabled: false
 
 config :pleroma, :streamer,
   workers: 3,

config/description.exs

@@ -1772,6 +1772,11 @@ config :pleroma, :config_description, [
         type: :integer,
         description: "Following handshake timeout",
         suggestions: [500]
+      },
+      %{
+        key: :client_api_enabled,
+        type: :boolean,
+        description: "Allow client to server ActivityPub interactions"
       }
     ]
   },

config/test.exs

@@ -38,7 +38,10 @@ config :pleroma, :instance,
   external_user_synchronization: false,
   static_dir: "test/instance_static/"
 
-config :pleroma, :activitypub, sign_object_fetches: false, follow_handshake_timeout: 0
+config :pleroma, :activitypub,
+  sign_object_fetches: false,
+  follow_handshake_timeout: 0,
+  client_api_enabled: true
 
 # Configure your database
 config :pleroma, Pleroma.Repo,