Merge remote-tracking branch 'origin/develop' into shigusegubu

* origin/develop: (92 commits)
  Web.MastodonApi.MastodonSocketTest: Add test for unauthenticated websocket
  Web.Streamer: Get unauthenticated statuses representation
  Web.MastodonAPI.MastodonSocket: Put access_token at function-level
  Web.MastodonAPI.MastodonSocket: Add unauthentified websocket endpoints
  Improved version string
  mediaproxy: fix empty url & add some tests
  RetryQueue: tiny refractor, add tests
  Various runtime configuration fixes
  update pleroma frontend
  Federator: add retry queue.
  activitypub: object view: avoid leaking private details
  ostatus controller: respond with AS2 objects instead of activities to notice URIs
  tests: federator: fix formatting
  activitypub: transmogrifier: make deletes secure
  Web.AdminAPI.AdminAPIControllerTest: New Test
  Web.AdminAPI.AdminAPIController: Fixes bugs found with ExUnit
  test/plugs/user_is_admin_plug_test: New test
  lib/mix/tasks/relay*: Use a with block
  Change Relay from `status` to `{status, message}`
  Web.Router: Change right to permission group (except for function names)
  ...

config/config.exs

@@ -23,6 +23,10 @@ config :pleroma, Pleroma.Uploaders.S3,
   public_endpoint: "https://s3.amazonaws.com",
   force_media_proxy: false
 
+config :pleroma, Pleroma.Uploaders.MDII,
+  cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi",
+  files: "https://mdii.sakura.ne.jp"
+
 config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"]
 
 config :pleroma, :uri_schemes,
@@ -48,6 +52,7 @@ config :pleroma, Pleroma.Web.Endpoint,
   url: [host: "localhost"],
   protocol: "https",
   secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl",
+  signing_salt: "CqaoopA2",
   render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)],
   pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2],
   secure_cookie_flag: true
@@ -68,18 +73,10 @@ config :pleroma, :websub, Pleroma.Web.Websub
 config :pleroma, :ostatus, Pleroma.Web.OStatus
 config :pleroma, :httpoison, Pleroma.HTTP
 
-version =
-  with {version, 0} <- System.cmd("git", ["rev-parse", "HEAD"]) do
-    "Pleroma #{Mix.Project.config()[:version]} #{String.trim(version)}"
-  else
-    _ -> "Pleroma #{Mix.Project.config()[:version]} dev"
-  end
-
 # Configures http settings, upstream proxy etc.
 config :pleroma, :http, proxy_url: nil
 
 config :pleroma, :instance,
-  version: version,
   name: "Shigusegubu",
   email: "pleroma@hjkos.com",
   description: "SigSegV, a pleroma instance",
@@ -176,6 +173,13 @@ config :pleroma, :suggestions,
   limit: 23,
   web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
 
+config :pleroma, :http_security,
+  enabled: true,
+  sts: false,
+  sts_max_age: 31_536_000,
+  ct_max_age: 2_592_000,
+  referrer_policy: "same-origin"
+
 config :cors_plug,
   max_age: 86_400,
   methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],

config/config.md

@@ -80,3 +80,10 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``unfollow_blocked``: Whether blocks result in people getting unfollowed
 * ``outgoing_blocks``: Whether to federate blocks to other instances
 * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
+
+## :http_security
+* ``enabled``: Whether the managed content security policy is enabled
+* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
+* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
+* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent
+* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.

config/prod.exs

@@ -14,6 +14,7 @@ use Mix.Config
 # manifest is generated by the mix phoenix.digest task
 # which you typically run after static files are built.
 config :pleroma, Pleroma.Web.Endpoint,
+  server: true,
   http: [port: 4000],
   protocol: "http"