1. 25 Oct, 2018 2 commits
    • Eugen Rochko's avatar
      Bump version to 2.6.0rc2 (#9087) · 2f0797bd
      Eugen Rochko authored
      * Bump version to 2.6.0rc2
      
      * Update CHANGELOG.md
      2f0797bd
    • Ben Lubar's avatar
      Allow cross-origin requests to /.well-known/* URLs. (#9083) · 13e049d7
      Ben Lubar authored
      Right now, this includes three endpoints: host-meta, webfinger, and change-password.
      
      host-meta and webfinger are publicly available and do not use any authentication. Nothing bad can be done by accessing them in a user's browser.
      
      change-password being CORS-enabled will only reveal the URL it redirects to (which is /auth/edit) but not anything about the actual /auth/edit page, because it does not have CORS enabled.
      
      The documentation for hosting an instance on a different domain should also be updated to point out that Access-Control-Allow-Origin: * should be set at a minimum for the /.well-known/host-meta redirect to allow browser-based non-proxied instance discovery.
      13e049d7
  2. 24 Oct, 2018 9 commits
  3. 23 Oct, 2018 4 commits
  4. 22 Oct, 2018 6 commits
  5. 21 Oct, 2018 9 commits
  6. 20 Oct, 2018 7 commits
  7. 19 Oct, 2018 3 commits