Merge commit '2016c5d912f400ae98ee03ce269112de2f9ec62d' into glitch-soc/merge-upstream

Conflicts: - `config/initializers/cors.rb`: Upstream refactored this file, and glitch-soc had local changes. I could not find the rationale for the glitch-soc changes, so I used upstream's version.
2023-10-08 16:41:56 +02:00
parent cfc0da77ac 2016c5d912
commit d7fcd70023
16 changed files with 115 additions and 122 deletions
--- a/config/initializers/cors.rb
+++ b/config/initializers/cors.rb
@@ -11,30 +11,16 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'

-    resource '/.well-known/*',
-      headers: :any,
-      methods: [:get],
-      credentials: false
-    resource '/@:username',
-      headers: :any,
-      methods: [:get],
-      credentials: false
-    resource '/users/:username',
-      headers: :any,
-      methods: [:get],
-      credentials: false
-    resource '/api/*',
-      headers: :any,
-      methods: [:post, :put, :delete, :get, :patch, :options],
-      credentials: false,
-      expose: ['Link', 'X-RateLimit-Reset', 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'X-Request-Id']
-    resource '/oauth/token',
-      headers: :any,
-      methods: [:post],
-      credentials: false
-    resource '/assets/*', headers: :any, methods: [:get, :head, :options]
-    resource '/stylesheets/*', headers: :any, methods: [:get, :head, :options]
-    resource '/javascripts/*', headers: :any, methods: [:get, :head, :options]
-    resource '/packs/*', headers: :any, methods: [:get, :head, :options]
+    with_options headers: :any, credentials: false do
+      with_options methods: [:get] do
+        resource '/.well-known/*'
+        resource '/@:username'
+        resource '/users/:username'
+      end
+      resource '/api/*',
+               expose: %w(Link X-RateLimit-Reset X-RateLimit-Limit X-RateLimit-Remaining X-Request-Id),
+               methods: %i(post put delete get patch options)
+      resource '/oauth/token', methods: [:post]
+    end
  end
 end
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,7 +2,10 @@

 # Be sure to restart your server when you modify this file.

-Rails.application.config.session_store :cookie_store,
-  key: '_mastodon_session',
-  secure: false, # All cookies have their secure flag set by the force_ssl option in production
-  same_site: :lax
+Rails
+  .application
+  .config
+  .session_store :cookie_store,
+                 key: '_mastodon_session',
+                 secure: false, # All cookies have their secure flag set by the force_ssl option in production
+                 same_site: :lax