Merge commit '7f16397f3c37a8e378239974b73afbfe2b6e6844' into glitch-soc/merge-upstream

Conflicts: - `lib/mastodon/version.rb`: Upstream bumped the mastodon API version, glitch-soc has a change on an adjacent line adding a glitch API version.
2026-03-29 03:00:33 +02:00 · 2026-02-27 21:25:37 +01:00
parent 36c0f3701e 7f16397f3c
commit 0e1ea3110e
86 changed files with 1440 additions and 273 deletions
--- a/config/application.rb
+++ b/config/application.rb
@@ -58,7 +58,7 @@ Bundler.require(:pam_authentication) if ENV['PAM_ENABLED'] == 'true'
 module Mastodon
  class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
-    config.load_defaults 8.0
+    config.load_defaults 8.1

    # Please, add to the `ignore` list any other `lib` subdirectories that do
    # not contain `.rb` files, or that should not be reloaded or eager loaded.
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -28,7 +28,7 @@ Rails.application.configure do

    config.cache_store = :redis_cache_store, REDIS_CONFIGURATION.cache
    config.public_file_server.headers = {
-      'Cache-Control' => "public, max-age=#{2.days.to_i}",
+      'cache-control' => "public, max-age=#{2.days.to_i}",
    }
  else
    config.action_controller.perform_caching = false
@@ -67,9 +67,18 @@ Rails.application.configure do
  # Highlight code that triggered database queries in logs.
  config.active_record.verbose_query_logs = true

+  # Append comments with runtime information tags to SQL queries in logs.
+  config.active_record.query_log_tags_enabled = true
+
  # Highlight code that enqueued background job in logs.
  config.active_job.verbose_enqueue_logs = true

+  # Highlight code that triggered redirect in logs.
+  config.action_dispatch.verbose_redirect_logs = true
+
+  # Suppress logger output for asset requests.
+  config.assets.quiet = true
+
  # Raises error for missing translations.
  # config.i18n.raise_on_missing_translations = true

--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -11,8 +11,10 @@ Rails.application.configure do
  # Eager load code on boot for better performance and memory savings (ignored by Rake tasks).
  config.eager_load = true

-  # Full error reports are disabled and caching is turned on.
+  # Full error reports are disabled.
  config.consider_all_requests_local = false
+
+  # Turn on fragment caching in view templates.
  config.action_controller.perform_caching = true

  # Do not fallback to assets pipeline if a precompiled asset is missed.
@@ -55,9 +57,8 @@ Rails.application.configure do
  # Use a different cache store in production.
  config.cache_store = :redis_cache_store, REDIS_CONFIGURATION.cache

-  # Disable caching for Action Mailer templates even if Action Controller
-  # caching is enabled.
-  config.action_mailer.perform_caching = false
+  # Prevent health checks from clogging up the logs.
+  config.silence_healthcheck_path = '/health'

  # Don't log any deprecations.
  config.active_support.report_deprecations = false
@@ -105,6 +106,9 @@ Rails.application.configure do
    'Referrer-Policy' => 'same-origin',
  }

+  # Only use :id for inspections in production.
+  config.active_record.attributes_for_inspect = [:id]
+
  # Enable DNS rebinding protection and other `Host` header attacks.
  # config.hosts = [
  #   "example.com",     # Allow requests from example.com
--- a/config/initializers/open_redirects.rb
+++ b/config/initializers/open_redirects.rb
@@ -1,7 +1,12 @@
 # frozen_string_literal: true

-# TODO: Starting with Rails 7.0, the framework default is true for this setting.
-# This location in devise redirects and we can't hook in or override:
-# https://github.com/heartcombo/devise/blob/v4.9.3/app/controllers/devise/confirmations_controller.rb#L28
-# When solution is found, this setting can go back to default.
-Rails.application.config.action_controller.raise_on_open_redirects = false
+# In the Devise confirmations#show action, a redirect_to is called:
+# https://github.com/heartcombo/devise/blob/v5.0.0/app/controllers/devise/confirmations_controller.rb#L28
+#
+# We override the `after_confirmation_path_for` method in a way which sometimes
+# returns raw URLs to external hosts, as part of the auth workflow.
+# Discussion: https://github.com/mastodon/mastodon/pull/36505#discussion_r2782876831
+
+Rails.application.reloader.to_prepare do
+  ActionController::Base.action_on_open_redirect = :log
+end
--- a/config/locales/activerecord.fr.yml
+++ b/config/locales/activerecord.fr.yml
@@ -3,7 +3,7 @@ fr:
  activerecord:
    attributes:
      poll:
-        expires_at: Date d'expiration
+        expires_at: Date d'échéance
        options: Choix
      user:
        agreement: Contrat de service
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
@@ -267,6 +267,7 @@ it:
        demote_user_html: "%{name} ha retrocesso l'utente %{target}"
        destroy_announcement_html: "%{name} ha eliminato l'annuncio %{target}"
        destroy_canonical_email_block_html: "%{name} ha sbloccato l'e-mail con l'hash %{target}"
+        destroy_collection_html: "%{name} ha rimosso la collezione di %{target}"
        destroy_custom_emoji_html: "%{name} ha eliminato l'emoji %{target}"
        destroy_domain_allow_html: "%{name} non ha consentito la federazione con il dominio %{target}"
        destroy_domain_block_html: "%{name} ha sbloccato il dominio %{target}"
@@ -306,6 +307,7 @@ it:
        unsilence_account_html: "%{name} ha riattivato l'account di %{target}"
        unsuspend_account_html: "%{name} ha annullato la sospensione dell'account di %{target}"
        update_announcement_html: "%{name} ha aggiornato l'annuncio %{target}"
+        update_collection_html: "%{name} ha aggiornato la collezione di %{target}"
        update_custom_emoji_html: "%{name} ha aggiornato emoji %{target}"
        update_domain_block_html: "%{name} ha aggiornato il blocco dominio per %{target}"
        update_ip_block_html: "%{name} ha cambiato la regola per l'IP %{target}"
--- a/config/locales/pt-PT.yml
+++ b/config/locales/pt-PT.yml
@@ -267,6 +267,7 @@ pt-PT:
        demote_user_html: "%{name} despromoveu o utilizador %{target}"
        destroy_announcement_html: "%{name} eliminou a mensagem de manutenção %{target}"
        destroy_canonical_email_block_html: "%{name} desbloqueou o e-mail com a hash %{target}"
+        destroy_collection_html: "%{name} removeu a coleção de %{target}"
        destroy_custom_emoji_html: "%{name} eliminou o emoji %{target}"
        destroy_domain_allow_html: "%{name} bloqueou a federação com o domínio %{target}"
        destroy_domain_block_html: "%{name} desbloqueou o domínio %{target}"
@@ -306,6 +307,7 @@ pt-PT:
        unsilence_account_html: "%{name} deixou de limitar a conta de %{target}"
        unsuspend_account_html: "%{name} desativou a suspensão de %{target}"
        update_announcement_html: "%{name} atualizou a mensagem de manutenção %{target}"
+        update_collection_html: "%{name} atualizou a coleção de %{target}"
        update_custom_emoji_html: "%{name} atualizou o emoji %{target}"
        update_domain_block_html: "%{name} atualizou o bloqueio de domínio para %{target}"
        update_ip_block_html: "%{name} alterou regra para o IP %{target}"
@@ -686,6 +688,7 @@ pt-PT:
      cancel: Cancelar
      category: Categoria
      category_description_html: A razão pela qual esta conta e/ou conteúdo foi denunciado será citada na comunicação com a conta denunciada
+      collections: Coleções (%{count})
      comment:
        none: Nenhum
      comment_description_html: 'Para fornecer mais informações, %{name} escreveu:'
@@ -721,6 +724,7 @@ pt-PT:
      resolved_msg: Denúncia resolvida com sucesso!
      skip_to_actions: Passar para as ações
      status: Estado
+      statuses: Publicações (%{count})
      statuses_description_html: O conteúdo ofensivo será citado na comunicação com a conta denunciada
      summary:
        action_preambles:
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
@@ -267,6 +267,7 @@ tr:
        demote_user_html: "%{name}, %{target} kullanıcısını düşürdü"
        destroy_announcement_html: "%{name}, %{target} duyurusunu sildi"
        destroy_canonical_email_block_html: "%{name}, %{target} karmasıyla e-posta engelini kaldırdı"
+        destroy_collection_html: "%{name}, %{target} kullanıcısının koleksiyonunu kaldırdı"
        destroy_custom_emoji_html: "%{name}, %{target} ifadesini sildi"
        destroy_domain_allow_html: "%{name}, %{target} alan adıyla birlik iznini kaldırdı"
        destroy_domain_block_html: "%{name}, %{target} alan adı engelini kaldırdı"
@@ -306,6 +307,7 @@ tr:
        unsilence_account_html: "%{name}, %{target} kullanıcısının hesabının sessizliğini kaldırdı"
        unsuspend_account_html: "%{name}, %{target} kullanıcısının hesabının askı durumunu kaldırdı"
        update_announcement_html: "%{name}, %{target} duyurusunu güncelledi"
+        update_collection_html: "%{name}, %{target} kullanıcısının koleksiyonunu güncelledi"
        update_custom_emoji_html: "%{name}, %{target} emojisini güncelledi"
        update_domain_block_html: "%{name}, %{target} alan adının engelini güncelledi"
        update_ip_block_html: "%{name}, %{target} IP adresi için kuralı güncelledi"
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -12,7 +12,7 @@ class RedirectWithVary < ActionDispatch::Routing::PathRedirect
 end

 def redirect_with_vary(path)
-  RedirectWithVary.new(301, path)
+  RedirectWithVary.new(301, path, caller(1..1).first)
 end

 Rails.application.routes.draw do
@@ -125,6 +125,7 @@ Rails.application.routes.draw do
  scope path: 'ap', as: 'ap' do
    resources :accounts, path: 'users', only: [:show], param: :id, concerns: :account_resources do
      resources :collection_items, only: [:show]
+      resources :feature_authorizations, only: [:show], module: :activitypub
      resources :featured_collections, only: [:index], module: :activitypub

      resources :statuses, only: [:show] do