diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1dcc4aa4a..494d1cab4 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -11,7 +11,6 @@ class ApplicationController < ActionController::Base
before_action :set_safe_mode
# before_action :secure_cookies_check
layout "default"
- force_ssl :if => :ssl_login?
helper_method :show_moderation_notice?
before_action :enable_cors
@@ -32,10 +31,6 @@ class ApplicationController < ActionController::Base
CurrentUser.can_approve_posts? && (cookies[:moderated].blank? || Time.at(cookies[:moderated].to_i) < 20.hours.ago)
end
- def ssl_login?
- cookies[:ssl_login].present?
- end
-
def enable_cors
response.headers["Access-Control-Allow-Origin"] = "*"
end
diff --git a/app/controllers/user_upgrades_controller.rb b/app/controllers/user_upgrades_controller.rb
index b126d2aee..4e030a065 100644
--- a/app/controllers/user_upgrades_controller.rb
+++ b/app/controllers/user_upgrades_controller.rb
@@ -1,7 +1,6 @@
class UserUpgradesController < ApplicationController
before_action :member_only, :only => [:new, :show]
helper_method :user
- force_ssl :if => :ssl_enabled?
skip_before_action :verify_authenticity_token, only: [:create]
def create
@@ -57,8 +56,4 @@ class UserUpgradesController < ApplicationController
redirect_to user_upgrade_path
end
-
- def ssl_enabled?
- !Rails.env.development? && !Rails.env.test?
- end
end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 9e6dc0317..2c99c6bef 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -71,12 +71,6 @@ class UsersController < ApplicationController
respond_with(@user, location: edit_user_path(@user))
end
- def cache
- @user = User.find(params[:id])
- @user.update_cache
- render plain: ""
- end
-
private
def check_privilege(user)
diff --git a/app/logical/session_creator.rb b/app/logical/session_creator.rb
index 7174a1148..b21c3eb72 100644
--- a/app/logical/session_creator.rb
+++ b/app/logical/session_creator.rb
@@ -28,14 +28,6 @@ class SessionCreator
}
end
- if secure
- cookies.permanent[:ssl_login] = {
- :value => "1",
- :secure => true,
- :httponly => true
- }
- end
-
session[:user_id] = user.id
user.update_column(:last_ip_addr, ip_addr)
return true
diff --git a/app/models/user.rb b/app/models/user.rb
index 5b504ea1c..b55226113 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -191,7 +191,7 @@ class User < ApplicationRecord
def update_remote_cache
if saved_change_to_name?
Danbooru.config.other_server_hosts.each do |server|
- HTTParty.delete("http://#{server}/users/#{id}/cache", Danbooru.config.httparty_options)
+ delay(queue: server).update_cache
end
end
rescue Exception
diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb
index 9fec67a23..c77fdcd47 100644
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -168,7 +168,7 @@ class PostPresenter < Presenter
def safe_mode_message(template)
html = ["This image is unavailable on safe mode (#{Danbooru.config.app_name}). Go to "]
- html << template.link_to("Danbooru", "http://danbooru.donmai.us")
+ html << template.link_to("Danbooru", "http://danbooru.donmai.us") # XXX don't hardcode.
html << " or disable safe mode to view ("
html << template.link_to("learn more", template.wiki_pages_path(title: "help:user_settings"))
html << ")."
diff --git a/app/views/layouts/default.html.erb b/app/views/layouts/default.html.erb
index d0f854bbe..09d58b2a8 100644
--- a/app/views/layouts/default.html.erb
+++ b/app/views/layouts/default.html.erb
@@ -48,9 +48,9 @@
"@context" : "http://schema.org",
"@type" : "Organization",
"name" : "<%= Danbooru.config.app_name %>",
- "url" : "http://<%= Danbooru.config.hostname%>",
+ "url" : "<%= root_url %>",
"sameAs" : [
- "http://twitter.com/<%= Danbooru.config.twitter_site[1..-1] %>"
+ "https://twitter.com/<%= Danbooru.config.twitter_site[1..-1] %>"
]
}
@@ -59,10 +59,10 @@
{
"@context": "http://schema.org",
"@type": "WebSite",
- "url" : "http://<%= Danbooru.config.hostname %>",
+ "url" : "<%= root_url %>",
"potentialAction": [{
"@type": "SearchAction",
- "target": "http://<%= Danbooru.config.hostname %>/posts?tags={search_term_string}",
+ "target": "<%= posts_url %>?tags={search_term_string}",
"query-input": "required name=search_term_string"
}]
}
@@ -73,7 +73,7 @@
"@type": "WebSite",
"name": "<%= Danbooru.config.app_name %>",
"alternateName": "<%= Danbooru.config.description %>",
- "url" : "http://<%= Danbooru.config.hostname %>"
+ "url" : "<%= root_url %>"
}
diff --git a/app/views/legacy/create_post.xml.erb b/app/views/legacy/create_post.xml.erb
index d8eea6d96..1cd4dbe4c 100644
--- a/app/views/legacy/create_post.xml.erb
+++ b/app/views/legacy/create_post.xml.erb
@@ -1,5 +1,5 @@
0
- http://<%= Danbooru.config.hostname %>/uploads/<%= @upload.id %>
+ <%= upload_url(@upload) %>
diff --git a/app/views/static/mrtg.html.erb b/app/views/static/mrtg.html.erb
index e4f11a515..2245ef9bb 100644
--- a/app/views/static/mrtg.html.erb
+++ b/app/views/static/mrtg.html.erb
@@ -2,37 +2,37 @@
5 min
-
+
30 min
-
+
2 hour
-
+
1 day
-
+
hijiribe
5 min
-
+
30 min
-
+
2 hour
-
+
1 day
-
+
<% content_for(:page_title) do %>
MRTG - <%= Danbooru.config.app_name %>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 8a850a2b7..01ea347bf 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -93,7 +93,7 @@
<%= f.input :disable_responsive_mode, :as => :select, :collection => [["No", "false"], ["Yes", "true"]], :include_blank => false, :hint => "Disable alternative layout for mobile and tablet" %>
- <%= f.input :custom_style, :label => "Custom CSS style".html_safe, :hint => "Style to apply to the whole site.", :input_html => {:size => "40x5"} %>
+ <%= f.input :custom_style, :label => "Custom CSS style".html_safe, :hint => "Style to apply to the whole site.", :input_html => {:size => "40x5"} %>
<%= f.button :submit, "Submit" %>
diff --git a/config/application.rb b/config/application.rb
index 92d06bc4b..54701f8b4 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -6,11 +6,13 @@ if defined?(Bundler)
end
Bundler.require(*Rails.groups)
+require_relative "danbooru_default_config"
+require_relative "danbooru_local_config"
+
module Danbooru
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
config.load_defaults 5.1
-
config.active_record.schema_format = :sql
config.encoding = "utf-8"
config.filter_parameters += [:password]
@@ -24,6 +26,17 @@ module Danbooru
config.action_mailer.perform_deliveries = true
config.log_tags = [lambda {|req| "PID:#{Process.pid}"}]
config.action_controller.action_on_unpermitted_parameters = :raise
+ config.force_ssl = true
+
+ if Rails.env.production? && Danbooru.config.ssl_options.present?
+ config.ssl_options = Danbooru.config.ssl_options
+ else
+ config.ssl_options = {
+ hsts: false,
+ secure_cookies: false,
+ redirect: { exclude: ->(request) { true } }
+ }
+ end
if File.exists?("#{config.root}/REVISION")
config.x.git_hash = File.read("#{config.root}/REVISION").strip
diff --git a/config/danbooru_default_config.rb b/config/danbooru_default_config.rb
index 821ce89af..329c8143b 100644
--- a/config/danbooru_default_config.rb
+++ b/config/danbooru_default_config.rb
@@ -198,6 +198,26 @@ module Danbooru
1.week.ago
end
+ # Permanently redirect all HTTP requests to HTTPS.
+ #
+ # https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
+ # http://api.rubyonrails.org/classes/ActionDispatch/SSL.html
+ def ssl_options
+ {
+ redirect: { exclude: ->(request) { request.subdomain == "insecure" } },
+ hsts: {
+ expires: 1.year,
+ preload: true,
+ subdomains: false,
+ },
+ }
+ end
+
+ # Disable the forced use of HTTPS.
+ # def ssl_options
+ # false
+ # end
+
# The name of the server the app is hosted on.
def server_host
Socket.gethostname
@@ -772,4 +792,10 @@ module Danbooru
end
end
end
+
+ def config
+ @configuration ||= EnvironmentConfiguration.new
+ end
+
+ module_function :config
end
diff --git a/config/initializers/danbooru_config.rb b/config/initializers/danbooru_config.rb
deleted file mode 100644
index 78a505bae..000000000
--- a/config/initializers/danbooru_config.rb
+++ /dev/null
@@ -1,10 +0,0 @@
-require "#{Rails.root}/config/danbooru_default_config"
-require "#{Rails.root}/config/danbooru_local_config"
-
-module Danbooru
- def config
- @configuration ||= EnvironmentConfiguration.new
- end
-
- module_function :config
-end
diff --git a/config/routes.rb b/config/routes.rb
index 3b799e2c7..9ee17368d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -291,10 +291,6 @@ Rails.application.routes.draw do
get :search
get :custom_style
end
-
- member do
- delete :cache
- end
end
resource :user_upgrade, :only => [:new, :create, :show]
resources :user_feedbacks do
diff --git a/script/install/nginx.danbooru.conf b/script/install/nginx.danbooru.conf
index 10f6bddd8..d1b15b869 100644
--- a/script/install/nginx.danbooru.conf
+++ b/script/install/nginx.danbooru.conf
@@ -71,7 +71,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
- proxy_set_header X-Forwarded-Proto http;
+ proxy_set_header X-Forwarded-Proto $scheme;
}
location / {