Go to file
Kevin Wallace 9db7bdf0fb remote follow: use HTML redirect to work around CSP issue
In Chrome, I get the following when trying to use the remote follow form:

    Refused to send form data to 'https://example.com/remote_follow'
    because it violates the following Content Security Policy directive:
    "form-action 'self'".

It seems some browsers (but notably not Firefox) apply the form-action
policy to the redirect target in addition to the initial form
submission endpoint.  See:

    https://github.com/w3c/webappsec-csp/issues/8

In that thread, this workaround is suggested.
2022-11-13 17:11:02 +01:00
alembic Add slug support for Article 2022-10-30 17:50:59 +01:00
app remote follow: use HTML redirect to work around CSP issue 2022-11-13 17:11:02 +01:00
data Allow templates to be overridden in data/templates/ 2022-11-07 18:46:21 +01:00
docs Add support for setting a custom CSP 2022-11-09 21:26:43 +01:00
misc Add missing autorestart for supervisord config 2022-09-01 12:35:15 +02:00
scripts Minor tweaks about non-root handling 2022-11-04 19:28:21 +01:00
tests Improved Block support 2022-10-18 21:39:09 +02:00
.build.yml Switch to Ubuntu for CI (way faster than with alpine) 2022-07-01 19:34:29 +02:00
.dockerignore Tweak .dockerignore 2022-07-30 08:48:13 +02:00
.flake8 Initial commit for new v2 2022-06-22 20:11:22 +02:00
.gitignore Generate a basic favicon dynamically 2022-07-22 08:46:14 +02:00
Dockerfile Tweak Dockerfile 2022-09-18 21:33:50 +02:00
LICENSE Fix LICENSE 2022-08-05 19:32:22 +02:00
Makefile Fix password reset task 2022-10-23 16:40:56 +02:00
README.md Tweak README 2022-10-10 11:05:36 +02:00
alembic.ini Reset DB migrations 2022-07-28 19:28:18 +02:00
boussole.json Fix boussole config 2022-06-22 21:21:50 +02:00
docker-compose.yml Fix Docker compose config 2022-07-28 20:28:53 +02:00
poetry.lock Fix OG metadata scraping and improve workers 2022-11-13 13:00:22 +01:00
pyproject.toml Fix OG metadata scraping and improve workers 2022-11-13 13:00:22 +01:00
tasks.py Added the ability to use a custom favicon. 2022-10-19 09:03:58 +02:00

README.md

microblog.pub

A self-hosted, single-user, ActivityPub powered microblog.

builds.sr.ht status AGPL 3.0

Instances in the wild:

There are still some rough edges, but the server is mostly functional.

Features

  • Implements the ActivityPub server to server protocol
    • Federate with all the other popular ActivityPub servers like Pleroma, PixelFed, PeerTube, Mastodon...
    • Consume most of the content types available (notes, articles, videos, pictures...)
  • Exposes your ActivityPub profile as a minimalist microblog
    • Author notes in Markdown, with code highlighting support
    • Dedicated section for articles/blog posts (enabled when the first article is posted)
  • Lightweight
    • Uses SQLite, and Python 3.10+
    • Can be deployed on small VPS
  • Privacy-aware
    • EXIF metadata (like GPS location) are stripped before storage
    • Every media is proxied through the server
    • Strict access control for your outbox enforced via HTTP signature
  • No Javascript
    • The UI is pure HTML/CSS
    • Except tiny bits of hand-written JS in the note composer to insert emoji and add alt text to images
  • IndieWeb citizen
  • Easy to backup
    • Everything is stored in the data/ directory: config, uploads, secrets and the SQLite database.

Getting started

Check out the online documentation.

Credits

Contributing

All the development takes place on sourcehut, GitHub is only used as a mirror:

Contributions are welcomed, check out the documentation for more details.

License

The project is licensed under the GNU AGPL v3 LICENSE (see the LICENSE file).