 # Contribution guide
-We're glad you're interested in contributing Misskey! In this document you will find the information you need to contribute to the project.
-> **Note**
-> This project uses Japanese as its major language, **but you do not need to translate and write the Issues/PRs in Japanese.**
-> Also, you might receive comments on your Issue/PR in Japanese, but you do not need to reply to them in Japanese as well.\
-> The accuracy of machine translation into Japanese is not high, so it will be easier for us to understand if you write it in the original language.
-> It will also allow the reader to use the translation tool of their preference if necessary.
+We're glad you're interested in contributing to Sharkey! In this document you will find the information you need to contribute to the project.
 ## Roadmap
-See [ROADMAP.md](./ROADMAP.md)
+See [ROADMAP.md](./ROADMAP.md) for the upstream Misskey roadmap.
 ## Issues
 Before creating an issue, please check the following:
 - To avoid duplication, please search for similar issues before creating a new issue.
 - Do not use Issues to ask questions or troubleshooting.
 	- Issues should only be used to feature requests, suggestions, and bug tracking.
-	- Please ask questions or troubleshooting in [GitHub Discussions](https://github.com/misskey-dev/misskey/discussions) or [Discord](https://discord.gg/Wp8gVStHW3).
+	- Please ask questions or troubleshooting in [Discord](https://discord.gg/6VgKmEqHNk).
 > **Warning**
 > Do not close issues that are about to be resolved. It should remain open until a commit that actually resolves it is merged.
 ## Before implementation
-When you want to add a feature or fix a bug, **first have the design and policy reviewed in an Issue** (if it is not there, please make one). Without this step, there is a high possibility that the PR will not be merged even if it is implemented.
+When you want to add a feature or fix a bug, *please open an issue*,
+don't just start writing code. We may suggest different approaches, or
+show that the "bug" is actually intended behaviour (and offer
+work-arounds), or maybe we won't be able to merge your new feature
+because it would make it too hard to incorporate future changes from
+Misskey. Each of these examples have actually happened!
-At this point, you also need to clarify the goals of the PR you will create, and make sure that the other members of the team are aware of them.
-PRs that do not have a clear set of do's and don'ts tend to be bloated and difficult to review.
+On the other hand, it's very likely that we'll tell you "go
+ahead!". We try our best to incorporate improvements from our users!
 Also, when you start implementation, assign yourself to the Issue (if you cannot do it yourself, ask another member to assign you). By expressing your intention to work the Issue, you can prevent conflicts in the work.
 ## Well-known branches
-- **`master`** branch is tracking the latest release and used for production purposes.
+- **`stable`** branch is tracking the latest release and used for production purposes.
 - **`develop`** branch is where we work for the next release.
 	- When you create a PR, basically target it to this branch.
-- **`l10n_develop`** branch is reserved for localization management.
 ## Creating a PR
 Thank you for your PR! Before creating a PR, please check the following:
@@ -40,7 +38,7 @@ Thank you for your PR! Before creating a PR, please check the following:
   - `fix` / `refactor` / `feat` / `enhance` / `perf` / `chore` etc
   - Also, make sure that the granularity of this PR is appropriate. Please do not include more than one type of change or interest in a single PR.
 - If there is an Issue which will be resolved by this PR, please include a reference to the Issue in the text.
-- Please add the summary of the changes to [`CHANGELOG.md`](/CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
+- Please add the summary of the changes to [`CHANGELOG.md`](CHANGELOG.md). However, this is not necessary for changes that do not affect the users, such as refactoring.
 - Check if there are any documents that need to be created or updated due to this change.
 - If you have added a feature or fixed a bug, please add a test case if possible.
 - Please make sure that tests and Lint are passed in advance.
@@ -66,26 +64,19 @@ Be willing to comment on the good points and not just the things you want fixed
 	- Are there any omissions or gaps?
 	- Does it check for anomalies?
-## Deploy
-The `/deploy` command by issue comment can be used to deploy the contents of a PR to the preview environment.
-/deploy sha=<commit hash>
-An actual domain will be assigned so you can test the federation.
 ## Merge
 ## Release
 ### Release Instructions
-1. Commit version changes in the `develop` branch ([package.json](https://github.com/misskey-dev/misskey/blob/develop/package.json))
+1. Commit version changes in the `develop` branch ([package.json](https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/package.json))
 2. Create a release PR.
-	- Into `master` from `develop` branch.
+	- Into `stable` from `develop` branch.
 	- The title must be in the format `Release: x.y.z`.
 		- `x.y.z` is the new version you are trying to release.
 3. Deploy and perform a simple QA check. Also verify that the tests passed.
 4. Merge it. (Do not squash commit)
-5. Create a [release of GitHub](https://github.com/misskey-dev/misskey/releases)
-	- The target branch must be `master`
+5. Create a [release](https://activitypub.software/TransFem-org/Sharkey/-/releases)
+	- The target branch must be `stable`
 	- The tag name must be the version
 > **Note**
@@ -156,7 +147,7 @@ pnpm dev
 ## Testing
-- Test codes are located in [`/packages/backend/test`](/packages/backend/test).
+- Test codes are located in [`/packages/backend/test`](packages/backend/test).
 ### Run test
 Create a config file.
@@ -188,8 +179,8 @@ TODO
 - `MISSKEY_WEBFINGER_USE_HTTP`: If it's set true, WebFinger requests will be http instead of https, useful for testing federation between servers in localhost. NEVER USE IN PRODUCTION.
 ## Continuous integration
-Misskey uses GitHub Actions for executing automated tests.
-Configuration files are located in [`/.github/workflows`](/.github/workflows).
+Sharkey uses GitLab CI for executing automated tests.
+Configuration files are located in [`/.gitlab-ci.yml`](.gitlab-ci.yml).
 ## Vue
 Misskey uses Vue(v3) as its front-end framework.
@@ -455,3 +446,30 @@ marginはそのコンポーネントを使う側が設定する
 ### indexというファイル名を使うな
 ESMではディレクトリインポートは廃止されているのと、ディレクトリインポートせずともファイル名が index だと何故か一部のライブラリ?でディレクトリインポートだと見做されてエラーになる
+## Merging from Misskey into Sharkey
+Make sure you have both remotes in the same clone (`git remote add misskey
+https://github.com/misskey-dev/misskey.git`), then:
+	git remote update
+	git checkout develop   # this is Sharkey's develop
+	git checkout -m merge/$(date +%Y-%m-%d)   # or whatever
+	git merge --no-ff misskey/develop
+fix conflicts and *commit*!
+*after that commit*, do all the extra work, on the same branch:
+* copy all changes:
+  * from `NoteCreateService.create` to `NoteCreateService.import` (and
+    vice versa if `git` got confused!)
+  * from `NoteCreateService` to `NoteEditService`
+  * from `ApNoteService.createNote` to `ApNoteService.updateNote`
+  * from `endoints/notes/create.ts` to `endoints/notes/edit.ts`
+  * from `MkNote*` to `SkNote*` (if sensible)
+* run tests `pnpm test` and fix as much as you can
+* run lint `pnpm --filter=backend lint` + `pnpm --filter=frontend
+  eslint` and fix as much as you can
+Then push and open a Merge Request.
@@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18
 FROM node:${NODE_VERSION} as build
-RUN corepack enable
-WORKDIR /sharkey
 RUN apk add git linux-headers build-base
@@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python
 RUN python3 -m ensurepip
 RUN pip3 install --no-cache --upgrade pip setuptools
-COPY . ./
+RUN corepack enable
+WORKDIR /sharkey
+COPY --link . ./
 RUN git submodule update --init --recursive
 RUN pnpm config set fetch-retries 5
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
-	pnpm i
+	pnpm i --frozen-lockfile --aggregate-output
 RUN pnpm build
 RUN node scripts/trim-deps.mjs
 RUN mv packages/frontend/assets sharkey-assets
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
+	pnpm prune
 RUN rm -r node_modules packages/frontend packages/sw
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \
-	pnpm i --prod
+	pnpm i --prod --frozen-lockfile --aggregate-output
 RUN rm -rf .git
+ARG UID="991"
+ARG GID="991"
+RUN apk add ffmpeg tini jemalloc \
+	&& corepack enable \
+	&& addgroup -g "${GID}" sharkey \
+	&& adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \
+	&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \
+	&& find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \;
+USER sharkey
 WORKDIR /sharkey
-RUN apk add ffmpeg tini
+COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
+COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built
+COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
+COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis
+COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
+COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets
-COPY --from=build /sharkey/built ./built
-COPY --from=build /sharkey/node_modules ./node_modules
-COPY --from=build /sharkey/packages/backend/built ./packages/backend/built
-COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules
-COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib
-COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules
-COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built
-COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules
-COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built
-COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules
-COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built
-COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules
-COPY --from=build /sharkey/fluent-emojis ./fluent-emojis
-COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist
-COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets
-COPY package.json ./package.json
-COPY pnpm-workspace.yaml ./pnpm-workspace.yaml
-COPY packages/backend/package.json ./packages/backend/package.json
-COPY packages/backend/check_connect.js ./packages/backend/check_connect.js
-COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js
-COPY packages/backend/migration ./packages/backend/migration
-COPY packages/backend/assets ./packages/backend/assets
-COPY packages/megalodon/package.json ./packages/megalodon/package.json
-COPY packages/misskey-js/package.json ./packages/misskey-js/package.json
-COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
-COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
+COPY --chown=sharkey:sharkey package.json ./package.json
+COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml
+COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json
+COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js
+COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js
+COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration
+COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets
+COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json
+COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json
+COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json
+COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json
+ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
 ENV NODE_ENV=production
-RUN corepack enable
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["pnpm", "run", "migrateandstart"]
@@ -6,8 +6,11 @@ When using a service with Sharkey, there are several important points to keep in
 2. Even for posts made in private, there is no guarantee that the recipient's server will treat them as private in the same way. Please exercise caution when posting personal or confidential information. (Again, this applies to the internet in general.)
-3. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
+3. The "Drive" feature is NOT secure cloud storage. This feature exists for easier managing of your uploaded files.
+Any data uploaded, whether shared via post or not, will be publicly accessible. Please use 3rd party cloud storage providers if you need to upload data with sensitive information of any kind. 
-4. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+4. Account deletion can be a resource-intensive process and may take a long time. In cases with a lot of uploaded data, it may even be impossible to delete an account.
-Please understand these points and enjoy using the service.
\ No newline at end of file
+5. Please disable ad blockers. Some servers may rely on advertising revenue to cover operating costs. Additionally, ad blockers can mistakenly block content and features unrelated to ads, potentially causing issues with the client's functionality and preventing normal use of Sharkey. Therefore, we recommend turning off ad blockers and similar features when using Sharkey.
+Please understand these points and enjoy using the service.
@@ -134,7 +134,7 @@ overwriteFromPinnedEmojis: "Override from general settings"
 reactionSettingDescription2: "Drag to reorder, click to delete, press \"+\" to add."
 rememberNoteVisibility: "Remember note visibility settings"
 attachCancel: "Remove attachment"
-deleteFile: "File deleted"
+deleteFile: "Delete file"
 markAsSensitive: "Mark as sensitive"
 unmarkAsSensitive: "Unmark as sensitive"
 enterFileName: "Enter filename"
@@ -1,6 +1,6 @@
 	"name": "sharkey",
-	"version": "2024.3.1",
+	"version": "2024.3.2",
 	"codename": "shonk",
 	"repository": {
 		"type": "git",
@@ -0,0 +1,16 @@
+ * SPDX-FileCopyrightText: dakkar and other Sharkey contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+export class MoreRepoUrl1709462550083 {
+  name = 'MoreRepoUrl1709462550083'
+  async up(queryRunner) {
+    await queryRunner.query(`UPDATE "meta" SET "repositoryUrl"=DEFAULT WHERE "repositoryUrl" IN ('https://git.joinfirefish.org/firefish/firefish','https://codeberg/firefish/firefish','https://codeberg.org/calckey/calckey','https://iceshrimp.dev/iceshrimp/iceshrimp')`);
+    await queryRunner.query(`UPDATE "meta" SET "feedbackUrl"=DEFAULT WHERE "feedbackUrl" IN ('https://git.joinfirefish.org/firefish/firefish/issues','https://codeberg/firefish/firefish/issues','https://codeberg.org/calckey/calckey/firefish/firefish/issues','https://iceshrimp.dev/iceshrimp/iceshrimp/issues/new','https://iceshrimp.dev/iceshrimp/iceshrimp/issues')`);
+  }
+  async down(queryRunner) {
+  }
@@ -11,7 +11,11 @@ export default new DataSource({
 	username: config.db.user,
 	password: config.db.pass,
 	database: config.db.db,
-	extra: config.db.extra,
+	extra: {
+		...config.db.extra,
+		// migrations may be very slow, give them longer to run (that 10*1000 comes from postgres.ts)
+		statement_timeout: (config.db.extra?.statement_timeout ?? 1000 * 10) * 10,
+	},
 	entities: entities,
 	migrations: ['migration/*.js'],
@@ -15,6 +15,7 @@ import type { Config } from '@/config.js';
 import { StatusError } from '@/misc/status-error.js';
 import { bindThis } from '@/decorators.js';
 import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
 import type { IObject } from '@/core/activitypub/type.js';
 import type { Response } from 'node-fetch';
 import type { URL } from 'node:url';
@@ -125,7 +126,12 @@ export class HttpRequestService {
 			validators: [validateContentTypeSetAsActivityPub],
-		return await res.json() as IObject;
+		const finalUrl = res.url; // redirects may have been involved
+		const activity = await res.json() as IObject;
+		assertActivityMatchesUrls(activity, [url, finalUrl]);
+		return activity;
diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts
index b985846f1c..631d7074bd 100644
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -266,6 +266,16 @@ export class NoteCreateService implements OnApplicationShutdown {
+		const hasProhibitedWords = await this.checkProhibitedWordsContain({
+			cw: data.cw,
+			text: data.text,
+			pollChoices: data.poll?.choices,
+		}, meta.prohibitedWords);
+		if (hasProhibitedWords) {
+			throw new IdentifiableError('689ee33f-f97c-479a-ac49-1b9f8140af99', 'Note contains prohibited words');
+		}
 		const inSilencedInstance = this.utilityService.isSilencedHost(meta.silencedHosts, user.host);
 		if (data.visibility === 'public' && inSilencedInstance && user.host !== null) {
@@ -299,7 +309,7 @@ export class NoteCreateService implements OnApplicationShutdown {
 		// Check blocking
-		if (data.renote && data.text == null && data.poll == null && (data.files == null || data.files.length === 0)) {
+		if (data.renote && !this.isQuote(data)) {
 			if (data.renote.userHost === null) {
 				if (data.renote.userId !== user.id) {
 					const blocked = await this.userBlockingService.checkBlocked(data.renote.userId, user.id);
@@ -1018,7 +1028,7 @@ export class NoteCreateService implements OnApplicationShutdown {
 				removeOnComplete: true,
 		// Pack the note
 		const noteObj = await this.noteEntityService.pack(note, null, { skipHide: true, withReactionAndUserPairCache: true });
diff --git a/packages/backend/src/core/UtilityService.ts b/packages/backend/src/core/UtilityService.ts
index 652e8f7449..21c4af3ca5 100644
--- a/packages/backend/src/core/UtilityService.ts
+++ b/packages/backend/src/core/UtilityService.ts
@@ -86,7 +86,7 @@ export class UtilityService {
 	public extractDbHost(uri: string): string {
 		const url = new URL(uri);
-		return this.toPuny(url.hostname);
+		return this.toPuny(url.host);
@@ -99,4 +99,11 @@ export class UtilityService {
 		if (host == null) return null;
 		return toASCII(host.toLowerCase());
+	@bindThis
+	public punyHost(url: string): string {
+		const urlObj = new URL(url);
+		const host = `${this.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
+		return host;
+	}
diff --git a/packages/backend/src/core/activitypub/ApRequestService.ts b/packages/backend/src/core/activitypub/ApRequestService.ts
@@ -14,7 +14,9 @@ import { HttpRequestService } from '@/core/HttpRequestService.js';
 import { LoggerService } from '@/core/LoggerService.js';
 import { bindThis } from '@/decorators.js';
 import type Logger from '@/logger.js';
+import type { IObject } from './type.js';
 import { validateContentTypeSetAsActivityPub } from '@/core/activitypub/misc/validator.js';
+import { assertActivityMatchesUrls } from '@/core/activitypub/misc/check-against-url.js';
 type Request = {
 	url: string;
@@ -201,6 +203,11 @@ export class ApRequestService {
 			validators: [validateContentTypeSetAsActivityPub],
-		return await res.json();
+		const finalUrl = res.url; // redirects may have been involved
+		const activity = await res.json() as IObject;
+		assertActivityMatchesUrls(activity, [url, finalUrl]);
+		return activity;
@@ -115,6 +115,14 @@ export class Resolver {
 			throw new Error('invalid response');
+		// HttpRequestService / ApRequestService have already checked that
+		// `object.id` or `object.url` matches the URL used to fetch the
+		// object after redirects; here we double-check that no redirects
+		// bounced between hosts
+		if (object.id && (this.utilityService.punyHost(object.id) !== this.utilityService.punyHost(value))) {
+			throw new Error(`invalid AP object ${value}: id ${object.id} has different host`);
+		}
 		return object;
+ * SPDX-FileCopyrightText: dakkar and sharkey-project
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+import type { IObject } from '../type.js';
+export function assertActivityMatchesUrls(activity: IObject, urls: string[]) {
+	const idOk = activity.id !== undefined && urls.includes(activity.id);
+	// technically `activity.url` could be an `ApObject = IObject |
+	// string | (IObject | string)[]`, but if it's a complicated thing
+	// and the `activity.id` doesn't match, I think we're fine
+	// rejecting the activity
+	const urlOk = typeof(activity.url) === 'string' && urls.includes(activity.url);
+	if (!idOk && !urlOk) {
+		throw new Error(`bad Activity: neither id(${activity?.id}) nor url(${activity?.url}) match location(${urls})`);
+	}
@@ -127,12 +127,6 @@ export class ApPersonService implements OnModuleInit {
 		this.logger = this.apLoggerService.logger;
-	private punyHost(url: string): string {
-		const urlObj = new URL(url);
-		const host = `${this.utilityService.toPuny(urlObj.hostname)}${urlObj.port.length > 0 ? ':' + urlObj.port : ''}`;
-		return host;
-	}
 	 * Validate and convert to actor object
 	 * @param x Fetched object
@@ -140,7 +134,7 @@ export class ApPersonService implements OnModuleInit {
 	private validateActor(x: IObject, uri: string): IActor {
-		const expectHost = this.punyHost(uri);
+		const expectHost = this.utilityService.punyHost(uri);
 		if (!isActor(x)) {
 			throw new Error(`invalid Actor type '${x.type}'`);
@@ -154,6 +148,19 @@ export class ApPersonService implements OnModuleInit {
 			throw new Error('invalid Actor: wrong inbox');
+		if (this.utilityService.punyHost(x.inbox) !== expectHost) {
+			throw new Error('invalid Actor: inbox has different host');
+		}
+		for (const collection of ['outbox', 'followers', 'following'] as (keyof IActor)[]) {
+			const collectionUri = (x as IActor)[collection];
+			if (typeof collectionUri === 'string' && collectionUri.length > 0) {
+				if (this.utilityService.punyHost(collectionUri) !== expectHost) {
+					throw new Error(`invalid Actor: ${collection} has different host`);
+				}
+			}
+		}
 		if (!(typeof x.preferredUsername === 'string' && x.preferredUsername.length > 0 && x.preferredUsername.length <= 128 && /^\w([\w-.]*\w)?$/.test(x.preferredUsername))) {
 			throw new Error('invalid Actor: wrong username');
@@ -177,7 +184,7 @@ export class ApPersonService implements OnModuleInit {
 			x.summary = truncate(x.summary, summaryLength);
-		const idHost = this.punyHost(x.id);
+		const idHost = this.utilityService.punyHost(x.id);
 		if (idHost !== expectHost) {
 			throw new Error('invalid Actor: id has different host');
@@ -187,7 +194,7 @@ export class ApPersonService implements OnModuleInit {
 				throw new Error('invalid Actor: publicKey.id is not a string');
-			const publicKeyIdHost = this.punyHost(x.publicKey.id);
+			const publicKeyIdHost = this.utilityService.punyHost(x.publicKey.id);
 			if (publicKeyIdHost !== expectHost) {
 				throw new Error('invalid Actor: publicKey.id has different host');
@@ -286,7 +293,7 @@ export class ApPersonService implements OnModuleInit {
 		this.logger.info(`Creating the Person: ${person.id}`);
-		const host = this.punyHost(object.id);
+		const host = this.utilityService.punyHost(object.id);
 		const fields = this.analyzeAttachments(person.attachment ?? []);
@@ -113,8 +113,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 	private async fetchAny(uri: string, me: MiLocalUser | null | undefined): Promise<SchemaType<typeof meta['res']> | null> {
 	// ブロックしてたら中断
+		const host = this.utilityService.extractDbHost(uri);
 		const fetchedMeta = await this.metaService.fetch();
-		if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, this.utilityService.extractDbHost(uri))) return null;
+		if (this.utilityService.isBlockedHost(fetchedMeta.blockedHosts, host)) return null;
 		let local = await this.mergePack(me, ...await Promise.all([
@@ -122,6 +123,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
 		if (local != null) return local;
+		// local object, not found in db? fail
+		if (this.utilityService.isSelfHost(host)) return null;
 		// リモートから一旦オブジェクトフェッチ
 		const resolver = this.apResolverService.createResolver();
 		const object = await resolver.resolve(uri) as any;
@@ -43,6 +43,7 @@ export async function signout() {
 	await removeAccount($i.id);
+	document.cookie = `token=; path=/; max-age=0${ location.protocol === 'https:' ? '; Secure' : ''}`;
 	const accounts = await getAccounts();
 	//#region Remove service worker registration
@@ -200,7 +201,7 @@ export async function login(token: Account['token'], redirect?: string) {
 			throw reason;
 	miLocalStorage.setItem('account', JSON.stringify(me));
-	document.cookie = `token=${token}; path=/; max-age=31536000`; // bull dashboardの認証とかで使う
+	document.cookie = `token=${token}; path=/; max-age=31536000${ location.protocol === 'https:' ? '; Secure' : ''}`; // bull dashboardの認証とかで使う
 	await addAccount(me.id, token);
 	if (redirect) {
@@ -73,27 +73,31 @@ export async function mainBoot() {
-	if (defaultStore.state.enableSeasonalScreenEffect) {
-		const month = new Date().getMonth() + 1;
-		if (defaultStore.state.hemisphere === 'S') {
-			// ▼南半球
-			if (month === 7 || month === 8) {
-				const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
-				new SnowfallEffect({}).render();
+	try {
+		if (defaultStore.state.enableSeasonalScreenEffect) {
+			const month = new Date().getMonth() + 1;
+			if (defaultStore.state.hemisphere === 'S') {
+				// ▼南半球
+				if (month === 7 || month === 8) {
+					const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+					new SnowfallEffect({}).render();
+				}
+			} else {
+				// ▼北半球
+				if (month === 12 || month === 1) {
+					const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+					new SnowfallEffect({}).render();
+				} else if (month === 3 || month === 4) {
+					const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
+					new SakuraEffect({
+						sakura: true,
+					}).render();
+				}
-		} else {
-			// ▼北半球
-			if (month === 12 || month === 1) {
-				const SnowfallEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
-				new SnowfallEffect({}).render();
-			} else if (month === 3 || month === 4) {
-				const SakuraEffect = (await import('@/scripts/snowfall-effect.js')).SnowfallEffect;
-				new SakuraEffect({
-					sakura: true,
-				}).render();
-			}
-		}
+		}	
+	} catch (error) {
+		// console.error(error);
+		console.error('Failed to initialise the seasonal screen effect canvas context:', error);
 	if ($i) {
@@ -72,12 +72,16 @@ watch(() => props.lang, (to) => {
 <style module lang="scss">
+.codeBlockRoot {
+  text-align: left;
 .codeBlockRoot :global(.shiki) > code {
   counter-reset: step;
   counter-increment: step 0;
-.codeBlockRoot :global(.shiki) > code > .line::before {
+.codeBlockRoot :global(.shiki) > code > span::before {
   content: counter(step);
   counter-increment: step;
   width: 1rem;
@@ -20,7 +20,7 @@
 			worker-src 'self';
 			script-src 'self' 'unsafe-eval' https://*.hcaptcha.com https://challenges.cloudflare.com;
 			style-src 'self' 'unsafe-inline';
-			img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173;
+			img-src 'self' data: blob: www.google.com xn--931a.moe launcher.moe localhost:3000 localhost:5173 activitypub.software secure.gravatar.com avatars.githubusercontent.com;
 			media-src 'self' localhost:3000 localhost:5173;
 			connect-src 'self' localhost:3000 localhost:5173 https://newassets.hcaptcha.com;
 			frame-src *;"
@@ -77,14 +77,34 @@ SPDX-License-Identifier: AGPL-3.0-only
 					<template #label>{{ i18n.ts._aboutMisskey.projectMembers }}</template>
 					<div :class="$style.contributors" style="margin-bottom: 8px;">
-						<a href="https://activitypub.software/Marie" target="_blank" :class="$style.contributor">
-							<img src="https://activitypub.software/uploads/-/system/user/avatar/2/avatar.png?width=128" :class="$style.contributorAvatar">
-							<span :class="$style.contributorUsername">@Marie</span>
-						</a>
 						<a href="https://activitypub.software/Amelia" target="_blank" :class="$style.contributor">
 							<img src="https://activitypub.software/uploads/-/system/user/avatar/1/avatar.png?width=128" :class="$style.contributorAvatar">
 							<span :class="$style.contributorUsername">@Amelia</span>
+						<a href="https://activitypub.software/dakkar" target="_blank" :class="$style.contributor">
+							<img src="https://secure.gravatar.com/avatar/c71b315eed7c63ff94c42b1b3e8dbad1?s=192&d=identicon" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@dakkar</span>
+						</a>
+						<a href="https://activitypub.software/esm" target="_blank" :class="$style.contributor">
+							<img src="https://secure.gravatar.com/avatar/00fd054610e2a9dcf97a2aa661b168d0?s=192&d=identicon" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@esm</span>
+						</a>
+						<a href="https://activitypub.software/supakaity" target="_blank" :class="$style.contributor">
+							<img src="https://activitypub.software/uploads/-/system/user/avatar/65/avatar.png?width=40" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@supakaity</span>
+						</a>
+						<a href="https://activitypub.software/julia" target="_blank" :class="$style.contributor">
+							<img src="https://activitypub.software/uploads/-/system/user/avatar/41/avatar.png?width=40" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@julia</span>
+						</a>
+						<a href="https://activitypub.software/Leah" target="_blank" :class="$style.contributor">
+							<img src="https://secure.gravatar.com/avatar/3b35b921b284ccfd1fe348508f6f705b?s=80&d=identicon" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@Leah</span>
+						</a>
+						<a href="https://activitypub.software/fEmber" target="_blank" :class="$style.contributor">
+							<img src="https://secure.gravatar.com/avatar/ea0ea6451fdb74311efad369bdce018e?s=80&d=identicon" :class="$style.contributorAvatar">
+							<span :class="$style.contributorUsername">@fEmber</span>
+						</a>
 					<template #caption><MkLink url="https://activitypub.software/TransFem-org/Sharkey/-/graphs/develop">{{ i18n.ts._aboutMisskey.allContributors }}</MkLink></template>
@@ -85,7 +85,7 @@ async function search() {
 	if (query == null || query === '') return;
-	if (query.startsWith('https://')) {
+	if (query.startsWith('http://') || query.startsWith('https://')) {
 		const promise = misskeyApi('ap/show', {
 			uri: query,
@@ -48,7 +48,7 @@ async function search() {
 	if (query == null || query === '') return;
-	if (query.startsWith('https://')) {
+	if (query.startsWith('http://') || query.startsWith('https://')) {
 		const promise = misskeyApi('ap/show', {
 			uri: query,
@@ -40,7 +40,7 @@ const isScrolling = ref(false);
 const scrollEl = shallowRef<HTMLElement>();
 misskeyApiGet('notes/featured').then(_notes => {
-	notes.value = _notes;
+	notes.value = _notes.filter(n => n.cw == null);
 onUpdated(() => {
@@ -28,7 +28,7 @@ export async function lookup(router?: Router) {
-	if (query.startsWith('https://')) {
+	if (query.startsWith('http://') || query.startsWith('https://')) {
 		const promise = misskeyApi('ap/show', {
 			uri: query,
@@ -155,7 +155,9 @@ export class SnowfallEffect {
 		max: 0.125,
 		easing: 0.0005,
+	/**
+	 * @throws {Error} - Thrown when it fails to get WebGL context for the canvas 
+	 */
 	constructor(options: {
 		sakura?: boolean;
 	}) {