Reset http security settings to fix plug test

See merge request pleroma/pleroma!455

media_proxy: use path only to retrieve filename

See merge request !450

update pleroma frontend

See merge request !451

Twitter api direct messages

See merge request !449

media_proxy: CSP, content-disposition

See merge request !448

* Adds CSP headers to the media proxy endpoint

* Sends `content-disposition: attachment; …` for non-image/video/audio
content types

The default list can be overwritten with `:media_proxy,
:safe_content_types` in the configuration.

* Also now appends the filename to the proxy URL (fixes some mobile apps,
it was requested a while ago)

Add __Host- prefix when secure flag is enabled

See merge request !446

Add MIX_ENV=prod to systemd example file

See merge request !445

Add Whalebird as a client application in README

See merge request !447

Twitter API: Fall back to user.nickname if user has no name

Closes #375

See merge request !444

migrate CSP management to CSPPlug

See merge request !441

Update README.md

See merge request !443

Mastodon API: Fix list streaming

See merge request !442

sample config: document how to make CSPPlug send STS headers (off by default to allow for SSL debugging)

properly configure CORSPlug

See merge request !440