Commit Graph

1302 Commits

Author SHA1 Message Date
Penar Musaraj 6912a1e3ca
UX: Change the authorize button color to primary (#29666)
Primary is a more appropriate color here than "danger". Authorizing is
important, but we usually use "danger" for destructive actions and
nothing is being destroyed here.
2024-11-08 17:33:50 -05:00
Osama Sayegh 2ffe413b0b
FEATURE: Enable the new /about page for everyone (#29390)
This commit removes the feature flag for the new /about page, enabling it for all sites, and removes the code for old the /about page.

Internal topic: t/140413.
2024-10-29 18:40:11 +03:00
Kris a914d3230b
DEV: remap all core icons for fontawesome 6 upgrade (#28715)
Followup to 7d8974d02f

Co-authored-by: David Taylor <david@taylorhq.com>
2024-09-13 16:50:52 +01:00
David Taylor 7d8974d02f
UX: Upgrade to fontawesome 6.6.0 (#28778)
This upgrade is designed to be fully backwards-compatible. Any icon names which have changed will be automatically remapped to the new name. For now, this will happen silently. In future, once core & official themes/plugins have been updated, we will start raising deprecation errors to help theme/plugin authors update their code.

Extracted from https://github.com/discourse/discourse/pull/28715

Announcement at https://meta.discourse.org/t/were-upgrading-our-icons-to-font-awesome-6/325349

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2024-09-09 14:40:56 +01:00
David Taylor 80b9c280ba
DEV: Switch to pnpm for JS dependencies (#28671)
This will bring significant improvements to install speed & storage requirements. For information on how it may affect you, see https://meta.discourse.org/t/324521

This commit:
- removes the `yarn.lock` and replaces with `pnpm-lock.yaml`
- updates workspaces to pnpm format
- adjusts package dependencies to work with pnpm's stricter resolution strategy
- updates Rails app to load modules from more specific node_modules directories
- adds a `.pnpmfile` which automatically cleans up old yarn-managed `node_modules` directories
- updates various scripts to call `pnpm` instead of `yarn`
- updates patches to use pnpm's native patch system instead of patch-package
- adds a patch for licensee to support pnpm
2024-09-03 10:51:07 +01:00
David Taylor 8b6c5da755
DEV: Stop using sprockets for 'use ember cli' stylesheet (#28633)
This was throwing the "Discourse does not support compiling scss/sass files via Sprockets" error if the file was not cached
2024-08-29 10:38:27 +01:00
Jan Cernik 5b78bbd138
DEV: Convert account activation pages to use Ember (#28206) 2024-08-12 18:02:00 -03:00
Natalie Tay 75236b30d8
FIX: Exclude reply count on posts due to required Comment nesting (#27892)
"Replies" in non-crawler view makes a request when clicked to get all replies, however this does not make sense in the crawler view where we load everything per post number.

So the solution here is to exclude the reply number so we can avoid having to nest all replies in a post.
2024-07-15 09:40:47 +08:00
Loïc Guitaut 301713ef96 DEV: Upgrade the MessageFormat library (JS)
This patch upgrades the MessageFormat library to version 3.3.0 from
0.1.5.

Our `I18n.messageFormat` method signature is unchanged, and now uses the
new API under the hood.

We don’t need dedicated locale files for handling pluralization rules
anymore as everything is now included by the library itself.

The compilation of the messages now happens through our
`messageformat-wrapper` gem. It then outputs an ES module that includes
all its needed dependencies.

Most of the changes happen in `JsLocaleHelper` and in the `ExtraLocales`
controller.

A new method called `.output_MF` has been introduced in
`JsLocaleHelper`. It handles all the fetching, compiling and
transpiling to generate the proper MF messages in JS. Overrides and
fallbacks are also handled directly in this method.

The other main change is that now the MF translations are served through
the `ExtraLocales` controller instead of being statically compiled in a
JS file, then having to patch the messages using overrides and
fallbacks. Now the MF translations are just another bundle that is
created on the fly and cached by the client.
2024-07-10 09:51:25 +02:00
Régis Hanol 0846862cb5
FIX: deleted topic author in crawler view (#27788)
When a crawler visits a topic that has a deleted author, it would error because the `show.html.erb` view was expecting a user to be always present.

This ensure we don't render the "author" meta data when the author of the topic has been deleted.

Internal ref t/132508
2024-07-09 10:44:03 +02:00
David Battersby f44ec18fd2
DEV: update base url links to respect subfolder installs (#27740)
This change eliminates a couple of instances where subfolder urls are badly formatted, in most cases we can use Discourse.base_url_no_prefix to prevent adding the subfolder to the base url.
2024-07-09 12:42:38 +04:00
Jan Cernik 6599b85a75
DEV: Block accidental serialization of entire AR models (#27668) 2024-07-01 17:08:48 -03:00
Kris e5c0cfcd27
UX: remove default use of quaternary color, update nav pill styles (#27502) 2024-06-24 09:54:34 -04:00
Jan Cernik d7ece61252
UX: Rename FAQ to Guidelines (#27451) 2024-06-13 12:09:53 -03:00
Régis Hanol 958437e7dd
FIX: send activity summaries based on "last seen" (#27035)
instead of "last emailed" so that people getting email notifications (from a watched topic for example) also get the activity summaries.

Context - https://meta.discourse.org/t/activity-summary-not-sent-if-other-emails-are-sent/293040

Internal Ref - t/125582

Improvement over 95885645d9
2024-05-22 10:23:03 +02:00
Régis Hanol 0e9451e93f
FIX: crawler view with unicode usernames (#27051)
When "unicode_usernames" is enabled, calling the "user_path" helper with a username containing some non ASCII character will break due to the route constraint we have on username.

This fixes the issue by always encoding the username before passing it to the "user_path" helper.

Internal ref - t/127547
2024-05-16 17:11:24 +02:00
David Taylor 2f2da72747
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647)
Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views.

This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics.

Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 11:00:01 +01:00
Penar Musaraj 1eb70973a2
DEV: allow themes to render their own custom homepage (#26291)
This PR adds a theme modifier and route so that custom themes can opt to show their own homepage. See PR description for example usage.
2024-04-02 11:05:08 -04:00
David Taylor 50caef6783
FIX: Restore author on non-first-post crawler views (#26459)
Followup to 3329484e2d
2024-04-02 12:08:26 +01:00
David Taylor 1cc8c72a98
DEV: Consolidate experimental 'Link' header implementations (#26377)
This commit removes the 'experimental_preconnect_link_header' site setting, and the 'preload_link_header' site setting, and introduces two new global settings: early_hint_header_mode and early_hint_header_name.

We don't actually send 103 Early Hint responses from Discourse. However, upstream proxies can be configured to cache a response header from the app and use that to send an Early Hint response to future clients.

- `early_hint_header_mode` specifies the mode for the early hint header. Can be nil (disabled), "preconnect" (lists just CDN domains) or "preload" (lists all assets).
- `early_hint_header_name` specifies which header name to use for the early hint. Defaults to "Link", but can be changed to support different proxy mechanisms.
2024-03-27 09:06:50 +00:00
David Taylor 3329484e2d
FEATURE: Simplify crawler content for non-canonical post URLs (#26324)
When crawlers visit a post-specific URL like `/t/-/{topic-id}/{post-number}`, we use the canonical to direct them to the appropriate crawler-optimised paginated view (e.g. `?page=3`).

However, analysis of google results shows that the post-specific URLs are still being included in the index. Google doesn't tell us exactly why this is happening. However, as a general rule, 'A large portion of the duplicate page's content should be present on the canonical version'.

In our previous implementation, this wasn't 100% true all the time. That's because a request for a post-specific URL would include posts 'surrounding' that post, and won't exactly conform to the page boundaries which are used in the canonical version of the page. Essentially: in some cases, the content of the post-specific pages would include many posts which were not present on the canonical paginated version.

This commit aims to resolve that problem by simplifying the implementation. Instead of rendering posts surrounding the target post_number, we will only render the target post, and include a link to 'show post in topic'. With this new implementation, 100% of the post-specific page content will be present on the canonical paginated version, which will hopefully mean google reduces their  indexing of the non-canonical post-specific pages.
2024-03-26 15:18:46 +00:00
David Taylor 4a7e69d8ee
UX: Include message when crawler content is omitted (#26325)
To improve performance, we omit the basic-HTML version of pages when users are logged in, or when they are using a modern mobile device. This can be confusing when analysing the SEO of sites, so this commit adds a short static message when content is omitted.
2024-03-22 17:24:57 +00:00
Kris 2f307b8f54
A11Y: improve markup of 404 page search form (#26322) 2024-03-22 11:09:53 -04:00
Jarek Radosz 16b377bc3f
DEV: Fix dark mode in QUnit (#26262)
Fixes a semi-recent regression and adds dark color scheme css vars so the rendered app content in tests is dark too.
2024-03-20 14:51:29 +01:00
David Taylor 30a3e21463
DEV: update theme-qunit to work with strict-dynamic CSP (#26053) 2024-03-06 13:01:23 +00:00
David Taylor 588a79c80c
DEV: Merge root JS packages (#25857)
Before this commit, we had a yarn package set up in the root directory and also in `app/assets/javascripts`. That meant two `yarn install` calls and two `node_modules` directories. This commit merges them both into the root location, and updates references to node_modules.

A previous attempt can be found at https://github.com/discourse/discourse/pull/21172. This commit re-uses that script to merge the `yarn.lock` files.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-02-26 13:45:58 +00:00
Martin Brennan cd6fd515fe
FIX: Prevent admin sidebar errors in safe mode (#25832)
In safe mode plugins are not loaded, so the plugin admin
routes are not loaded. This was causing errors in the
admin sidebar because we are trying to show links to the plugin
admin routes.

This fixes the issue by just not adding the plugin links if
we are in safe mode.
2024-02-23 17:04:42 +10:00
David Taylor b1f74ab59e
FEATURE: Add experimental option for strict-dynamic CSP (#25664)
The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction.

This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts.

All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins *may* need some changes if they are inserting their own script tags.

This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.
2024-02-16 11:16:54 +00:00
Tobias Eigen 709bed5d1c
removed broken link and comments from no_index.erb (#25648)
We intend to move guidance about how to configure robots.txt to the admin interface and a documentation topic on meta.
2024-02-14 12:09:24 +08:00
David Taylor 9b50de4569
SECURITY: Properly escape user content within `<noscript>` 2024-01-30 09:10:09 -07:00
David Taylor 283fe48243
DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404)
These routes were previously rendered using Rails, and had a fairly fragile 2fa implementation in vanilla-js. This commit refactors the routes to be handled in the Ember app, removes the custom vanilla-js bundles, and leans on our centralized 2fa implementation. It also introduces a set of system specs for the behavior.
2024-01-30 10:32:42 +00:00
David Taylor 2457553d0a
FIX: Avoid flash-of-unstyled-content in Safari with bug workaround (#25462)
Safari has a bug which means that scripts with the `defer` attribute are executed before stylesheets have finished loading. This is being tracked at https://bugs.webkit.org/show_bug.cgi?id=209261.

This commit works around the problem by introducing a no-op inline `<script>` to the end of our HTML document. This works because defer scripts are guaranteed to run after inline scripts, and inline scripts are guaranteed to run after any preceding stylesheets.

Technically we only need this for Safari. But given that the cost is so low, it makes sense to include it everywhere rather than incurring the complexity of gating it by user-agent.
2024-01-29 17:20:44 +00:00
Ayke Halder 1a782acd9c
FIX: set microdata schema for topic on missing first post (#25195)
Some attributes of the microdata schema `DiscussionForumPosting` are rendered in the context of the first post.
Ensure these attributes are also set if the first post is not part of the current view.
2024-01-12 16:29:03 +05:30
Ayke Halder 9261500ea9
FIX: exclude empty posts from microdata schema for topic (#25198) 2024-01-12 12:47:56 +05:30
Ayke Halder 16b8476cb4
FIX: Ensure consistent `datePublished` on follow-up pages in topic microdata schema (#25130)
* Ensure consistent `datePublished` and remove `text` on second page in topic microdata schema

Always use `datePublished` from topic and never from `first_psot`. This ensures `datePublished` to be consistent on `first page` and `page=2+`.

No need to repeat `text` on `page=2+`. Especially do not set `text` on `page=2+` if it is only an abstract and thereby not 100% consistent with `text` on `first page`.

* Keep `text`attribute on follow-up pages
2024-01-12 12:11:08 +05:30
Arpit Jalan 4bf60b3e5b
FEATURE: include username link in the microdata schema (#25112) 2024-01-03 20:11:41 +05:30
Arpit Jalan 69383e9afd
FIX: include only author username in the schema (#25106) 2024-01-03 12:16:29 +05:30
Arpit Jalan fb056ae719
FIX: add required metadata schema for subsequent pages (#25102)
This commits adds missing metadata schema for subsequent pages (?page=2)

https://meta.discourse.org/t/discussion-forum-schema-improvements/287347/21
2024-01-03 09:37:04 +05:30
Arpit Jalan 878d973d90
FIX: fixes for microdata schema rendering (#25082)
d9ca6c3bb9 (r135940042)
2024-01-02 19:23:57 +05:30
Rafael dos Santos Silva a6cf2d20e6
FEATURE: Topic crawler view bottom plugin outlet (#25060) 2023-12-28 15:16:30 -03:00
Arpit Jalan d9ca6c3bb9
FIX: improve structured data based on recent changes (#25043)
This commit makes some improvements to a topic's structured data based
on the recommendation on meta topic: https://meta.discourse.org/t/google-structured-data-for-forums-and-profile-pages/286762/9
2023-12-27 11:13:16 +05:30
David Taylor 40e4fe4423
FIX: Remove old 'wizard' js script (#24986)
This was causing errors for admins. Followup to cbc28e8e33
2023-12-20 14:01:43 +00:00
David Taylor fadcfd1451
DEV: Add `safe_mode=deprecation_errors` mode (#24870)
This commit adds an additional toggle to our safe-mode system. When enabled, it will cause all deprecation messages to become exceptions. This gives admins a way to test their themes/plugins against upcoming Discourse changes without needing to use the browser developer tools.
2023-12-13 14:06:59 +00:00
David Taylor e5824c5d88
DEV: Tweaks for safe mode (#24868)
- Preserve query param in URL when navigating around
- Replace inline warning svg with emoji, which works better across different color schemes
2023-12-13 12:24:35 +00:00
David Taylor a5fc8f3253
FIX: Account activation under ember-5 build (#24722)
We were previously relying on Ember's 'vendor' bundle to make the jquery global available on the activate_account route. That no longer happens under our Ember 5 build.

This commit updates our activate-account script to remove the need for jquery, so that it works under both Ember 3 and Ember 5 builds.
2023-12-05 17:49:40 +00:00
Natalie Tay 22ce638ec3
FIX: Use subfolder-safe url for category in html view (#24595)
Use subfolder-safe url for category in html view
2023-11-28 19:08:14 +08:00
David Taylor a0b94dca16
DEV: Use WebPack stats plugin to map entrypoints to chunks (#24239)
Previously, we were parsing webpack JS chunk filenames from the HTML files which ember-cli generates. This worked ok for simple entrypoints, but falls apart once we start using async imports(), which are not included in the HTML.

This commit uses the stats plugin to generate an assets.json file, and updates Rails to parse it instead of the HTML. Caching on the Rails side is also improved to avoid reading from the filesystem multiple times per request in develoment.

Co-authored-by: Godfrey Chan <godfreykfc@gmail.com>
2023-11-07 10:24:49 +00:00
Martin Brennan 77a009397b
FIX: Broken hashtags on embed and publish pages (#24210)
Since we don't have icons or access to the JS that transforms
hashtag icon placeholders into their proper icons and colours
on embed and publish pages, we need to at least show _something_
and make sure the hashtags are not totally broken on these pages.
2023-11-02 11:43:55 +10:00
Godfrey Chan 2e00482ac4
DEV: convert I18n pseudo package into real package (discourse-i18n) (#23867)
Currently, `window.I18n` is defined in an old school hand written
script, inlined into locale/*.js by the Rails asset pipeline, and
then the global variable is shimmed into a pseudo AMD module later
in `module-shims.js`.

This approach has some problems – for one thing, when we add a new
V2 addon (e.g. in #23859), Embroider/Webpack is stricter about its
dependencies and won't let you `import from "I18n";` when `"I18n"`
isn't listed as one of its `dependencies` or `peerDependencies`.

This moves `I18n` into a real package – `discourse-i18n`. (I was
originally planning to keep the `I18n` name since it's a private
package anyway, but NPM packages are supposed to have lower case
names and that may cause problems with other tools.)

This package defines and exports a regular class, but also defines
the default global instance for backwards compatibility. We should
use the exported class in tests to make one-off instances without
mutating the global instance and having to clean it up after the
test run. However, I did not attempt that refactor in this PR.

Since `discourse-i18n` is now included by the app, the locale
scripts needs to be loaded after the app chunks. Since no "real"
work happens until later on when we kick things off in the boot
script, the order in which the script tags appear shouldn't be a
problem. Alternatively, we can rework the locale bundles to be more
lazy like everything else, and require/import them into the app.

I avoided renaming the imports in this commit since that would be
quite noisy and drowns out the actual changes here. Instead, I used
a Webpack alias to redirect the current `"I18n"` import to the new
package for the time being. In a separate commit later on, I'll
rename all the imports in oneshot and remove the alias. As always,
plugins and the legacy bundles (admin/wizard) still relies on the
runtime AMD shims regardless.

For the most part, I avoided refactoring the actual I18n code too
much other than making it a class, and some light stuff like `var`
into `let`.

However, now that it is in a reasonable format to work with (no
longer inside the global script context!) it may also be a good
opportunity to refactor and make clear what is intended to be
public API vs internal implementation details.

Speaking of, I took the librety to make `PLACEHOLDER`, `SEPARATOR`
and `I18nMissingInterpolationArgument` actual constants since it
seemed pretty clear to me those were just previously stashed on to
the `I18n` global to avoid polluting the global namespace, rather
than something we expect the consumers to set/replace.
2023-10-12 14:44:01 +01:00
David Taylor 9667485951
DEV: Stop building test assets in production under Embroider (#23388)
Until now, we have allowed testing themes in production environments via `/theme-qunit`. This was made possible by hacking the ember-cli build so that it would create the `tests.js` bundle in production. However, this is fundamentally problematic because a number of test-specific things are still optimized out of the Ember build in production mode. It also makes asset compilation significantly slower, and makes it more difficult for us to update our build pipeline (e.g. to introduce Embroider).

This commit removes the ability to run qunit tests in production builds of the JS app when the Embdroider flag is enabled. If a production instance of Discourse exists exclusively for the development of themes (e.g. discourse.theme-creator.io) then they can add `EMBER_ENV: development` to their `app.yml` file. This will build the entire app in development mode, and has a significant performance impact. This must not be used for real production sites.

This commit also refactors many of the request specs into system specs. This means that the tests are guaranteed to have Ember assets built, and is also a better end-to-end test than simply checking for the presence of certain `<script>` tags in the HTML.
2023-09-11 09:12:37 +01:00