8db38de9d7
SECURITY: add rate limiting to anon JS error reporting
...
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.
This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:29:11 +10:00
f27564a0a0
Bump onebox version.
...
- normalize and decode html entities for image URL
2019-08-19 19:01:23 +05:30
50368940f7
DEV: Bump Logster version to 2.3.1
...
Commits since last version bump: 5cdcb76...c5bcb8e
2019-08-15 07:21:34 +00:00
44f4801087
Bump onebox version.
...
- do not double encode percentage in url
- support hashbang in url
2019-08-12 08:42:50 +05:30
1f47ed1ea3
PERF: message_bus will be deferred by server when flooded
...
The message_bus performs a fair amount of work prior to hijacking requests
this change ensures that if there is a situation where the server is flooded
message_bus will inform client to back off for 30 seconds + random(120 secs)
This back-off is ultra cheap and happens very early in the middleware.
It corrects a situation where a flood to message bus could cause the app
to become unresponsive
MessageBus update is here to ensure message_bus gem properly respects
Retry-After header and status 429.
Under normal state this code should never trigger, to disable raise the
value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell
message bus to go away if we are queueing for 100ms or longer
2019-08-09 17:48:01 +10:00
bc5daa1466
Bump onebox version.
...
- prioritize `card_html` over `article_html`
2019-08-05 11:04:58 +05:30
9656a21fdb
FEATURE: customization of html emails ( #7934 )
...
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.
Customizations can be added and edited in Admin > Customize > Email Style.
Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.
As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
6a0787445c
Bump onebox version.
...
- Deprioritize Twitter card in generic onebox
2019-07-25 17:13:23 +05:30
f5c707c97a
FEATURE: Gz to zip for exports ( #7889 )
...
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784 )""
This reverts commit f89bd55576
2019-07-18 09:34:48 -03:00
b3eb67976d
DEV: Upgrades to Ember 3.10 ( #7871 )
...
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-07-16 12:45:15 +02:00
25830c73be
Bump onebox version.
...
- use custom placeholder HTML for generic whitelisted oneboxes
- optimize usage of custom placeholder HTML
2019-07-11 18:31:51 +05:30
f89bd55576
Revert "FEATURE: admin/user exports are compressed using the zip format ( #7784 )"
...
This reverts commit 8b2580e20f
2019-07-10 11:38:51 -03:00
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format ( #7784 )
...
* FEATURE: admin/user exports are compressed using the zip format
* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files
* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
f0f271cd5f
Bump onebox version.
...
- remove additional whitespace from Twitter onebox
2019-07-09 13:12:03 +05:30
bb8cf81089
Bump onebox version.
...
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
feb828172b
Bump onebox version.
...
- improved spacing for quoted twitter onebox
2019-07-06 09:41:01 +05:30
5bc1fd23b0
Bump onebox version.
...
- update HTML for twitter quoted onebox
- updated CSS for twitter quoted onebox
2019-07-05 19:35:36 +05:30
1ebc3cce4a
Bump onebox version.
...
- twitter oneboxing using API was broken
2019-07-04 11:41:07 +05:30
32edaa3843
Bump onebox version
...
- support for Twitter quoted tweets
2019-07-04 11:01:30 +05:30
0872a1182d
DEV: Replace Overcommit with Lefthook ( #7826 )
...
Overcommit uses prebuilt hooks and require global installation.
To avoid this issues replace it with Lefthook.
Lefthook will be installed with npm packages. New contributors
will have fully consistent git hooks.
2019-07-02 11:29:52 +02:00
7f14e185cc
Bump onebox version.
...
- prevent double escaping of URL
2019-06-27 23:35:35 +05:30
168a38dc29
Bump onebox version.
...
- better Twitch placeholder
- CSS for said placeholder
2019-06-26 23:22:29 +05:30
2af4002817
Bump onebox version.
...
- Add a placeholder icon for Twitch onebox preview
- Add CSS for showing fontawesome play icon for placeholder class
2019-06-26 13:40:14 +05:30
4c89f7f881
DEV: bump version on mini_scheduler
...
This corrects a catastrophic state that can ensue if redis becomes readonly
It also adds support for multiple queues and minor cleanup
2019-06-24 16:56:16 +10:00
29259b46ae
DEV: Verbose mode for `posts:inline_uploads` rake task.
2019-06-10 08:59:11 +08:00
1991af2abb
DEV: Switch `InlineUploads` to a regexp based implementation.
2019-06-04 15:54:25 +08:00
d93e5fb00d
DEV: Class that converts MD with old attachment links to new MD.
2019-06-04 15:54:25 +08:00
787ccb5746
revert the bundler version
...
871fcf1117
2019-06-04 08:45:30 +05:30
871fcf1117
PERF: omit user profile and private message stats in web hook serializer.
2019-06-04 08:44:10 +05:30
8511bfe583
Bump omniauth-google-oauth2 gem version
...
Pinning to an old version is no longer required following 8b4d6dafea
2019-06-03 19:17:00 +01:00
ee43b36b64
Bump onebox version. ( #7666 )
...
Fixes multiple possible sources of exceptions due to frozen strings. Wikipedia onebox was definitely failing before this patch.
2019-05-31 17:04:34 +02:00
75d413ad11
Bump onebox version. ( #7665 )
...
Fixes a regression with soundclound onebox due to frozen string literal.
2019-05-31 16:41:33 +02:00
bf3c781f26
Bump onebox version.
...
- add frozen string literal to all the files
2019-05-28 17:39:42 +05:30
f46d2ad086
DEV: Update test-prof ( #7572 )
...
* Updated test-prof
* Made rails_helper.rb use new test-prof APIs
Instead of the previous temporary hacks.
* Added environment option to disable prefabrication
It was removed mistakenly
2019-05-21 22:07:40 +10:00
ce89f19250
Bump onebox version.
...
- use Vimeo engine for private links only
- if og:video_url is missing, make one using Vimeo ID
2019-05-20 12:24:43 +05:30
a4627c3d82
DEV: revert bundler to 1.7.3
...
At the moment bundler 2.0 is not compatible with:
https://github.com/discourse/discourse-backup-uploads-to-s3
We plan to get this fixed but in the mean time do not upgrade.
followup to 2a7065c5
2019-05-20 11:23:28 +10:00
2a7065c505
FIX: skip uploads without etag in s3 inventory check.
2019-05-20 00:09:52 +05:30
081eb76308
DEV: update rubocop - take 2
2019-05-17 14:13:25 +02:00
88102ce13d
DEV: update rubocop
2019-05-17 14:08:58 +02:00
bbcc39e66c
FEATURE: update mini_racer to version including heap dump support
...
We recently noticed a leak, this introduces a new method on MiniRacer::Context
```
context.write_heap_snapshot(path)
```
To dump current memory in v8 context to a file, this can then be analyzed
in chrome and other similar tools
Can be triggered in production using rbtrace
2019-05-14 18:01:15 +10:00
73da9c171a
DEV: Upgrade unicorn
...
The gem has minor bug fixes. One of those stopped the RubyMine debugger from working.
2019-05-07 17:03:27 +02:00
d679c4e0eb
Bump onebox version.
...
- FIX: encode the URL per RFC 3986 spec
2019-05-06 18:17:42 +05:30
28547c6f08
revert bundler version change
...
73418aaf73
2019-05-02 04:37:55 +05:30
73418aaf73
DEV: Add bucket folder path to inventory id
2019-05-02 04:35:35 +05:30
2ebe9e3a8b
Bump onebox version
2019-04-30 10:07:48 -03:00
09b3d0c2a0
DEV: Only install danger on Travis. ( #7452 )
2019-04-29 14:45:24 +08:00
fa313564d7
DEV: update rails multisite
...
This gives us Rails 6 support, should not impact existing behavior
2019-04-29 16:24:47 +10:00
c0a5a07eda
DEV: missing change from prev commit
2019-04-29 15:52:47 +10:00
7ea5c8a5f5
DEV: update AWS dependency
...
AWS is a big moving target, this fills gaps in the API. Technically we
use such a tiny surface area that it probably does not matter, but it is
good to be up to date here.
2019-04-29 15:39:19 +10:00
2d9c8581ce
DEV: low risk gem updates
...
This updates another batch of gems that are lowish risk
Most of the gem changes are here for Rails 6 / Ruby 2.6.3 support
Excon did some stuff around better cipher ordering
2019-04-29 15:33:01 +10:00
9797073de0
DEV: update mini_sql and some other gems
...
Big one is mini_sql, only noticeable change is that the internals now
support jruby!
2019-04-29 15:04:19 +10:00
75c1506cb0
DEV: update minor dependencies
...
These gems have very minor changes, and are low risk updates
2019-04-29 15:00:58 +10:00
b3d91ea541
DEV: update rubocop
...
No changes required in core Discourse.
2019-04-29 14:57:30 +10:00
6449170e15
DEV: update mini racer version
...
Mini Racer 0.2.5 provides support for libv8 7.3 (so we just upgraded from
Chrome 67 -> 73 JS engine wise)
2019-04-29 10:22:27 +10:00
4b455e741e
DEV: Ember 3.8.0
...
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-04-26 12:16:21 +02:00
68d7b4023b
FIX: update mini scheduler
...
The UX was not showing any durations longer than 1 minute for scheduled
jobs
Also updates sidekiq and rack minor versions which are low risk
2019-04-26 11:24:17 +10:00
1724c27713
FIX: reload the 'post' model to retrive raw field value.
2019-04-25 02:09:27 +05:30
aed683390c
FIX: Don't treat 'upload_patterns' as constant to make the rake task compatible with multisite
2019-04-25 02:06:20 +05:30
01a3311ffb
SECURITY: Update nokogiri
2019-04-24 10:42:24 +02:00
e8f51815e5
Bump onebox version.
...
- Update github_blob engine to support displaying stl files
- FEATURE: add `data-original-href` attribute to Vimeo iframes
- Add poster image for video oneboxes
2019-04-24 13:59:14 +05:30
8c8d3bea31
Remove unncessary gems installed due to Rails 5.2.3 upgrade.
...
Follow up to b3dcaacdf4
2019-04-23 17:44:49 +08:00
b3dcaacdf4
Update Rails to 5.2.3.
2019-04-20 10:49:54 +09:00
7e3628d11f
Added test-prof as a dependency ( #7395 )
...
test-prof is a collection of tools for analyzing test-suite performance.
2019-04-19 10:52:31 +02:00
2b8487b0ea
Removed "shoulda" gem in favor of "shoulda-matchers" and update ( #7387 )
...
* Update shoulda gem
* Remove shoulda gem in favor of shoulda-matchers only
2019-04-18 07:41:37 +10:00
e50494bcde
Revert "DEV: Upgradae to Bundler 2."
...
This reverts commit f65c8a7ba1
2019-04-15 11:05:51 +08:00
f65c8a7ba1
DEV: Upgradae to Bundler 2.
2019-04-15 09:02:02 +08:00
70fef8e0c3
FIX: change to correct bundled version
2019-04-14 14:46:56 +05:30
87b53e170b
FIX: skip <br> inside <p> if next character is \n
2019-04-14 14:44:54 +05:30
76e76140e1
Bump onebox version
2019-04-12 10:28:36 -03:00
9c1d1777db
Bump onebox version
...
- adds support for oneboxing google drive files
- add styling for google drive onebox favicon
2019-04-10 13:37:24 +05:30
b0053f3a1c
FEATURE: bump onebox version, add styling for new reddit image onebox
2019-04-04 11:24:30 +02:00
b375dcb14a
DEV: Introduce parallel rspec testing
...
Adds the parallel_tests gem, and redis/postgres configuration for running rspec tests in parallel. To use:
```
rake parallel:rake[db:create]
rake parallel:rake[db:migrate]
rake parallel:spec
```
This brings the test suite from 12m20s to 3m11s on my macOS machine
2019-04-01 11:06:47 -04:00
cadd1d670f
DEV: Add simplecov as test dependency ( #7271 )
2019-04-01 16:00:11 +11:00
6ea14b591f
Bump logster to 2.3.0 ( #7251 )
...
Introduces a new feature that keeps track of number of logs that have been suppressed by each pattern.
d3146c0fe1
2019-03-26 07:51:58 +03:00
59491f3047
FIX: Add `sassc-rails` for plugins using sprockets to compile scss
...
This did not affect core because we have a custom stylesheet pipeline
2019-03-21 23:23:29 +00:00
56b4ee43d3
DEV: Update sassc gem
2019-03-20 16:04:26 +00:00
f3d0d8fe7d
Upgrade to Ember 3.7.0
2019-03-20 14:43:25 +01:00
14c1af0a9e
Bump logster version to 2.2.0 ( #7200 )
2019-03-19 09:39:16 +01:00
bd8e46a9c1
SECURITY: Upgrading Rails version to 5.2.2.1
2019-03-13 16:24:54 -03:00
77931b70c3
Revert "DEV: Upgrade to Ember 3.7.0 ( #6977 )" ( #7165 )
...
This reverts commit 3eebf8be73
2019-03-13 15:49:47 -03:00
3eebf8be73
DEV: Upgrade to Ember 3.7.0 ( #6977 )
...
* Upgrade to Ember 3.7.0
* use ember source 3.7.0.2
* fix mobile header
* fix navigation
2019-03-13 12:16:06 +01:00
d4d67386c9
FIX: change to correct bundled version
2019-03-13 16:43:45 +05:30
1b454c73ae
FIX: 'topic' can have null value
2019-03-13 16:34:47 +05:30
a9648e8fd1
onebox version bump
...
- FIX: respect code indentation
2019-03-07 17:55:47 +05:30
1b1f9831b0
Bump onebox version
...
discourse/onebox@4dd5a62
2019-03-06 11:58:41 +05:30
33129efdb5
Revert "Bump onebox version"
...
This reverts commit 345f6237cb
2019-03-05 22:51:02 +01:00
345f6237cb
Bump onebox version
...
f2b361fc28
2019-03-05 22:18:49 +01:00
2d247cc4e9
Bump onebox version
...
- deafult to dedicated vimeo and gfycat engine
2019-02-26 10:50:27 +05:30
9faf058120
FEATURE: mini_sql upgrade
...
- Fixes deprecation regarding usage of BigDecimal in dev
- Handle edge case where query_hash would clear a non existent result
- Minor perf improvement to query_single
Most important thing though is that we are now on the latest gem
2019-02-25 16:02:32 +11:00
3aabb9825f
Revert "DEV: update mini_sql to remove deprecation"
...
This reverts commit e8e61535eb
2019-02-25 15:14:16 +11:00
e8e61535eb
DEV: update mini_sql to remove deprecation
...
The only reason this was done was to remove this deprecation when running
tests.
```
/home/sam/.rbenv/versions/2.6.1/lib/ruby/gems/2.6.0/gems/mini_sql-0.1.10/lib/mini_sql/coders.rb:5: warning: BigDecimal.new is deprecated; use BigDecimal() method instead.
```
2019-02-25 14:31:43 +11:00
f86ca5631a
Bump logster to v 2.1.2 ( #7052 )
2019-02-21 18:59:33 +03:00
8745f78277
DEV: disable async logging in development on broken Ruby
...
Ruby 2.5.3 has an upatched issue that crashes unicorn after fork:
https://bugs.ruby-lang.org/issues/14634
This will be patched in 2.5.4 however for now just warn people dev is slower
and disable async logging on the older rubies
2019-02-21 17:20:58 +11:00
83f13ecf82
FEATURE: bump onebox dependency
...
- Adds support of kaltura oneboxes
- Adds support for typeform oneboxes
2019-02-19 15:22:43 +11:00
a3e9b809b2
Update aws-sdk-* gems to latest versions
2019-02-14 11:04:35 +01:00
4d674acc25
FEATURE: AWS SNS bounce notifications webhooks
2019-02-13 21:26:40 +01:00
1c00e8a755
Bump logster to 2.1.0 ( #7000 )
2019-02-13 10:57:22 +01:00
fb911766ee
FIX: Bump onebox version to include imgur security fix
2019-02-13 01:14:06 +05:30
4cfc201604
DEV: update logster to stable release
...
This update logster to the stable 2.0.1 release instead of running a pre
release
2019-02-06 16:54:42 +11:00
0098b3072e
DEV: update rack-mini-profiler
...
This gem update fixes an issue with upcoming Rails 6
(without this fix mini profiler will not work on rails 6 and simply renders
text)
2019-02-06 16:51:45 +11:00
Sam Saffron
Arpit Jalan
OsamaSayegh
Neil Lalonde
Roman Rizzi
Joffrey JAFFEUX
Abroskin Alexander
Guo Xiang Tan
Vinoth Kannan
David Taylor
Daniel Waterworth
Régis Hanol
Gerhard Schlager
Maja Komel
Nicolas Sebastian Vidal
