Commit Graph

19 Commits

Author SHA1 Message Date
Vinoth Kannan 72810853ea
FIX: strip the trailing slash (/) of cors origins. (#10996)
Strips trailing `/` from global settings
Provides a validation for site settings to ensure a trailing `/` is not added
2020-10-29 13:01:06 +11:00
Sam Saffron 25f1f23288
FEATURE: Stricter rules for user presence
Previously we would consider a user "present" and "last seen" if the
browser window was visible.

This has many edge cases, you could be considered present and around for
days just by having a window open and no screensaver on.

Instead we now also check that you either clicked, transitioned around app
or scrolled the page in the last minute in combination with window
visibility

This will lead to more reliable notifications via email and reduce load of
message bus for cases where a user walks away from the terminal
2020-03-26 17:36:52 +11:00
Sam Saffron 494fe335d3 DEV: allow handling crawler reqs with no user agent
Followup to e440ec25 we treat no user agent as crawler reqs.
2019-12-09 18:40:10 +11:00
Robin Ward ddd45d1419 FIX: Broken spec 2019-09-09 15:07:40 -04:00
Sam Saffron 4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Davide Porrovecchio 005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Sam 37c5280f73 correct spec 2018-09-17 11:37:01 +10:00
Davide Porrovecchio 1826626272 FEATURE: Add Content-Type header to CORS
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
2018-08-28 11:19:38 +10:00
Davide Porrovecchio dd9d815178 FIX: Add User Api Key headers to CORS
- add User-Api-Key and User-Api-Client-Id to Access-Control-Allow-Headers
- update test
2018-07-24 10:28:23 +10:00
Sam adae963751 ensure we do not override charset for content type 2018-01-25 18:43:42 +11:00
Sam fc36f095a7 FIX: ensure proper header transfer (except for cache control)
allows discourse special headers to be visible on hijacked reqs
2018-01-21 14:26:42 +11:00
Sam 12872d03be PERF: run post timings in background
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Sam 90a55d6f7c FIX: handle CORS in hijacked requests 2017-12-07 10:31:04 +11:00
Sam df84e1c358 Correctly track hijacked requests 2017-11-28 16:47:20 +11:00
Sam 0caa335ef0 FIX: Handle more cases where HTTP status is not correct
HTTP status was not correct with send_file which uses streaming
2017-11-28 11:00:13 +11:00
Sam ca7af7b88f FIX: displaying wrong avatar and letter avatar
correct regression where params and env is reused in production
2017-11-28 09:28:40 +11:00
Sam 608207b2e5 FEATURE: avatar proxy happens in background
This ensures that even if it is slow to download avatars site will
continue to work

Also simplifies hijack pattern
2017-11-27 17:43:24 +11:00
Guo Xiang Tan 2e04ef97d9 Fix the build. 2017-11-27 10:53:05 +08:00
Sam e0e99d4bbd PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-24 15:31:40 +11:00