73e30ff4c2
Revert "Rename s3 vars, change condition when displaying s3 uploads"
...
The new variables do not reflect that they represent S3 settings.
This reverts commit 24dfa1b657
2018-07-06 15:53:57 +08:00
68bfe0260a
Fix typo ( #6043 )
...
typo: state instead of status
2018-07-05 09:26:48 +08:00
1772b56cda
FIX: minor micro data fixes
2018-06-29 13:41:04 +02:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
24dfa1b657
Rename s3 vars, change condition when displaying s3 uploads
2018-06-25 17:16:01 +02:00
803968147c
FIX: ListItem can’t have itemprop=url and itemprop=item together
2018-06-25 14:12:55 +02:00
bed26ea0b3
fix indentation
2018-06-25 15:01:39 +10:00
a0af15d525
no redeclaring state
2018-06-25 15:01:39 +10:00
e874afaf31
read embed state info from data attribute
2018-06-25 15:01:39 +10:00
6eb0b310fe
add data attributes to reflect embed status
2018-06-25 15:01:39 +10:00
5914a3db20
Update embed.html.erb
...
Small fix
2018-06-25 15:01:39 +10:00
2244f19ff9
Update embed.html.erb
...
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
276526e30e
FIX: improves micro data support
2018-06-13 23:20:48 +02:00
0997eb6486
Add theme stylesheet(s) to the crawler layout
2018-06-12 12:47:48 +10:00
4599cc8435
FIX: PM participants listed inline
2018-06-11 18:14:25 -07:00
0402e97368
FIX: redirect to sso_destination_url after account activation
2018-05-11 19:57:04 +02:00
6a006b3646
FIX: format posts for embedded comments as we do for emails
2018-05-09 19:24:44 +02:00
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
62a8904729
Feature: Include participants at the bottom of PM emails ( #5797 )
...
* Feature: Include participants at the bottom of PM emails
... as undecorated links.
https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast
Fix: missing translation for PM mentions
* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
54d153068a
DEV: remove qunit rails fork and add a couple of async tests
2018-04-23 16:42:40 +10:00
45cfb61af1
FIX: sanitize click track links
2018-04-17 12:35:16 +05:30
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
223379e21a
per spec we need to repeat disallow paths per agent
2018-04-16 15:38:10 +10:00
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
1a9271dd2f
add a warning in robots.txt when using subfolder
2018-04-12 00:00:15 +02:00
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
489c22d93c
FEATURE: Disallow tags and categories rss feeds
...
This stops crawlers from hitting tags and category rss feeds to discover
new content, instead they should focus on latest/posts if they need to
consume something regular
2018-04-11 14:36:10 +10:00
f40f10240c
FEATURE: remove topic rss from robots
...
Crawlers love hitting the rss feeds (confirmed that both Google and Bing do)
Experimenting with the impact of blocking these feeds and forcing Crawlers to hit
the content direct. It is better if they hit the actual page to start with as opposed to
1. Hit RSS feed
2. Find new content
3. Hit post link
4. Get canonical
5. Hit canonical
Lots of pointless work.
We do not know for sure what impact this will have on newsreader apps,
we will listen for feedback.
2018-04-11 11:57:52 +10:00
32f919ea34
Fix - service worker registrations
...
* register service workers in a development env
* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
b7ecdb72d6
FIX: update Google Tag Manager javascript
2018-04-03 14:22:06 -04:00
5e4dd20795
Revert "Prevent robots from indexing uploads"
...
This reverts commit 0fd622e5d1
2018-04-02 21:29:29 +05:30
c9216626d8
Merge pull request #5688 from discourse/fix-embed-comments-template-error
...
FIX: Make sure a post has replies before accessing the reply_id
2018-03-27 15:30:53 -04:00
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
f213dea529
Make sure a post has replies before accessing the reply id
2018-03-20 12:13:41 -07:00
89f5c90ce0
FIX: show an error page on click tracking error
2018-03-17 00:33:11 +01:00
8c1d145f0e
FIX: when visiting post on mobile it is not selected
2018-03-13 14:06:08 +11:00
0fd622e5d1
Prevent robots from indexing uploads
...
Although most user uploads are probably harmless, it's possible someone
has (either maliciously or not) uploaded sensitive information. Prevent
robots from indexing the uploads route.
2018-03-09 05:51:55 -06:00
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
e19ae6c55e
FEATURE: disallow groups from being indexed
2018-03-02 13:38:30 +11:00
70f14da732
UX: Use 'tel' input type for 2FA token inputs.
2018-02-27 09:30:44 +08:00
ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component
...
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
2018-02-26 11:42:57 +01:00
a9699da672
UX: Specify pattern and maxlength for 2FA input fields.
2018-02-26 18:29:46 +08:00
1f74509a75
FIX: 2FA prompt incorrectly displayed on admin login page.
2018-02-23 11:05:39 +08:00
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
edf326a9a5
Fix incorrect translation.
2018-02-22 08:06:37 +08:00
14f3594f9f
Review Changes for f4f8a293e7.
2018-02-21 14:55:49 +08:00
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
7902296c11
Oops we should register a service worker as long as it is supported.
2018-02-15 15:02:14 +08:00
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
0776340b29
SECURITY: Prevent robots from indexing more routes
...
These routes could contain sensitive material and should never be
indexed for content.
2018-02-04 13:24:36 -05:00
2493648f9c
PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster
2018-01-12 11:03:03 -05:00
8ff5f5f2ef
FIX: cache admin locale file for 24 hours
2018-01-09 10:23:49 +11:00
f08995c390
Remove unused code lines
2017-12-29 12:32:18 +05:30
44ee388070
FEATURE: omit images from og and twitter description tags
2017-11-28 21:34:02 +01:00
c2da25dd5c
Cleaning up the 404 page ( #5363 )
2017-11-24 12:41:31 -05:00
66e53f449a
UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse
2017-11-21 13:56:19 -05:00
cef64e8f03
UX: Use `no_ember` styling for omniauth error page
2017-11-15 14:04:26 -05:00
d07ebf9d4c
UX: Support for custom error pages and headers in plugins
2017-11-14 16:31:44 -05:00
1c56e1c063
Support for HTML builders on the no-ember view
2017-11-14 16:04:27 -05:00
52480d554a
UX: Support for custom 404 pages
2017-11-14 11:57:17 -05:00
dfe9f70747
UX: warn that something must be selected with safe mode
2017-11-13 15:59:51 +11:00
38b8d68c68
FEATURE: Allow the user to select a custom home page ( #5268 )
...
* Add user_home configuration option
* Use the new user_home preference to actually show the right home page
* Fix trailing whitespace
* Update user_option_serializer.rb
* Fix JavaScript default homepage tests
* Use an object instead of a giant switch
* Remove trailing whitespace
* Make the default `user_home` set to `null` instead of `0`
* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
7eb5f78343
UX: increase max length of topic titles in summary email html by 40 characters
2017-11-06 10:00:01 -05:00
7dc3671490
FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead.
2017-11-01 11:41:51 -04:00
bd1616d3d9
Add offline route and service worker to fix Android app install banner ( #5217 )
...
* set up static offline.html route and service worker for Android Web App Banner
* add viewport meta tag to offline view for android app banner
* add i18n support for offline.html pages, cleanup
* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
a5afc08363
FIX: html links in text part of summary email
2017-10-30 15:43:01 -04:00
28bc5ac10a
FIX: link to about page on subfolder
2017-10-30 14:34:12 -04:00
fec5691064
FIX: unsubscribe links in summary emails were missing subfolder
2017-10-30 14:28:43 -04:00
bf00ab5d4a
FIX: grant admin on subfolder
2017-10-27 16:46:02 -04:00
33f0d80ed5
UX: better title on search page
2017-10-27 09:13:04 +05:30
ad9553ff86
Merge pull request #5238 from discourse/jomaxro-patch-1
...
Add div to login-required text
2017-10-24 17:04:18 +08:00
e9159e49f3
FEATURE: Site Setting to determine whether flags defaults to topics
2017-10-20 12:37:20 -04:00
cafbf506cc
better error message when confirming email change
2017-10-20 20:58:00 +05:30
64e5532b90
Add div to login-required text
2017-10-15 14:45:24 -04:00
6fe604b93e
Revert "SECURITY: Fix XSS on unsubscribed page."
...
This reverts commit 190558db9d
2017-10-09 09:03:07 +08:00
190558db9d
SECURITY: Fix XSS on unsubscribed page.
2017-10-09 08:59:03 +08:00
70bb2aa426
FEATURE: allow specifying s3 config via globals
...
This refactors handling of s3 so it can be specified via GlobalSetting
This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3
It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
ebdf8d6718
remove uneeded code
2017-10-04 15:05:58 +11:00
14310d2eee
UX: title in JS must match title on Server
...
Corrects title flashing with incorrect value on front page reloads
2017-10-04 15:04:42 +11:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
6d35b62238
add image type attribute to icon link tag
2017-09-08 12:48:30 +05:30
e183600563
FIX: redirect loop for new users visiting /new-topic using full screen login
2017-09-07 21:02:41 +01:00
fa69e0dd77
Improved metadata for tags. ( #5067 )
2017-08-28 13:11:34 -04:00
d506e577a5
FEATURE: if full search returns no results, show google search form
2017-08-15 16:46:41 -04:00
b354099252
FEATURE: add custom open graph tag for ignoring canonical url
2017-08-15 19:24:20 +05:30
37300d6777
SECURITY: Do not show latest/top topics on 404 for login_required sites
2017-08-13 19:02:44 +03:00
bf2c35aa99
FEATURE: add RSS feed for badge pages
2017-08-09 13:43:49 +05:30
2e4b3e9b06
Don't include all html builders on client and server side
2017-08-07 11:29:35 -04:00
2d95b9dfbf
FIX: prevent Cloudflare from obfuscating emails
...
https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-
2017-08-03 15:06:13 +05:30
f3f7dd02d1
safely call html_safe on category description
...
The `categories.description` column is not modified as "not null", so it is possible for the description to be nil. This changes the code not call html_safe on nil.
2017-07-25 11:40:02 -07:00
4f77ca72a3
Stop Rails from escaping the HTML in this description.
2017-07-24 17:15:15 -07:00
d0c5205a52
Feature: Change markdown engine to markdown it
...
This commit removes the old evilstreak markdownjs engine.
- Adds specs to WhiteLister and changes it to stop using globals
(Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
3ebd8838af
FEATURE: cross-domain tracking for Google universal analytics
2017-07-13 15:21:44 -04:00
79a084dd58
Revert "remove old markdown engine work-in-progress"
...
This reverts commit ee470b5317
2017-07-12 18:10:51 -04:00
Guo Xiang Tan
Christoph Holtermann
Joffrey JAFFEUX
Maja Komel
Rafael dos Santos Silva
Angus McLeod
Jeff Wong
Régis Hanol
Arpit Jalan
Robin Ward
Sam
Neil Lalonde
scossar
Dan Nicholson
OsamaSayegh
Erick Guan
Vinoth Kannan
Gerhard Schlager
Kris
Michael Howell
Penar Musaraj
Guo Xiang Tan
Joshua Rosenfeld
Leo McArdle
Bianca Nenciu
David Taylor
Ryan Mulligan
Benjamin Elijah Griffin