A proper fix would involve it being precompiled like other assets, but
due to the conditional nature of the resource this is more complicated.
For now this is better than IE being broken.
This should catch a few scenarios which can waste a lot of time in development
- Forgetting to run migrations
- Missing plugin migrations
- Missing post_deploy migrations
Plugins can add it via API if they need to use `eval`:
```
extend_content_security_policy(script_src: [:unsafe_eval])
```
See https://meta.discourse.org/t/104243
The trouble with having:
/tags/:tag_id/...
and:
/tags/intersection/*tag_ids
for example, is: what happens if you want a tag called intersection?
Under this new scheme. Routes referring to a single tag are unambiguous
because they are prefixed with:
/tag/:tag_id
Routes referring to the collection of tags still start with:
/tags/
This commit just adds the new routes. It doesn't remove the old ones or
cause the new ones to be used.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: ea6326c860 in this
series.
This commit affects the top menu buttons. It is just a refactor and
should not change any functionality.
When using api.decorateWidget("topic-admin-menu:adminMenuButtons") in plugins, an empty button is added if the helper only returns attributes based on a condition (for example, if the admin action is limited to public topics.) In that case, we need to exclude the button from rendering.
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.
Previous commit: f5cca4930d in this
series.
This commit affects the display of some of the unread, new, and unseen
badges in topic lists like when then "show subcategory list above topics
in this category" option is checked.
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.
This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
Hide old bookmark post-menu item if the site setting for the new bookmark reminders is enabled and change icon for the new bookmark functionality to the same as the old bookmark button
Fix null @topic_view error in post serializer for post_bookmark, as new posts do not have a @topic_view
This is a slight workaround which helps somewhat now but is pending a larger
fix.
When this spec ran in parallel mode uploads could start cross talking and
an upload you expect to be there may vanish.
This works around the issue by making the upload unique every time it is
created
It also folds up an expensive test into the main one.
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:
URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.
I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.
Addressable is now also an explicit gem dependency.
* DEV: Remove unused omit_stats variable from user serializer
This was hard-coded to true in a8b5192efd, and is no longer used anywhere
* Remove attribute declarations
When uploading a theme/component, depending on the extension of the
file and the OS/Browser being used, the content type might differ.
This adds the "application/x-zip-compressed" content type that is being
sent by most Browsers on latest Windows when uploading a .zip file.
runAllTests is an async function, so the try/catch block does not help. The function always returns a promise, so we need to use `.catch` to handle errors. Previously, raised errors were ignored, and the process continued running until it timed out.
Régis Hanol
Robin Ward
Penar Musaraj
Joffrey JAFFEUX
Kris
Krzysztof Kotlarek
David Taylor
Gerhard Schlager
Daniel Waterworth
OsamaSayegh
Rishabh
Hector Bustillos
Blake Erickson
Roman Rizzi
Dan Ungureanu
Bianca Nenciu
Martin Brennan
Sam Saffron
dependabot-preview[bot]
Martin Brennan
Mark VanLandingham