Commit Graph

1151 Commits

Author SHA1 Message Date
David Taylor 52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor 5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Sam Saffron a0474a0774 FIX: always take the first post in the RSS fee
`.posts.first` may be the first post and may not, depending on luck

Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Saurabh Patel b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Vinoth Kannan f9f12ed221 PERF: fix N+1 queries for non-JS topic view. 2019-06-03 21:47:33 +05:30
Régis Hanol f6ced0a78a Remove unused & empty author meta tag 2019-06-03 12:00:14 +02:00
David Taylor 7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Kris 98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Arpit Jalan 553ffbfcb5 FEATURE: add OpenGraph data to /login page 2019-05-23 07:03:01 +05:30
Gerhard Schlager 58f72cd439 Remove duplicate translations 2019-05-22 16:15:22 +02:00
Osama Sayegh 14bae6d52d Make `email_excerpt` method take an optional `post` param (#7570)
The spoiler alert plugin replaces spoiler text found in email excerpts with posts URL, which means it needs to have a reference to the post it's processing.

This change makes `email_excerpt` accepts an optional post param, which calls `PrettyText.format_for_email` which then triggers the `reduce_cooked` event that the plugin subscribes to.
2019-05-20 10:04:23 +02:00
Saurabh Patel e20f13ebb7 fix css of prev and next page links, move them to bottom of page (#7465)
Thanks 👍
2019-05-07 17:04:27 +02:00
Penar Musaraj 5e546ba7d1 Standardize viewport rules for mobile and desktop
Also removes`maximum-scale` on non-mobile devices, better for accessibility.
2019-05-06 10:28:29 -04:00
Sam Saffron 1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Saurabh Patel d4bec7fdfb use description_text instead of description to show correct sanitized description (#7420) 2019-04-24 16:33:58 +10:00
Bianca Nenciu 1867f2dda0
FEATURE: Always track clicks using AJAX. (#7373) 2019-04-23 12:41:36 +03:00
Saurabh Patel 3658be42f5 FIX: remove like_count and <hr> tag from post crawler layout (#7413)
* show likes value in crawler view if count is > 0

* remove <hr> since horizontal line is already provided by css - this removes one of 2 horizontal lines in post crawler view
2019-04-23 15:35:57 +10:00
Robin Ward a8e3ac90a0 FIX: `nil` error in list, incorrect count in reviewable pending 2019-04-22 12:18:57 -04:00
Saurabh Patel 3f9ec197e7 FIX: use last_activity_date instead of created_at for crawler view 2019-04-22 11:38:48 -04:00
Penar Musaraj 7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Roman Rizzi 12a5c69abd
FEATURE: Allow users to tone down digest emails (#7353)
* FEATURE: Allow user to tone down email digest insteand of only unsubscribing

* Reordered options and select the next slowest frequency by default
2019-04-17 12:14:40 -03:00
Penar Musaraj eae22548de
Footer navigation for iOS PWAs and DiscourseHub app (#7347) 2019-04-10 12:23:18 -04:00
Saurabh Patel 9b288613ae DEV: remove span from inside <tr> and move meta info to a td (#7324) 2019-04-05 09:32:11 +02:00
Saurabh Patel 90fc2d15c4 FEATURE: change layout when default page is category to tabular for _… (#7270) 2019-04-04 15:57:18 +02:00
Saurabh Patel da2f659635 UX: Improve posts layout for crawler (#7286) 2019-04-03 11:58:00 +02:00
Robin Ward 76669bb5a6 FIX: Don't refer to pending review items as flags
They could be queued posts or users, and the notice should reflect that
properly.
2019-04-01 14:46:56 -04:00
Penar Musaraj fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Saurabh Patel 4a47ec791f * FEATURE: change layout of escaped_fragment_ topic page to table one like live discourse (#7250) 2019-03-27 21:32:56 +01:00
Rafael dos Santos Silva 8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Jeff Wong b0d93a38e8 FEATURE: Add plugin html hook to insert html before any other scripts 2019-03-05 10:41:16 -08:00
Arpit Jalan ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Arpit Jalan 01e2180548 FIX: /signup and /password-reset direct links were broken 2019-03-04 09:02:22 +05:30
Joffrey JAFFEUX 900e187627
DEV: removing blank files (#7057) 2019-02-25 09:52:44 +01:00
Dan Ungureanu 90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Vinoth Kannan e0c16d3a8a minor refactoring to improve code readability 2019-02-11 17:24:02 +05:30
Vinoth Kannan 2c12336c6b FIX: Display post updated date in non-JS view for crawler 2019-02-11 16:48:22 +05:30
Vinoth Kannan 3d52f690b3 UX: Add post action text in non-JS topic view 2019-01-28 22:51:06 +05:30
Joffrey JAFFEUX 096a81158a
FIX: siteNavigationElement was reversed (#6934) 2019-01-23 15:47:39 +01:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Arpit Jalan 93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor 49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
Saurabh Patel a52baf4b28 FEAT: use category logo image as meta image (#6865) 2019-01-10 09:33:13 +08:00
cfitz 19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Guo Xiang Tan ffdacba219 Remove extra `apple-touch-icon` link in head.
The sizes attribute does not make a difference because both
image provided is of the same size.
2018-11-29 15:24:52 +08:00
Arpit Jalan 654d7996ae FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30
Arpit Jalan bdb1268528 FIX: static page title should be consistent on client side and server side 2018-11-27 22:03:52 +05:30
Maja Komel a0fca2b6ed FIX: popular posts font weight in summary email 2018-11-27 12:58:28 +01:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Guo Xiang Tan 0972516abe FIX: Incorrect "rel" used for apple icons in `<head>`.
Nothing on the web I can find suggests that this should have been `rel=icon`.
See https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
2018-11-26 10:40:09 +08:00
Joe 336436dfb4
UX: better handling of logo size 2018-11-23 22:04:42 +08:00
Joe e2214b50f3
UX: add height attribute to logo on error pages
This matches what we do in the home-logo widget. The height is set as an attribute and we use CSS to get a scaled width that preserves the aspect ratio of the image.
2018-11-23 15:04:34 +08:00
Kyle Zhao 80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao 5f754b43f1
extract inline `onpopstate` handler on 404 page (#6613) 2018-11-15 13:35:38 -05:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Joe 7707e42441 DEV: moves print-specific styles from internal style tag to external print sheet (#6581)
* DEV: removes internal styles from print view

* DEV: adds styles to print sheet
2018-11-13 14:45:55 +11:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
David Taylor 37fb8fc0e7
FIX: Do not display broken image on crawler/print view (#6575) 2018-11-07 22:28:45 +00:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Sam d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Joe 4234058358 UX: don't show crawler navigation in print view (#6551)
* UX: adds CSS classes to crawler navigation links

* UX: hide crawler navigation in print view
2018-11-02 09:18:07 +11:00
Gerhard Schlager 733b8af47b FIX: Uploads didn't work for subfolder anymore 2018-10-30 12:53:57 +01:00
Vinoth Kannan 92bf3c667e FIX: Flash authentication data not rendered in latest iOS safari browser 2018-10-30 04:00:36 +05:30
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Sam Saffron abaa3f0650 FEATURE: add server:before-head-close-crawler outlet for plugins
This outlet allows plugins to inject html prior to closing head tag
2018-10-25 16:31:05 +11:00
Kris c219a5fb1e
Add btn-default class to all default buttons (#6521) 2018-10-24 16:09:36 -04:00
Sam 4c8fe13500 FIX: remove code that restricted "header" theme field from admin
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion

Conditional is now removed
2018-10-15 17:29:10 +11:00
Robin Ward c2add85e75 FIX: Typo, should be `authentication`
cc @xrav3nz
2018-10-11 14:58:46 -04:00
Kyle Zhao acba7d2a5d Extract `discourse_javascript.html.erb` to a scrip include
* extract omniauth auth complete inline JS

* extract Ember error logging inline JS

* transpile `authentication-complete`

This is CSP related work
2018-10-09 16:50:45 +11:00
Kyle Zhao ab448ca8f3 extract client side `Discourse` setup inline JS (#6409) 2018-10-01 21:29:04 -07:00
Kyle Zhao d0f660806d FIX: close `data-preloaded` div tag 2018-10-01 15:24:27 +08:00
Kyle Zhao 819f090d6a move large blobs out of `<head>` (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao f666d72606 extract inline JS for google tag manager 2018-09-17 09:56:00 +10:00
Kyle Zhao 38c70bfda2 extract inline JS for google analytics 2018-09-17 09:56:00 +10:00
OsamaSayegh a4f057a589 UX: improvements to admin theme UI 2018-09-17 09:49:53 +10:00
Osama Sayegh 16bd3f2cf2 FIX: use current user color scheme when filling `theme-color` attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Guo Xiang Tan a033327b93 Manage qunit via yarn. 2018-09-11 15:07:28 +08:00
Gerhard Schlager 2801376df5 FIX: Wizard didn't load translations correctly
* Translations from the js.* namespace were not found, because the i18n-patches were not loaded.
* The extra-locales didn't use a hash in the URL.
2018-09-05 15:14:09 +02:00
Neil Lalonde ebe7835316 FIX: links in rss feeds are sometimes wrong on subfolder installs 2018-08-27 18:05:15 -04:00
Gerhard Schlager bed34b52b5 UX: Blue "Resend Activation Email" button in wizzard 2018-08-21 22:18:08 +02:00
Gerhard Schlager cc851af750 FIX: HTML lang attribute expects hyphen instead of underscore 2018-08-20 13:55:58 +02:00
Misaka 0x4e21 d4fd19d49a UX: Replace Google search with Discourse search on not found page
* UX: Replace Google search with Discourse search on not found page.

* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Neil Lalonde 71b65be6f6 SECURITY: prevent use of X-Forwarded-Host to perform XSS 2018-08-13 16:45:22 -04:00
Sam 7aef604f7d regression, if there is not excerpt skip 2018-08-09 15:07:18 +10:00
Osama Sayegh 0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Sam 3f6ad65aec FEATURE: include excerpt in HTML view for pinned topics 2018-08-08 11:15:49 +10:00
Neil Lalonde 4e6e4a83df FIX: subfolder digest emails have incorrect URLs 2018-08-07 16:38:17 -04:00
Joffrey JAFFEUX d494feaa32
FIX: should not be needed as we have itemprop='url' 2018-07-30 09:31:27 -04:00
Arpit Jalan dfcb2a0d42 FEATURE: include published_time in metadata 2018-07-30 17:09:56 +05:30
Neil Lalonde f4b5eccad3 FIX: categories page crawler view had incorrect URLs 2018-07-23 14:54:41 -04:00
OsamaSayegh decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Guo Xiang Tan 875008522d FIX: `Discourse.S3BaseUrl` did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan 73e30ff4c2 Revert "Rename s3 vars, change condition when displaying s3 uploads"
The new variables do not reflect that they represent S3 settings.

This reverts commit 24dfa1b657.
2018-07-06 15:53:57 +08:00
Christoph Holtermann 68bfe0260a Fix typo (#6043)
typo: state instead of status
2018-07-05 09:26:48 +08:00
Joffrey JAFFEUX 1772b56cda
FIX: minor micro data fixes 2018-06-29 13:41:04 +02:00
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Maja Komel 24dfa1b657 Rename s3 vars, change condition when displaying s3 uploads 2018-06-25 17:16:01 +02:00
Joffrey JAFFEUX 803968147c
FIX: ListItem can’t have itemprop=url and itemprop=item together 2018-06-25 14:12:55 +02:00
Christoph Holtermann bed26ea0b3 fix indentation 2018-06-25 15:01:39 +10:00
Christoph Holtermann a0af15d525 no redeclaring state 2018-06-25 15:01:39 +10:00
Christoph Holtermann e874afaf31 read embed state info from data attribute 2018-06-25 15:01:39 +10:00
Christoph Holtermann 6eb0b310fe add data attributes to reflect embed status 2018-06-25 15:01:39 +10:00
Christoph Holtermann 5914a3db20 Update embed.html.erb
Small fix
2018-06-25 15:01:39 +10:00
Christoph Holtermann 2244f19ff9 Update embed.html.erb
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00
Rafael dos Santos Silva 8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Joffrey JAFFEUX 276526e30e
FIX: improves micro data support 2018-06-13 23:20:48 +02:00
Angus McLeod 0997eb6486 Add theme stylesheet(s) to the crawler layout 2018-06-12 12:47:48 +10:00
Jeff Wong 4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Régis Hanol 0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Régis Hanol 6a006b3646 FIX: format posts for embedded comments as we do for emails 2018-05-09 19:24:44 +02:00
Arpit Jalan 83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Jeff Wong 62a8904729
Feature: Include participants at the bottom of PM emails (#5797)
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Robin Ward a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Robin Ward fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam 54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Arpit Jalan 45cfb61af1 FIX: sanitize click track links 2018-04-17 12:35:16 +05:30
Robin Ward 3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Sam 223379e21a per spec we need to repeat disallow paths per agent 2018-04-16 15:38:10 +10:00
Arpit Jalan a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Régis Hanol 1a9271dd2f add a warning in robots.txt when using subfolder 2018-04-12 00:00:15 +02:00
Régis Hanol df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Sam 489c22d93c FEATURE: Disallow tags and categories rss feeds
This stops crawlers from hitting tags and category rss feeds to discover
new content, instead they should focus on latest/posts if they need to
consume something regular
2018-04-11 14:36:10 +10:00
Sam f40f10240c FEATURE: remove topic rss from robots
Crawlers love hitting the rss feeds (confirmed that both Google and Bing do)

Experimenting with the impact of blocking these feeds and forcing Crawlers to hit
the content direct. It is better if they hit the actual page to start with as opposed to

1. Hit RSS feed
2. Find new content
3. Hit post link
4. Get canonical
5. Hit canonical

Lots of pointless work.

We do not know for sure what impact this will have on newsreader apps,
we will listen for feedback.
2018-04-11 11:57:52 +10:00
Jeff Wong 32f919ea34 Fix - service worker registrations
* register service workers in a development env

* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
Sam 3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Neil Lalonde b7ecdb72d6 FIX: update Google Tag Manager javascript 2018-04-03 14:22:06 -04:00
Arpit Jalan 5e4dd20795 Revert "Prevent robots from indexing uploads"
This reverts commit 0fd622e5d1.
2018-04-02 21:29:29 +05:30
Neil Lalonde c9216626d8
Merge pull request #5688 from discourse/fix-embed-comments-template-error
FIX: Make sure a post has replies before accessing the reply_id
2018-03-27 15:30:53 -04:00
Neil Lalonde ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
scossar f213dea529 Make sure a post has replies before accessing the reply id 2018-03-20 12:13:41 -07:00
Régis Hanol 89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Sam 8c1d145f0e FIX: when visiting post on mobile it is not selected 2018-03-13 14:06:08 +11:00
Dan Nicholson 0fd622e5d1 Prevent robots from indexing uploads
Although most user uploads are probably harmless, it's possible someone
has (either maliciously or not) uploaded sensitive information. Prevent
robots from indexing the uploads route.
2018-03-09 05:51:55 -06:00
OsamaSayegh 282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam e19ae6c55e FEATURE: disallow groups from being indexed 2018-03-02 13:38:30 +11:00
Guo Xiang Tan 70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Joffrey JAFFEUX ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
2018-02-26 11:42:57 +01:00
Guo Xiang Tan a9699da672 UX: Specify pattern and maxlength for 2FA input fields. 2018-02-26 18:29:46 +08:00
Guo Xiang Tan 1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Maja Komel 76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan 964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Guo Xiang Tan edf326a9a5 Fix incorrect translation. 2018-02-22 08:06:37 +08:00
Guo Xiang Tan 14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan 7902296c11 Oops we should register a service worker as long as it is supported. 2018-02-15 15:02:14 +08:00
Guo Xiang Tan 28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward 0776340b29 SECURITY: Prevent robots from indexing more routes
These routes could contain sensitive material and should never be
indexed for content.
2018-02-04 13:24:36 -05:00
Neil Lalonde 2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Sam 8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Vinoth Kannan f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Gerhard Schlager 44ee388070 FEATURE: omit images from og and twitter description tags 2017-11-28 21:34:02 +01:00
Kris c2da25dd5c
Cleaning up the 404 page (#5363) 2017-11-24 12:41:31 -05:00
Neil Lalonde 66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward cef64e8f03 UX: Use `no_ember` styling for omniauth error page 2017-11-15 14:04:26 -05:00
Robin Ward d07ebf9d4c UX: Support for custom error pages and headers in plugins 2017-11-14 16:31:44 -05:00
Robin Ward 1c56e1c063 Support for HTML builders on the no-ember view 2017-11-14 16:04:27 -05:00
Robin Ward 52480d554a UX: Support for custom 404 pages 2017-11-14 11:57:17 -05:00
Sam dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Michael Howell 38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268)
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Neil Lalonde 7eb5f78343 UX: increase max length of topic titles in summary email html by 40 characters 2017-11-06 10:00:01 -05:00
Neil Lalonde 7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Penar Musaraj bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Neil Lalonde a5afc08363 FIX: html links in text part of summary email 2017-10-30 15:43:01 -04:00
Neil Lalonde 28bc5ac10a FIX: link to about page on subfolder 2017-10-30 14:34:12 -04:00
Neil Lalonde fec5691064 FIX: unsubscribe links in summary emails were missing subfolder 2017-10-30 14:28:43 -04:00
Neil Lalonde bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Arpit Jalan 33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Guo Xiang Tan ad9553ff86 Merge pull request #5238 from discourse/jomaxro-patch-1
Add div to login-required text
2017-10-24 17:04:18 +08:00
Robin Ward e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Arpit Jalan cafbf506cc better error message when confirming email change 2017-10-20 20:58:00 +05:30
Joshua Rosenfeld 64e5532b90 Add div to login-required text 2017-10-15 14:45:24 -04:00
Guo Xiang Tan 6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan 190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Sam 70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Sam ebdf8d6718 remove uneeded code 2017-10-04 15:05:58 +11:00
Sam 14310d2eee UX: title in JS must match title on Server
Corrects title flashing with incorrect value on front page reloads
2017-10-04 15:04:42 +11:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Arpit Jalan 6d35b62238 add image type attribute to icon link tag 2017-09-08 12:48:30 +05:30
Leo McArdle e183600563 FIX: redirect loop for new users visiting /new-topic using full screen login 2017-09-07 21:02:41 +01:00
Bianca Nenciu fa69e0dd77 Improved metadata for tags. (#5067) 2017-08-28 13:11:34 -04:00
Neil Lalonde d506e577a5 FEATURE: if full search returns no results, show google search form 2017-08-15 16:46:41 -04:00
Arpit Jalan b354099252 FEATURE: add custom open graph tag for ignoring canonical url 2017-08-15 19:24:20 +05:30
David Taylor 37300d6777 SECURITY: Do not show latest/top topics on 404 for login_required sites 2017-08-13 19:02:44 +03:00
Arpit Jalan bf2c35aa99 FEATURE: add RSS feed for badge pages 2017-08-09 13:43:49 +05:30
Robin Ward 2e4b3e9b06 Don't include all html builders on client and server side 2017-08-07 11:29:35 -04:00
Arpit Jalan 2d95b9dfbf FIX: prevent Cloudflare from obfuscating emails
https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-
2017-08-03 15:06:13 +05:30
Ryan Mulligan f3f7dd02d1 safely call html_safe on category description
The `categories.description` column is not modified as "not null", so it is possible for the description to be nil. This changes the code not call html_safe on nil.
2017-07-25 11:40:02 -07:00
Benjamin Elijah Griffin 4f77ca72a3 Stop Rails from escaping the HTML in this description. 2017-07-24 17:15:15 -07:00
Sam Saffron d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Neil Lalonde 3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam 79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Guo Xiang Tan 7b35c55a1e FIX: Display Google search form when 404 page is rendered by Ember. 2017-06-29 14:37:24 +09:00
Neil Lalonde eee00b5bb5 UX: include a link to change email preferences at the bottom of summary emails as an alternative to unsubscribing 2017-06-26 12:27:22 -04:00
Sam 234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
hosnas 4d62f41fbc RTL digest emails
Allows RTL digest emails. 
For this to work, I have done the following major additions:
1- adding appropriate direction to body and tables
2- making text-direction compatible with rtl
3- making float, padding, and margin tags compatible with rtl
2017-06-16 15:20:20 +04:30
Neil Lalonde 0b41046238 don't force SiteSetting.title into meta title tag 2017-06-12 13:50:50 -04:00
Arpit Jalan 6e37f09b19 UX: add email to '/email/unsubscribed' page 2017-06-10 09:51:12 +05:30
Jeff Atwood 5ff986129a copyedit to unsubscribe email 2017-06-09 00:27:24 -07:00
Arpit Jalan 1c0bbcd580 UX: show user email when unsubscribing 2017-06-09 09:20:24 +05:30
Leo McArdle 59922ce0a4 FEATURE: remove table wrapping posts in notification emails 2017-05-16 10:37:53 -04:00
Pat David aa009dd2b5 Add @embeddable_css_class from embed_controller 2017-05-11 15:16:16 -04:00
Guo Xiang Tan 71a266b673 Remove daily mailing mode option as it doesn't scale.
https://meta.discourse.org/t/daily-updates-option-for-mailing-list-mode/45029/14?u=tgxworld
2017-05-05 12:21:50 +08:00
Robin Ward b381372184 Use Ember.js for the `/u/account-created` path so we can add controls 2017-05-03 11:18:01 -04:00
Guo Xiang Tan 982e3d04f6 PERF: Allow memory to be freed instead of fetching all the objects into memory at once.
```
MemoryProfiler.report do
  Jobs::UserEmail.new.execute(type: :mailing_list, user_id: user.id)
end.pretty_print
```

Before:
```
Total allocated: 180096119 bytes (1962025 objects)
Total retained:  2194 bytes (16 objects)

allocated memory by gem
-----------------------------------
  66979096  activerecord-4.2.8
  43507184  nokogiri-1.7.1
  43365188  mail-2.6.4
   5960201  activesupport-4.2.8
   5056267  discourse/lib
   4835284  rack-mini-profiler-0.10.1
   3825817  arel-6.0.4
   2186088  i18n-0.8.1
   1719330  discourse/app
```

After:
```
Total allocated: 161935975 bytes (1473940 objects)
Total retained:  2234 bytes (17 objects)

allocated memory by gem
-----------------------------------
  45430264  activerecord-4.2.8
  43568627  nokogiri-1.7.1
  43430754  mail-2.6.4
  11233878  rack-mini-profiler-0.10.1
   5260825  activesupport-4.2.8
   5054491  discourse/lib
   2186088  i18n-0.8.1
   1822494  arel-6.0.4
```
2017-05-03 17:01:57 +08:00
Guo Xiang Tan f5b11cb429 PERF: Don't allocate extra array. 2017-05-02 11:54:23 +08:00
Robin Ward 30ebaf6b6a Update FontAwesome to 4.7.0 2017-04-26 15:16:30 -04:00
Robin Ward cd4f0393a8 Add a title tag to the search results page 2017-04-26 15:02:07 -04:00
Robin Ward bf9c4a7828 FEATURE: secure_email site setting to prevent data going out in email 2017-04-26 13:05:56 -04:00
Sam dfe3c162cc move stylesheet after js 2017-04-20 12:34:50 -04:00
Sam bbed29ba57 correct font preloading 2017-04-20 11:18:37 -04:00
Robin Ward 8b8ee2ad61 Pass a context in when using a HTML builder 2017-04-18 12:35:35 -04:00
Sam b43d2e42f4 missing spots 2017-04-17 12:30:20 -04:00
Sam 81ebe853d1 missed a few spots 2017-04-17 12:05:23 -04:00
Sam 5dd752877e FEATURE: try adding some preload hints for chrome 2017-04-17 11:52:43 -04:00
Arpit Jalan fe29fe71c5 FIX: embedding comments was broken 2017-04-14 08:14:22 +05:30
Sam 3f4f0b32a9 FIX: path wizard showing with no style 2017-04-13 15:22:39 -04:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Arpit Jalan b3761653b3 FIX: render emoji in title tag on topic page 2017-04-11 00:25:22 +05:30
Neil Lalonde 3957540dd1 FIX: convert emoji to unicode in topic titles in emails 2017-04-10 13:15:25 -04:00
Arpit Jalan f960505359 FIX: translate badge metadata title 2017-04-06 09:57:52 +05:30
Aashaka Shah 402eaaa773 FEATURE: add og tags to metadata in individual badges page 2017-04-06 09:32:53 +05:30
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Robin Ward 45a257815a Convert front end paths from `/users/` to `/u/` 2017-03-30 10:23:24 -04:00
Robin Ward 2fedf1c668 FIX: jQuery include was incorrect for `finish-installation` 2017-03-27 10:29:25 -04:00
Robin Ward 874e8900af Display email address in SSO error message. 2017-03-21 15:37:46 -04:00
Robin Ward aeaf5075bf Custom errors for when Email is invalid via SSO 2017-03-21 15:23:38 -04:00
Robin Ward 52d78294cc Render a layout when there's an SSO error 2017-03-21 15:23:38 -04:00
Arpit Jalan 801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Arpit Jalan 090236b15b FIX: do not show about page to anonymous users for private forums 2017-03-08 13:15:44 +05:30
Neil Lalonde ca20cb9941 FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list 2017-03-02 15:06:56 -05:00
Neil Lalonde 7496f373cd add headline itemprop to DiscussionForumPosting for crawlers 2017-03-02 12:35:50 -05:00
Blake Erickson 80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Guo Xiang Tan 0e8c849572 UX: "See more" on not found page should redirect to /top. 2017-02-27 13:33:19 +08:00
Arpit Jalan 068ce19ae2 FEATURE: linked topics should be rendered under posts for crawlers 2017-02-21 12:43:24 +05:30
Neil Lalonde aa2c527c60 Remove "From" from every post in Popular Posts section of summary emails 2017-02-20 11:04:12 -05:00
Neil Lalonde d0fbb27f3e FEATURE: new invite acceptance page, where username can be chosen and password can be set 2017-02-15 16:51:57 -05:00
Sam 07b9c351a4 Merge pull request #4705 from vinothkannans/dev
new: server plugin outlet for indexable robots.txt
2017-02-13 11:18:51 -05:00
Vinoth Kannan 08c14dd689 new: server plugin outlet for indexable robots.txt 2017-02-13 17:31:10 +05:30
Vinoth Kannan 1b43c209eb 'Article' to 'DiscussionForumPosting' schema type
topic => https://meta.discourse.org/t/invalid-article-schema/57037
Replacing '[Article](https://schema.org/Article)' schema type with '[DiscussionForumPosting](https://schema.org/DiscussionForumPosting)'
2017-02-11 18:44:40 +05:30
Neil Lalonde a5dfcddc6c FIX: crawler view of paginated content should have link elements in head for next and previous pages 2017-02-07 16:11:12 -05:00
Neil Lalonde ece979efd1 add tags to webcrawler view of a topic in an ItemList 2017-02-06 18:12:48 -05:00
Neil Lalonde c4e10f2a9d FEATURE: redesign the change password page to use javascript and validations 2017-02-03 16:09:24 -05:00
Neil Lalonde ae671355da FIX: add /tags routes to robots.txt 2017-02-03 11:57:00 -05:00
Arpit Jalan 9dd09e453b FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
cpradio d0a3dc10d8 FIX: RSS Language should use a dash/hypen instead of underscore 2017-01-14 14:24:21 -05:00
Neil Lalonde d9146de080 FIX: an image can be shown twice in summary emails 2017-01-09 13:27:43 -05:00