discourse

Commit Graph

Author	SHA1	Message	Date
David Taylor	c9dab6fd08	DEV: Automatically require 'rails_helper' in all specs (#16077 ) It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors. By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.	2022-03-01 17:50:50 +00:00
David Taylor	f45853676f	SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950 ) This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category. On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.	2021-11-15 15:50:12 +00:00

Author

SHA1

Message

Date

David Taylor

c9dab6fd08

DEV: Automatically require 'rails_helper' in all specs (#16077 )

It's very easy to forget to add `require 'rails_helper'` at the top of every core/plugin spec file, and omissions can cause some very confusing/sporadic errors.

By setting this flag in `.rspec`, we can remove the need for `require 'rails_helper'` entirely.

2022-03-01 17:50:50 +00:00

David Taylor

f45853676f

SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950 )

This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category.

On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.

2021-11-15 15:50:12 +00:00

2 Commits