Commit Graph

51 Commits

Author SHA1 Message Date
Robin Ward 53ab3dda5d
FIX: Embedded comments should only return regular posts (#11773)
There shoudln't be a situation where you'd want to see moderator actions
or small posts.
2021-01-21 12:47:03 -05:00
Daniel Waterworth 0b800d307f SECURITY: Bound the amount of work that embed#topics can do
This commit adds a hidden site setting that limits the maximum number of
topics that can be fetched at once via the embed controller.
2020-07-20 13:25:34 +01:00
Mark VanLandingham 66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Robin Ward 1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Arpit Jalan 3e37801d05 DEV: validate param value on /embed/topics 2019-09-04 13:31:46 +05:30
Arpit Jalan 111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Robin Ward b8f21ea962 FIX: Explicitly require `topic_query_params` 2019-08-15 13:54:52 -04:00
Robin Ward 23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Pat David 18de62b015 Add get_embeddable_css_class to assist multi-site embed styling
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Robin Ward 03bc6f70f9 Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
Arpit Jalan bfefda06f6 FIX: handle embed count when topic not found 2016-08-25 07:12:20 +05:30
Robin Ward c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Robin Ward 664f1913c8
FIX: Don't include hidden posts in embedded comments 2016-05-03 15:01:20 -04:00
Sam 7ee11b0508 more logging, add referer 2016-04-25 10:48:36 +10:00
Sam Davies b2f4659792 Pass discourse username to TopicRetriever from embed controller
When you specify `discourse_username` param on the embed URL, it should
translate to creating the post with that username.

This commit ensures that this is now the case.
2016-02-25 13:02:25 +00:00
Robin Ward e82145cbf9 Fix broken spec 2015-11-20 14:27:30 -05:00
Robin Ward 5056de1d8a FIX: Never show less than 0 replies when embedding 2015-11-20 13:06:00 -05:00
Jude Aakjaer 9cca510944 Add embed/info endpoint for TopicEmbed queries 2015-09-16 03:22:24 +00:00
Robin Ward d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Robin Ward ae277e28a6 FEATURE: Allow embedding topics without creating them, by id 2015-06-09 16:24:20 -04:00
Robin Ward 7b6d6b76eb FEATURE: Multiple embeddable hosts
- Also refactors two site settings components into one, with tests
2015-06-09 13:25:43 -04:00
Sam e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Arpit Jalan fc30b771cf FIX: reply count is off by one 2015-05-11 13:58:53 +05:30
Arpit Jalan 23fd16850a FIX: include youtube link in embedded comments 2015-05-01 18:34:45 +05:30
Sam 03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00
Robin Ward 42c7ad4670 FIX: build broke, also escaping issue on poster name 2014-06-18 17:47:31 -04:00
Robin Ward 60cb5ea6a9 FIX: If a user is deleted, don't break embedded comments for admins. 2014-06-18 17:39:36 -04:00
Robin Ward 6dd1880f1f FIX: More safety when displaying link counts on blogs 2014-05-20 15:20:33 -04:00
Robin Ward 6cd3796c39 FIX: Blog counts stopped working with additional security checks 2014-05-09 16:26:14 -04:00
Robin Ward 122f2a00cc Don't look for a JS format. IE11 seems to not request it even with a
`<script>` tag.
2014-04-14 12:16:08 -04:00
Robin Ward a4daafa026 Support trailing `/` when retrieving comment counts. 2014-03-20 15:22:49 -04:00
Robin Ward a963dd9081 Support `embeddable_host` values that contain a HTTP/HTTPs protocol 2014-02-12 15:56:06 -05:00
Robin Ward bcc7f3aba4 Support embedded link counts via `data-*` attribute 2014-01-13 13:37:55 -05:00
Robin Ward 488319a5d1 FIX: Don't store incoming links on embed 2014-01-13 12:58:53 -05:00
Robin Ward af3edfd5eb FEATURE: Show Reply count on blog index page when embedding 2014-01-13 12:47:41 -05:00
Robin Ward 25caec0e62 Change text at the bottom of embedded comments to be (x more replies) 2014-01-03 14:55:37 -05:00
Robin Ward 1ffcf39448 Make embedded comments look nicer 2014-01-03 12:52:42 -05:00
Robin Ward aefad6ae85 FIX: Broken test 2014-01-02 12:15:48 -05:00
Robin Ward 01be681a95 Link embeded topic to second post. They've already read the first. 2014-01-02 11:59:20 -05:00
Robin Ward 15faa01178 FIX: Missing variable 2014-01-02 11:55:58 -05:00
Robin Ward 1478f08e4f In development mode, relax restrictions on embedding. 2014-01-02 11:32:50 -05:00
Robin Ward 4f8aed295a FEATURE: Embeddable Discourse comments, now with simple-rss instead of feedzirra 2013-12-31 15:01:22 -05:00
Robin Ward 62db063e1e Revert "Support for Embeddable Comments via IFRAME" - it depends on Curl
which not every server has. Have to rethink this.

This reverts commit e3e4c62887.
2013-12-31 12:52:31 -05:00