Commit Graph

57171 Commits

Author SHA1 Message Date
Michael Brown db6e9def34
FIX: repeat the proxy_set_header lines in the @discourse block
My previous understanding of this was incomplete: `proxy_set_header` only has
an effect when proxy_pass is *directly* used.

In our nginx configuration file, we have two paths to get from the `location /` main block to the upstream:

1: `location /` → `proxy_pass http://discourse` → `upstream discourse`
2: `location /` → `try_files @discourse` → `proxy_pass http://discourse` → `upstream discourse`

In the first case, the `proxy_set_header` directives from the `location /` block
(or one of its sub-blocks) takes effect and the headers are set as expected.

In the second case, the `proxy_set_header` directives from the `location /`
block are *not used* since `proxy_pass` was not used from that location.

Only the `proxy_set_header` directives from the `location @discourse` block are
considered since that is the configuration block that calls `proxy_pass`
2024-12-19 17:14:00 -05:00
Michael Brown e66df3a202
Revert "FIX: Simplify nginx config change (#30383)"
This reverts commit b6002881e7.
2024-12-19 16:22:26 -05:00
Sam efa50a4da2
FEATURE: ThreadPool implementation (#30364)
This commit introduces a new ThreadPool class that provides efficient worker
thread management for background tasks. Key features include:

- Dynamic scaling from min to max threads based on workload
- Proper database connection management in multisite setup
- Graceful shutdown with task completion
- Robust error handling and logging
- FIFO task processing with a managed queue
- Configurable idle timeout for worker threads

The implementation is thoroughly tested, including stress tests, error
scenarios, and multisite compatibility.
2024-12-20 07:37:12 +11:00
Kris 2a3f0f3bef
UX: refactor IP lookup using DMenu to improve layout and positioning (#30374) 2024-12-19 14:49:36 -05:00
Penar Musaraj 6873962572
DEV: Fix flakey spec (#30382) 2024-12-19 14:19:34 -05:00
David Taylor b6002881e7
FIX: Simplify nginx config change (#30383)
The security fix in 15b43a2 also introduced some unrelated refactoring to the file, which seems to be causing issues in some environments. This commit reverts the refactoring, and applies the security fix to each block individually.
2024-12-19 19:10:00 +00:00
Sérgio Saquetim 9618075b9c
DEV: Remove the deprecation of `includePostAttributes` (#30381) 2024-12-19 15:28:01 -03:00
David Taylor d2979997e9
DEV: Introduce new 'glimmer topic list mode' site setting (#30375)
This replaces the previous group-based site setting
2024-12-19 17:38:35 +00:00
Jarek Radosz 32ab4449a5
DEV: Update ember-qunit to 9.0.1 (#30358)
ember-qunit no longer uses ember-cli-test-loader

relevant files:
https://github.com/emberjs/ember-qunit/blob/main/addon/src/test-loader.js
https://github.com/ember-cli/ember-exam/blob/main/addon-test-support/-private/ember-exam-test-loader.js

<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/emberjs/ember-qunit/releases">ember-qunit's releases</a>.</em></p>
<blockquote>
<h2>Release 9.0.1</h2>
<h4>🐛 Bug Fix</h4>
<ul>
<li><a href="https://redirect.github.com/emberjs/ember-qunit/pull/1183">#1183</a> Export TestLoader (<a href="https://github.com/ef4"><code>@​ef4</code></a>)</li>
</ul>
<h4>Committers: 1</h4>
<ul>
<li>Edward Faulkner (<a href="https://github.com/ef4"><code>@​ef4</code></a>)</li>
</ul>
<h2>Release 9.0.0</h2>
<h4>💥 Breaking Change</h4>
<ul>
<li><a href="https://redirect.github.com/emberjs/ember-qunit/pull/1182">#1182</a> Require explicit calls to loadTests and setupEmberOnerrorValidation (<a href="https://github.com/ef4"><code>@​ef4</code></a>)</li>
</ul>
<h4>🏠 Internal</h4>
<ul>
<li><a href="https://redirect.github.com/emberjs/ember-qunit/pull/1181">#1181</a> Remove unused babel plugins (<a href="https://github.com/ef4"><code>@​ef4</code></a>)</li>
</ul>
<h4>Committers: 1</h4>
<ul>
<li>Edward Faulkner (<a href="https://github.com/ef4"><code>@​ef4</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="48779a91ac"><code>48779a9</code></a> Release 9.0.1</li>
<li><a href="a70adfdf58"><code>a70adfd</code></a> Merge pull request <a href="https://redirect.github.com/emberjs/ember-qunit/issues/1183">#1183</a> from emberjs/export-test-loader</li>
<li><a href="25e2a6f4b3"><code>25e2a6f</code></a> Export TestLoader</li>
<li><a href="a039eda038"><code>a039eda</code></a> Release 9.0.0</li>
<li><a href="18d5ca9543"><code>18d5ca9</code></a> Merge pull request <a href="https://redirect.github.com/emberjs/ember-qunit/issues/1182">#1182</a> from emberjs/isolate-test-loading</li>
<li><a href="e4a9efd750"><code>e4a9efd</code></a> fix missing type</li>
<li><a href="634761bc1e"><code>634761b</code></a> separate onerror validation too</li>
<li><a href="d716b61cfd"><code>d716b61</code></a> Separate test loading from start</li>
<li><a href="3428b769dc"><code>3428b76</code></a> Inline ember-cli-test-loader implementation</li>
<li><a href="da520e0684"><code>da520e0</code></a> Merge pull request <a href="https://redirect.github.com/emberjs/ember-qunit/issues/1181">#1181</a> from emberjs/unused-babel-plugins</li>
<li>Additional commits viewable in <a href="https://github.com/emberjs/ember-qunit/compare/v8.1.1...v9.0.1">compare view</a></li>
</ul>
</details>
<br />
2024-12-19 18:38:29 +01:00
Keegan George d886c55f63
DEV: Reusable post-list component (#30312)
This update adds a  _new_ `<PostList />` component, along with it's child components (`<PostListItem/>` and `<PostListItemDetails />`). This new generic component can be used to show a list of posts.

It can be used like so:
```js
/**
 * A component that renders a list of posts
 *
 * @component PostList
 *
 * @args {Array<Object>} posts - The array of post objects to display
 * @args {Function} fetchMorePosts - A function that fetches more posts. Must return a Promise that resolves to an array of new posts.
 * @args {String} emptyText (optional) - Custom text to display when there are no posts
 * @args {String|Array} additionalItemClasses (optional) - Additional classes to add to each post list item
 * @args {String} titleAriaLabel (optional) - Custom Aria label for the post title
 * 
*/
```
```hbs
<PostList
    @posts={{this.posts}}
    @fetchMorePosts={{this.loadMorePosts}}
    @emptyText={{i18n "custom_identifier.empty"}}
    @additionalItemClasses="custom-class"
 />
```
2024-12-19 09:20:25 -08:00
= 6cd964306f Bump version to v3.4.0.beta4-dev 2024-12-19 13:22:05 -03:00
= bc4ab613ce Bump version to v3.4.0.beta3 2024-12-19 13:22:04 -03:00
Blake Erickson 17bdffc900 SECURITY: When enabled only allow Discourse Connect logins
If Discourse Connect is enabled no other methods for account creation or
authentication should be allowed.
2024-12-19 13:13:23 -03:00
Nat 15b43a205b SECURITY: Scrub headers to prevent access to files via nginx 2024-12-19 13:13:20 -03:00
Krzysztof Kotlarek 95564a3df2 SECURITY: Moderators cannot see user emails.
Unless `moderators_view_emails` SiteSetting is enabled, moderators should not be able to discover users’ emails.
2024-12-19 13:13:18 -03:00
Jarek Radosz 023b61ad22 SECURITY: Stored xss in image caption 2024-12-19 13:13:14 -03:00
Ella E. ddca2ca629
UX: Apply admin table to Automation settings page (#30341)
* UX: Apply admin table classes for consistent mobile styling on the automation page

* UX: Remove icon beside the automation page title

* DEV: Add status label to translations

* UX: Reorder the status and name when on mobile

* DEV: Add comment explaining tablet-specific status reorder

* DEV: Apply prettier
2024-12-19 05:07:14 -07:00
Jarek Radosz b2dc32f41c
FIX: An off-by-one error in glimmer topic list (#30372)
`findIndex` returns -1 when no element is found, but the `start` boundary can't be less than 0.
2024-12-19 13:02:41 +01:00
dependabot[bot] dc3379430d
Build(deps-dev): Bump test-prof from 1.4.2 to 1.4.3 (#30366)
Bumps [test-prof](https://github.com/test-prof/test-prof) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/test-prof/test-prof/releases)
- [Changelog](https://github.com/test-prof/test-prof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/test-prof/test-prof/compare/v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: test-prof
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 12:09:32 +01:00
dependabot[bot] 38a74c7810
Build(deps): Bump logger from 1.6.3 to 1.6.4 (#30367)
Bumps [logger](https://github.com/ruby/logger) from 1.6.3 to 1.6.4.
- [Release notes](https://github.com/ruby/logger/releases)
- [Commits](https://github.com/ruby/logger/compare/v1.6.3...v1.6.4)

---
updated-dependencies:
- dependency-name: logger
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 12:09:09 +01:00
Joffrey JAFFEUX 1f39ce87a5
DEV: removes caret from notifications-tracking on mobile (#30369)
We never want to show this caret on mobile.
2024-12-19 12:06:02 +01:00
Joffrey JAFFEUX 9ca8f706bf
DEV: fixes typo in notifications-tracking assertions (#30371) 2024-12-19 12:05:54 +01:00
Joffrey JAFFEUX bce0018163
DEV: correctly applies identifier do DModal used in DMenu (#30370)
A previous refactor used an incorrect path. This commit also adds a simple test to ensure this identifier is present.
2024-12-19 12:05:39 +01:00
dependabot[bot] 0a9ebbe1dd
Build(deps): Bump discourse-fonts from 0.0.11 to 0.0.12 (#30368)
Bumps [discourse-fonts](https://github.com/discourse/discourse-fonts) from 0.0.11 to 0.0.12.
- [Release notes](https://github.com/discourse/discourse-fonts/releases)
- [Commits](https://github.com/discourse/discourse-fonts/compare/v0.0.11...v0.0.12)

---
updated-dependencies:
- dependency-name: discourse-fonts
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 08:27:44 +00:00
Martin Brennan 553784f919
DEV: Delete AdminPageHeader and AdminPageSubheader components (#30337)
No longer needed because of https://github.com/discourse/discourse/pull/30146
and there are plugin PRs to remove other traces of it
2024-12-19 12:47:14 +10:00
Alan Guo Xiang Tan e4e5db57f0
DEV: Fix undefined method `check_email_sync_heartbeat` in unicorn conf (#30360)
This is a follow-up to 9812407f76
2024-12-19 10:10:11 +08:00
Kelv 74aeec8ea3
FIX: handle null this.model when checking if component is for current user in CanCheckEmailsHelper (#30359) 2024-12-19 09:54:43 +08:00
dependabot[bot] 07efdaa32a
Build(deps): Bump openssl from 3.2.0 to 3.2.1 (#30350)
Bumps [openssl](https://github.com/ruby/openssl) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/ruby/openssl/releases)
- [Changelog](https://github.com/ruby/openssl/blob/master/History.md)
- [Commits](https://github.com/ruby/openssl/compare/v3.2.0...v3.2.1)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-19 01:11:37 +01:00
Krzysztof Kotlarek fdb6634fa9
FEATURE: settings tab for permalinks (#30192)
Setting tab should be added to permalinks so admins do not need to have left `/permalinks`.

A new component called `AreaSetting` was added to avoid duplications and
simplify adding settings to other sections.
2024-12-19 10:40:34 +11:00
dependabot[bot] 4305b64460
Build(deps-dev): Bump puppeteer-core from 23.10.4 to 23.11.0 (#30356) 2024-12-18 23:24:29 +01:00
dependabot[bot] e4b82a3655
Build(deps-dev): Bump lefthook from 1.9.2 to 1.9.3 (#30357) 2024-12-18 23:24:18 +01:00
dependabot[bot] 5fa9abf17c
Build(deps): Bump discourse-fonts from 0.0.9 to 0.0.11 (#30351) 2024-12-18 23:23:36 +01:00
dependabot[bot] f86abe3d2c
Build(deps): Bump irb from 1.14.2 to 1.14.3 (#30352) 2024-12-18 23:23:01 +01:00
dependabot[bot] e863827982
Build(deps): Bump rdoc from 6.9.1 to 6.10.0 (#30348) 2024-12-18 23:22:39 +01:00
dependabot[bot] 3c5deca934
Build(deps): Bump json from 2.9.0 to 2.9.1 (#30349) 2024-12-18 23:22:16 +01:00
dependabot[bot] 58ac30d019
Build(deps): Bump google-protobuf from 4.29.1 to 4.29.2 (#30354) 2024-12-18 23:21:55 +01:00
dependabot[bot] e652108419
Build(deps): Bump psych from 5.2.1 to 5.2.2 (#30353) 2024-12-18 23:21:42 +01:00
Sérgio Saquetim a85cb9bee7
DEV: Deprecate `api.includePostAttributes` in favor of `api.addTrackedPostProperties` (#30345) 2024-12-18 16:36:31 -03:00
Jordan Vidrine b1ff38b748
UX: fix password mask on password reset (#30347) 2024-12-18 13:21:33 -06:00
Jordan Vidrine 29a596c667
UX: Adjust disclaimer font size (#30346) 2024-12-18 13:09:31 -06:00
Mark VanLandingham 5721c29429
DEV: Plugin modifier to skip enqueue PostCreator jobs on PostMove (#30344)
This allows plugins to skip the "posted" notifications for watching users, when posts get moved. The specs are kind of wild looking, as this unit tests a private method. This is difficult to isolate otherwise, with lots of trickery needed to make sure that this actually works.

I opted to unit test just this method instead.
2024-12-18 12:37:52 -06:00
Jordan Vidrine 4d0cbc08dc
UX: Improve balance on login & signup pages (#30330) 2024-12-18 12:31:35 -06:00
Régis Hanol 770a478fcc
UX: fix border around reply indicator (#30343)
On a narrow viewport on desktop, the margins above and below the "replying..." indicator were missing.

Internal - t/144612
2024-12-18 12:34:39 -05:00
Jarek Radosz 5747b910e6
FIX: Unpinning topics in glimmer topic list (#30342)
it's already handled by TopicStatus component (so one was undoing the other's toggle)
2024-12-18 15:55:02 +01:00
Kris 779fc74632
A11Y: show state change when post anchors are focused (#30334) 2024-12-18 09:41:33 -05:00
Discourse Translator Bot 1631c39391
Update translations (#30319) 2024-12-18 15:19:37 +01:00
David Taylor a254577688
PERF: Cache public extra-locales requests in nginx (#30340)
extra-locales bundles have unique digests in their URLs, and include an indefinite cache-control header. Therefore we should include them in the heavily-cached group of URLs in NGINX.
2024-12-18 13:59:27 +00:00
David Taylor 8f6c99df8c
DEV: Run prettier correctly for bundled-plugin test directories (#30338) 2024-12-18 12:02:28 +00:00
Jarek Radosz b2b0c462ba
DEV: Update content-tag to 3.1.0 (#30339) 2024-12-18 12:59:27 +01:00
dependabot[bot] 073c2098a1
Build(deps): Bump ace-builds from 1.36.5 to 1.37.0 (#30332)
Bumps [ace-builds](https://github.com/ajaxorg/ace-builds) from 1.36.5 to 1.37.0.
- [Release notes](https://github.com/ajaxorg/ace-builds/releases)
- [Changelog](https://github.com/ajaxorg/ace-builds/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ajaxorg/ace-builds/compare/v1.36.5...v1.37.0)

---
updated-dependencies:
- dependency-name: ace-builds
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-18 12:32:35 +01:00