discourse

Commit Graph

Author	SHA1	Message	Date
Penar Musaraj	e11c6ffa89	FEATURE: allow extending CSP base-uri and object-src Plus, ensure :none is stripped, it cannot be combined with other sources	2019-01-09 15:34:14 -05:00
Kyle Zhao	488fba3c5f	FEATURE: allow plugins and themes to extend the default CSP (#6704 ) * FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/\|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now	2018-11-30 09:51:45 -05:00
David Taylor	812add18bd	REFACTOR: Serve auth provider information in the site serializer. At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.	2018-08-06 09:25:48 +01:00
David Taylor	eda1462b3b	FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099 ) Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.	2018-07-23 16:51:57 +01:00
Gerhard Schlager	eb52c5469e	FEATURE: Allow plugins to register a new locale	2018-01-25 14:57:41 +01:00
Guo Xiang Tan	5012d46cbd	Add rubocop to our build. (#5004 )	2017-07-28 10:20:09 +09:00
Sam	6a1f579c6e	FIX: don't search for plugins in nested subdirectories	2017-05-16 17:28:56 -04:00
Sam	bb3725cfca	correct spec	2013-08-26 14:39:34 +10:00
Sam	160107a712	working plugin interface for custom openid auth, custom css and custom js	2013-08-01 16:02:43 +10:00

9 Commits