Guo Xiang Tan
0972516abe
FIX: Incorrect "rel" used for apple icons in `<head>`.
...
Nothing on the web I can find suggests that this should have been `rel=icon`.
See https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
2018-11-26 10:40:09 +08:00
Joe
336436dfb4
UX: better handling of logo size
2018-11-23 22:04:42 +08:00
Joe
e2214b50f3
UX: add height attribute to logo on error pages
...
This matches what we do in the home-logo widget. The height is set as an attribute and we use CSS to get a scaled width that preserves the aspect ratio of the image.
2018-11-23 15:04:34 +08:00
Kyle Zhao
80398d0b8f
Extract inline JS on embedded comments ( #6645 )
...
* use the meta refresh tag instead
* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao
5f754b43f1
extract inline `onpopstate` handler on 404 page ( #6613 )
2018-11-15 13:35:38 -05:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
Joe
7707e42441
DEV: moves print-specific styles from internal style tag to external print sheet ( #6581 )
...
* DEV: removes internal styles from print view
* DEV: adds styles to print sheet
2018-11-13 14:45:55 +11:00
Sam
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
David Taylor
37fb8fc0e7
FIX: Do not display broken image on crawler/print view ( #6575 )
2018-11-07 22:28:45 +00:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Joe
4234058358
UX: don't show crawler navigation in print view ( #6551 )
...
* UX: adds CSS classes to crawler navigation links
* UX: hide crawler navigation in print view
2018-11-02 09:18:07 +11:00
Gerhard Schlager
733b8af47b
FIX: Uploads didn't work for subfolder anymore
2018-10-30 12:53:57 +01:00
Vinoth Kannan
92bf3c667e
FIX: Flash authentication data not rendered in latest iOS safari browser
2018-10-30 04:00:36 +05:30
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
Sam Saffron
abaa3f0650
FEATURE: add server:before-head-close-crawler outlet for plugins
...
This outlet allows plugins to inject html prior to closing head tag
2018-10-25 16:31:05 +11:00
Kris
c219a5fb1e
Add btn-default class to all default buttons ( #6521 )
2018-10-24 16:09:36 -04:00
Sam
4c8fe13500
FIX: remove code that restricted "header" theme field from admin
...
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion
Conditional is now removed
2018-10-15 17:29:10 +11:00
Robin Ward
c2add85e75
FIX: Typo, should be `authentication`
...
cc @xrav3nz
2018-10-11 14:58:46 -04:00
Kyle Zhao
acba7d2a5d
Extract `discourse_javascript.html.erb` to a scrip include
...
* extract omniauth auth complete inline JS
* extract Ember error logging inline JS
* transpile `authentication-complete`
This is CSP related work
2018-10-09 16:50:45 +11:00
Kyle Zhao
ab448ca8f3
extract client side `Discourse` setup inline JS ( #6409 )
2018-10-01 21:29:04 -07:00
Kyle Zhao
d0f660806d
FIX: close `data-preloaded` div tag
2018-10-01 15:24:27 +08:00
Kyle Zhao
819f090d6a
move large blobs out of `<head>` ( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
Kyle Zhao
f666d72606
extract inline JS for google tag manager
2018-09-17 09:56:00 +10:00
Kyle Zhao
38c70bfda2
extract inline JS for google analytics
2018-09-17 09:56:00 +10:00
OsamaSayegh
a4f057a589
UX: improvements to admin theme UI
2018-09-17 09:49:53 +10:00
Osama Sayegh
16bd3f2cf2
FIX: use current user color scheme when filling `theme-color` attribute ( #6384 )
...
* FIX: use current user color scheme when filling `meta` attribute `theme-color`
* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Guo Xiang Tan
a033327b93
Manage qunit via yarn.
2018-09-11 15:07:28 +08:00
Gerhard Schlager
2801376df5
FIX: Wizard didn't load translations correctly
...
* Translations from the js.* namespace were not found, because the i18n-patches were not loaded.
* The extra-locales didn't use a hash in the URL.
2018-09-05 15:14:09 +02:00
Neil Lalonde
ebe7835316
FIX: links in rss feeds are sometimes wrong on subfolder installs
2018-08-27 18:05:15 -04:00
Gerhard Schlager
bed34b52b5
UX: Blue "Resend Activation Email" button in wizzard
2018-08-21 22:18:08 +02:00
Gerhard Schlager
cc851af750
FIX: HTML lang attribute expects hyphen instead of underscore
2018-08-20 13:55:58 +02:00
Misaka 0x4e21
d4fd19d49a
UX: Replace Google search with Discourse search on not found page
...
* UX: Replace Google search with Discourse search on not found page.
* FIX: Update application_controller_spec.rb.
2018-08-15 11:53:04 +10:00
Neil Lalonde
71b65be6f6
SECURITY: prevent use of X-Forwarded-Host to perform XSS
2018-08-13 16:45:22 -04:00
Sam
7aef604f7d
regression, if there is not excerpt skip
2018-08-09 15:07:18 +10:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Sam
3f6ad65aec
FEATURE: include excerpt in HTML view for pinned topics
2018-08-08 11:15:49 +10:00
Neil Lalonde
4e6e4a83df
FIX: subfolder digest emails have incorrect URLs
2018-08-07 16:38:17 -04:00
Joffrey JAFFEUX
d494feaa32
FIX: should not be needed as we have itemprop='url'
2018-07-30 09:31:27 -04:00
Arpit Jalan
dfcb2a0d42
FEATURE: include published_time in metadata
2018-07-30 17:09:56 +05:30
Neil Lalonde
f4b5eccad3
FIX: categories page crawler view had incorrect URLs
2018-07-23 14:54:41 -04:00
OsamaSayegh
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Guo Xiang Tan
875008522d
FIX: `Discourse.S3BaseUrl` did not account for subfolder bucket names.
2018-07-06 15:53:57 +08:00
Guo Xiang Tan
73e30ff4c2
Revert "Rename s3 vars, change condition when displaying s3 uploads"
...
The new variables do not reflect that they represent S3 settings.
This reverts commit 24dfa1b657
.
2018-07-06 15:53:57 +08:00
Christoph Holtermann
68bfe0260a
Fix typo ( #6043 )
...
typo: state instead of status
2018-07-05 09:26:48 +08:00
Joffrey JAFFEUX
1772b56cda
FIX: minor micro data fixes
2018-06-29 13:41:04 +02:00
Maja Komel
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
Maja Komel
24dfa1b657
Rename s3 vars, change condition when displaying s3 uploads
2018-06-25 17:16:01 +02:00
Joffrey JAFFEUX
803968147c
FIX: ListItem can’t have itemprop=url and itemprop=item together
2018-06-25 14:12:55 +02:00
Christoph Holtermann
bed26ea0b3
fix indentation
2018-06-25 15:01:39 +10:00
Christoph Holtermann
a0af15d525
no redeclaring state
2018-06-25 15:01:39 +10:00
Christoph Holtermann
e874afaf31
read embed state info from data attribute
2018-06-25 15:01:39 +10:00
Christoph Holtermann
6eb0b310fe
add data attributes to reflect embed status
2018-06-25 15:01:39 +10:00
Christoph Holtermann
5914a3db20
Update embed.html.erb
...
Small fix
2018-06-25 15:01:39 +10:00
Christoph Holtermann
2244f19ff9
Update embed.html.erb
...
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00
Rafael dos Santos Silva
8fc08aad09
FEATURE: Update the webmanifest
...
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Joffrey JAFFEUX
276526e30e
FIX: improves micro data support
2018-06-13 23:20:48 +02:00
Angus McLeod
0997eb6486
Add theme stylesheet(s) to the crawler layout
2018-06-12 12:47:48 +10:00
Jeff Wong
4599cc8435
FIX: PM participants listed inline
2018-06-11 18:14:25 -07:00
Régis Hanol
0402e97368
FIX: redirect to sso_destination_url after account activation
2018-05-11 19:57:04 +02:00
Régis Hanol
6a006b3646
FIX: format posts for embedded comments as we do for emails
2018-05-09 19:24:44 +02:00
Arpit Jalan
83245aa508
FIX: better handling of invite links after they are redeemed
...
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Jeff Wong
62a8904729
Feature: Include participants at the bottom of PM emails ( #5797 )
...
* Feature: Include participants at the bottom of PM emails
... as undecorated links.
https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast
Fix: missing translation for PM mentions
* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Robin Ward
a5172a37e0
Allow staff members to enable safe mode, even if disabled
2018-04-25 11:49:57 -04:00
Robin Ward
fd14ee4797
FEATURE: Allow safe mode to be disabled
2018-04-24 11:03:33 -04:00
Sam
54d153068a
DEV: remove qunit rails fork and add a couple of async tests
2018-04-23 16:42:40 +10:00
Arpit Jalan
45cfb61af1
FIX: sanitize click track links
2018-04-17 12:35:16 +05:30
Robin Ward
3d7dbdedc0
FEATURE: An API to help sites build robots.txt files programatically
...
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Sam
223379e21a
per spec we need to repeat disallow paths per agent
2018-04-16 15:38:10 +10:00
Arpit Jalan
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
Régis Hanol
1a9271dd2f
add a warning in robots.txt when using subfolder
2018-04-12 00:00:15 +02:00
Régis Hanol
df7970a6f6
prefix the robots.txt rules with the directory when using subfolder
2018-04-11 22:05:02 +02:00
Sam
489c22d93c
FEATURE: Disallow tags and categories rss feeds
...
This stops crawlers from hitting tags and category rss feeds to discover
new content, instead they should focus on latest/posts if they need to
consume something regular
2018-04-11 14:36:10 +10:00
Sam
f40f10240c
FEATURE: remove topic rss from robots
...
Crawlers love hitting the rss feeds (confirmed that both Google and Bing do)
Experimenting with the impact of blocking these feeds and forcing Crawlers to hit
the content direct. It is better if they hit the actual page to start with as opposed to
1. Hit RSS feed
2. Find new content
3. Hit post link
4. Get canonical
5. Hit canonical
Lots of pointless work.
We do not know for sure what impact this will have on newsreader apps,
we will listen for feedback.
2018-04-11 11:57:52 +10:00
Jeff Wong
32f919ea34
Fix - service worker registrations
...
* register service workers in a development env
* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
Sam
3a7b696703
FEATURE: allow for setting crawl delay per user agent
...
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed
New site settings:
"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests
Not enforced server side yet
2018-04-06 10:15:23 +10:00
Neil Lalonde
b7ecdb72d6
FIX: update Google Tag Manager javascript
2018-04-03 14:22:06 -04:00
Arpit Jalan
5e4dd20795
Revert "Prevent robots from indexing uploads"
...
This reverts commit 0fd622e5d1
.
2018-04-02 21:29:29 +05:30
Neil Lalonde
c9216626d8
Merge pull request #5688 from discourse/fix-embed-comments-template-error
...
FIX: Make sure a post has replies before accessing the reply_id
2018-03-27 15:30:53 -04:00
Neil Lalonde
ced7e9a691
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-22 15:41:02 -04:00
scossar
f213dea529
Make sure a post has replies before accessing the reply id
2018-03-20 12:13:41 -07:00
Régis Hanol
89f5c90ce0
FIX: show an error page on click tracking error
2018-03-17 00:33:11 +01:00
Sam
8c1d145f0e
FIX: when visiting post on mobile it is not selected
2018-03-13 14:06:08 +11:00
Dan Nicholson
0fd622e5d1
Prevent robots from indexing uploads
...
Although most user uploads are probably harmless, it's possible someone
has (either maliciously or not) uploaded sensitive information. Prevent
robots from indexing the uploads route.
2018-03-09 05:51:55 -06:00
OsamaSayegh
282f53f0cd
FEATURE: Theme settings (2) ( #5611 )
...
Allows theme authors to specify custom theme settings for the theme.
Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam
e19ae6c55e
FEATURE: disallow groups from being indexed
2018-03-02 13:38:30 +11:00
Guo Xiang Tan
70f14da732
UX: Use 'tel' input type for 2FA token inputs.
2018-02-27 09:30:44 +08:00
Joffrey JAFFEUX
ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component
...
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
2018-02-26 11:42:57 +01:00
Guo Xiang Tan
a9699da672
UX: Specify pattern and maxlength for 2FA input fields.
2018-02-26 18:29:46 +08:00
Guo Xiang Tan
1f74509a75
FIX: 2FA prompt incorrectly displayed on admin login page.
2018-02-23 11:05:39 +08:00
Maja Komel
76a2fc3d07
UX: Add og metadata for groups.
...
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan
964624f3ab
FIX: No error displayed when 2FA token is invalid on admin login page.
2018-02-22 09:45:57 +08:00
Guo Xiang Tan
edf326a9a5
Fix incorrect translation.
2018-02-22 08:06:37 +08:00
Guo Xiang Tan
14f3594f9f
Review Changes for f4f8a293e7
.
2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7
FEATURE: Implement 2factor login TOTP
...
implemented review items.
Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator
add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests
add qunit tests - password reset, preferences
fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.
Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP
add two factor to email signin link
rate limit if second factor token present
add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan
7902296c11
Oops we should register a service worker as long as it is supported.
2018-02-15 15:02:14 +08:00
Guo Xiang Tan
28365f8ae5
PERF: Have nginx cache and serve the service worker file.
2018-02-15 10:50:39 +08:00
Erick Guan
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward
0776340b29
SECURITY: Prevent robots from indexing more routes
...
These routes could contain sensitive material and should never be
indexed for content.
2018-02-04 13:24:36 -05:00