Commit Graph

14 Commits

Author SHA1 Message Date
Bianca Nenciu ccb345bd88
FEATURE: Update topic/comment embedding parameters (#20181)
This commit implements many changes to topic and comments embedding. It
deprecates the class_name field from EmbeddableHost and suggests using
the className parameter. discourse_username parameter has been
deprecated and it will fetch it from embedded site from the author or
discourse-username meta.

See the updated code sample from Admin > Customize > Embedding page.

* FEATURE: Add className parameter for Discourse embed

* DEV: Hide class_name from EmbeddableHost

* DEV: Deprecate class_name field of EmbeddableHost

* FEATURE: Use either author or discourse-username meta tag

* DEV: Deprecate discourse_username parameter

* DEV: Improve embed code sample
2023-02-28 14:31:59 +02:00
Jarek Radosz 057d6b406d
DEV: Extensively use `includes()` (#17541)
Also, the change in insert-hyperlink (from `this.linkUrl.indexOf("http") === -1` to `!this.linkUrl.startsWith("http")`) was intentional fix: we don't want to prevent users from looking up topics with http in their titles.
2022-07-17 20:48:36 +02:00
Jarek Radosz 5f7163b5bb
DEV: Extensively use `startsWith()` (#17540) 2022-07-17 20:16:39 +02:00
Robin Ward 4669e60ce5 FEATURE: Use "no-referrer-when-downgrade" as our embed policy
This allows our iframes to pass through the proper referer so that
embedding continues to work in modern browsers with different security
models.
2020-10-16 13:23:06 -04:00
Arpit Jalan feff8b7425 Revert "FIX: lower case URLs before comparing for embedding comments"
This reverts commit 6ea040dd5f.
2020-01-23 20:36:05 +05:30
Gina Haeussge f0fc38418c FEATURE: Support referrerPolicy on embed iframe
This commit adds a new property "discourseReferrerPolicy" to the
set of supported configuration properties for the comment embed
script. If provided the value will be used to set the "referrerPolicy"
attribute on the iframe created to display the comments. This in turn
will allow embedding pages to define a more lenient referer policy on
the embed iframe for pages whose default policy is so strict it
keeps the comment embed from working.

Example:

  * Setup:
    * Discourse hosted at discourse.example.com
    * Comments embedded at example.com
    * Referrer-Policy at example.com set to 'same-origin'
  * Without this commit:
    * Loading the comments fails due to the referer being empty
  * With this commit and no adjusted configuration:
    * Loading the comments fails due to the referer being empty
      (= same behaviour as without the commit)
  * With this commit and DiscourseEmbed.discourseReferrerPolicy =
    'no-referrer-when-downgrade' as additional configuration:
    * Loading the comments succeeds

Note that this change is of special interest for embedding pages
wanting to restrict data flows under the terms of the GDPR since
it allows selectively whitelisting comment embeds while preventing
referer leaking by default.
2018-06-25 14:59:34 +10:00
Robin Ward c40d8d37dd Put an error in the console if the discourseEmbedUrl is relative 2017-02-13 11:18:24 -05:00
Arpit Jalan 6ea040dd5f FIX: lower case URLs before comparing for embedding comments 2016-10-13 00:35:51 +05:30
Robin Ward 7a01d575c2
FIX: Make embeddable discourse more forgiving with https 2016-04-26 15:03:44 -04:00
Robin Ward ae277e28a6 FEATURE: Allow embedding topics without creating them, by id 2015-06-09 16:24:20 -04:00
Justin Leveck a78df3d57d Add custom embed_by_username feature
Feature to allow each imported post to be created using a different discourse
username. A possible use case of this is a multi-author blog where discourse
is being used to track comments. This feature allows authors to receive
updates when someone leaves a comment on one of their articles because each of
the imported posts can be created using the discourse username of the author.
2014-06-09 12:35:38 -07:00
Robin Ward c762e3c4b1 Support for scrolling to another post in the iframe; more complicated than you'd think! 2014-01-03 14:45:59 -05:00
Robin Ward 1ffcf39448 Make embedded comments look nicer 2014-01-03 12:52:42 -05:00
Robin Ward 5621a64579 Move embed.js to public 2013-12-31 18:01:09 -05:00