3840c50083
Fix logster not ignoring CSRF warnings.
2017-09-25 13:48:59 +08:00
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
7d350d0d75
Revert plugin js changes ( #5139 )
...
* Revert "Add disabled_plugins to preloadstore for login_required anonymous users (#5134 )"
This reverts commit b840170f8d#5103 )"
This reverts commit a14ab48829
2017-09-07 15:15:29 +02:00
a14ab48829
Do not load javascripts for disabled plugins ( #5103 )
...
* Do not load javascript for disabled plugins
* Appease rubocop
2017-09-06 10:06:47 +02:00
9bc3038728
Fix Redis command errors when trying to start app with a readonly Redis.
2017-08-02 21:33:56 +09:00
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
0ba39109a0
FIX: Make `omit_default_port` the global default
2017-06-30 12:43:26 -04:00
7ea288140d
Allow multiple host when restricting Sidekiq queues.
2017-06-19 14:45:51 +09:00
6729f032b0
Typofix in Onebox user_agent
2017-05-24 14:36:02 -04:00
8bc93c0b01
FEATURE: Add custom User-Agent to Discourse Oneboxes
2017-05-24 12:19:36 -04:00
35bb4ae995
FIX: wizard was not showing up if more than 1 system user
2017-05-23 11:09:50 -04:00
4c690f7089
Use `FinalDestination` to ensure public redirects for onebox
2017-05-22 16:42:49 -04:00
e7c2ad41ca
Move discourse dev data out of tmp
...
Fix watch for restart so it works with puma
2017-05-18 11:36:24 -04:00
f028d6cd52
Missed a spot when removing Sidekiq::Statistic.
2017-04-26 15:53:11 +08:00
f499180bb3
Add ENV variable to only allow Sidekiq scheduler to run on a particular host.
2017-04-26 14:13:26 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
66a7b0c30b
FIX: Add web hook `DiscourseEvent`s in initializer.
2017-04-12 11:55:49 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
0f1495e64e
FIX: also add Discourse-Visible to allowed headers for message bus
2017-03-06 16:00:37 -05:00
f9aae7af6a
FIX: add Discourse-Visible to CORS allowed headers for sites that use a proxy
2017-03-06 14:41:57 -05:00
954d75f81c
FIX: CORS middleware needs to happen earlier than AnonymousCache middleware
2017-03-06 12:25:12 -05:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
a898d6a02a
FIX: silence and quiet logger not thread safe
...
This caused info/warning to be consistently missing
in dev mode when using puma
2017-01-31 15:44:46 -05:00
b8441fba27
Merge pull request #4546 from tgxworld/fix_postgresql_failover
...
Fix postgresql failover
2016-11-30 09:36:52 +01:00
3bec128f5f
DEV: add warning if force_https in dev
2016-11-25 11:35:29 +11:00
759feef3f0
FIX: No loggers may have been chained.
2016-11-17 13:52:08 +08:00
9848e26190
FIX: force secure cookies on session if force https is enabled
2016-10-27 15:15:58 +11:00
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
596fcfeb58
FIX: Set formatter for original Rails logger.
2016-09-15 23:51:22 +08:00
50379183e1
FIX: allow the Dont-Chunk header for remote message bus access
2016-08-31 12:57:19 +10:00
bb5dc839a0
extend existing log suppression for empty JS errors
2016-08-29 00:47:11 -07:00
6fd3ebb253
don't log any JavaScript "errors" from IE 9
2016-08-29 00:35:01 -07:00
4fe52c8cbe
FEATURE: backend support for pushing notifications to clients
2016-08-26 12:47:10 +10:00
846a08d3c7
FIX: improve error results for message bus failures
2016-08-25 15:39:39 +10:00
dc2dae2cc4
FIX: Logs notice was not displaying the right Date.
2016-08-02 12:40:28 +08:00
0ffe8402a9
FIX: SiteSettings not avaliable in initializers on dev env.
2016-07-04 11:15:29 +08:00
42ce59d257
Partially revert https://github.com/discourse/discourse/commit/09b92dd3 .
2016-07-01 01:28:49 +08:00
8db3ab5f2a
Merge pull request #4292 from tgxworld/rename_use_https_to_force_https
...
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:17:57 +08:00
20359788dc
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:02:43 +08:00
09b92dd345
Bump minimum Ruby version to 2.3.
2016-06-10 11:40:42 +08:00
8b5dfeb18f
ignore a few more common meaningless JS errs
2016-06-09 16:38:46 -07:00
256d7a00e9
Update sprockets. ( #4167 )
...
* Update sass-rails.
* FIX: Tilt dependency has been removed from Ember::Handlebars::Template.
* Update `DiscourseIIFE` to new Sprockets API.
* `Rails.application.assets` returns `nil` in production.
* Move sprockets-rails out of the assets group.
* Pin ember-rails to 0.18.5 which works with Sprockets 3.x.
* Update sprockets to 3.6.0.
* Make `DiscourseSassCompiler` work with Sprockets 3.
* Use `Sass::Rails::SassImporterGlobbing` instead of haxxing our own.
* Moneky patch so that we don't add dependencies for our custom css.
* FIX: Missing class.
* Upgrade ember-handlebars-template.
* FIX: require path needs to share the same root as the folder's path.
* Bump discourse-qunit-rails.
* Update ember-template-compiler.js to 1.12.2.
* `prepend` is private in Ruby 2.0.0.
2016-04-18 10:47:52 +08:00
3e5f2bd1cf
FIX: replace reference to Google_oauth2 with Google during signup
2016-03-29 18:08:55 -04:00
e407ef9d0e
FIX: Also support `nil` values for the site settings
2016-03-24 11:14:17 -04:00
b270e0142b
FIX: If site settings are missing don't do anything
2016-03-24 11:12:54 -04:00
5dc5767851
FIX: Assigning wrong value to variable.
2016-03-21 15:18:31 +08:00
54bdcd9b98
Update to new rate limit Redis config.
2016-03-21 14:00:50 +08:00
1c19548e30
Merge pull request #4094 from fantasticfears/omniauth-config
...
FIX: redirect output omniauth log to Rails logger instead of stdout
2016-03-19 18:03:16 +01:00
7df33ca287
FIX: redirect output omniauth log to Rails logger instead of stdout
2016-03-19 13:17:13 +01:00
40d6f062f7
clarify why block all mobile/tablet for miniprofiler
2016-03-15 16:54:40 -07:00
d052f1746c
add support for other Nexus devices as "mobile"
2016-03-15 16:46:46 -07:00
90fde5053d
FIX: Load Redis patch much earlier.
2016-03-11 17:29:00 +08:00
c07c474575
FEATURE: Master-Slave Redis configuration with fallback and switch over.
2016-03-11 12:18:58 +08:00
b49e0e0f4a
FIX: add path to cookie on subfolder installs
2016-03-07 13:40:21 -05:00
f32f0d6337
Merge pull request #4017 from tgxworld/add_admin_banner_for_logster
...
FEATURE: Admin Banner when Logster logs is getting flooded.
2016-03-02 23:44:56 +08:00
fdd6920ae7
FEATURE: Admin Banner when Logster logs is getting flooded.
2016-03-02 22:03:16 +08:00
b500f35d14
Ignore `ActionController::UnknownHttpMethod` error in logs.
2016-02-24 12:58:23 +08:00
209b022385
PERF: cut down on memory usage allowed to redis
...
This limits the amount of backlog message bus channels can have.
2016-02-04 13:58:38 +11:00
737c606710
FIX: 'cancel_scheduled_job' wasn't working due to sidekiq upgrade
2016-01-13 09:08:26 +01:00
e451d47e84
Revert "PERF: send Content-Length from Rails on all requests"
...
This reverts commit ea0e238ae1
2016-01-08 11:36:32 +11:00
ea0e238ae1
PERF: send Content-Length from Rails on all requests
2016-01-07 21:15:55 +11:00
77f4461c51
we need to bypass this in dev
2015-12-09 16:41:09 +11:00
65edbb609c
Revert "Revert message bus upgrade"
...
This reverts commit 47e718f5b2
2015-12-09 11:48:41 +11:00
47e718f5b2
Revert message bus upgrade
2015-12-09 11:45:11 +11:00
d8795a5345
FIX: missing site id lookup causing message bus cross talk in multisite
2015-12-09 07:55:43 +11:00
2cc95af69b
Revert "REVERT: message bus changes"
...
This reverts commit 4820d5c7b0
2015-12-09 07:36:36 +11:00
4820d5c7b0
REVERT: message bus changes
2015-12-08 15:32:31 -05:00
c866d5b42d
Revert "Revert "PERF: move message bus to the front of the middleware stack""
...
This reverts commit cd1dd18f01
2015-12-08 07:11:28 +11:00
cd1dd18f01
Revert "PERF: move message bus to the front of the middleware stack"
...
I suspect this commit is preventing Sidekiq from running inprocess.
2015-12-07 14:57:23 -05:00
c04bcf8655
PERF: move message bus to the front of the middleware stack
...
Organise all initializers so they are properly ordered and use the same naming scheme
2015-12-07 14:51:24 +11:00
5e93140f85
FEATURE: Can override any translation via an admin interface
2015-11-27 11:35:19 -05:00
e168c5fde3
PERF: Much more performant, multisite aware I18n overrides
2015-11-19 16:36:59 -05:00
1be4b6a8f5
Refresh I18n customizations on change
2015-11-17 16:15:09 -05:00
3720783c1b
Refactor to our own Discourse I18n backend
...
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
08ee367210
FIX: no keepalive tests for rake tasks, shell could be stalling threads
2015-09-29 10:17:56 +10:00
233bf9bc24
Always use locale fallback on server
2015-09-13 17:24:15 +02:00
6119d9fdc0
FIX: Fallbacks for missing interpolation arguments
...
This takes effect when an interpolation is removed from a translation in
a Discourse update.
The I18n::Backend::Fallbacks loops with a catch(:exception), so calling
throw(:exception) will cause it to use the next locale, until it reaches
English which is assumed to be correct.
Also, enable fallbacks in everything except development (#3724 for more
discussion) - we should be able to test this
2015-09-11 09:39:40 -07:00
25fb684565
ensure statistic collection is on
2015-09-03 12:00:19 +10:00
2c59ad3dd3
FIX: favicon update broken when favicon lived on a CDN
2015-08-25 11:54:23 +10:00
d74d5c47ad
FIX: admin not getting updates for topics in secure groups
...
(only where admin is missing explicit permissions)
2015-08-25 09:25:39 +10:00
2203a4147d
add some extra diagnostics
2015-08-19 16:58:25 +10:00
82a6176b08
lower the volume on failed to pull hotlinked image
...
add more diagnostics
2015-08-19 12:32:45 +10:00
b703af3d37
Skip 403 forbidden as well
2015-08-18 17:48:54 +10:00
f1398f0650
another hotlinked image whitelist
2015-08-18 17:41:39 +10:00
45adeacd45
ignore empty script errors, line 0 gives us nothing.
2015-08-18 17:06:07 +10:00
ffe06fbcb5
whitelist 404 pull hotlinked image
2015-08-18 17:06:07 +10:00
f06137003b
logster needs application version
2015-08-17 16:54:44 +10:00
c711c06bb8
FIX: stop double reporting errors that were already reported
2015-08-14 12:51:23 +10:00
9911e92e24
Merge pull request #3609 from riking/patch-7
...
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
d7e7ae33ea
FIX: IE9 and 10 were getting white screen, due to ES6 usage
2015-07-17 12:43:45 +10:00
650eb86a74
Disable in development (server)
2015-07-15 10:17:36 -07:00
ecfa17b5a7
FEATURE: Localization fallbacks (server-side)
...
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.
The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
e516036492
correct broken specs
2015-07-09 17:05:15 +10:00
8252f4e110
FEATURE: allow use of redis sentinel via redis_sentinels
...
Use: DISCOURSE_REDIS_SENTINELS and DISCOURSE_REDIS_HOST to configure redis
sentinel
2015-06-25 16:51:48 +10:00
57e82ceac7
PERF: production assets not minified
...
source url post processor forcing all scripts into an eval,
minifier can not minify such files
2015-06-11 16:41:39 +10:00
9b489506d0
update memory profiler, oj and lru redux
2015-06-05 01:39:38 +10:00
3f24e18df0
stop logging badrequest, its just bad urls entered
2015-05-27 13:46:15 +10:00
f26fef4340
silence ar not found
2015-05-19 09:32:27 +10:00
60aa52b753
Enable CORS requests to pass necessary headers.
...
To fully enable session deletion over CORS we need support for passing the
`X-Requested-With` header so that these requests can pass the `check-xhr` filter.
I also allowed the `X-CSRF-Token` to enable the alternative CSRF passing syntax.
2015-05-14 09:46:41 -07:00
963b08f063
Allow OPTIONS requests when CORS is enabled
2015-05-14 11:14:47 -04:00
d6c06eb547
Get rid of CSRF errors
2015-05-07 10:42:21 +10:00
cea9cfe49f
remove alihack
2015-05-06 16:59:41 +10:00
2f82caafa2
Add ignore for another type of not found
2015-05-06 16:21:59 +10:00
c96a057395
ignore routing errors on multisite
2015-05-06 12:47:30 +10:00
19e5304813
add hostname to fake env
2015-05-06 12:28:32 +10:00
f58d85edea
FEATURE: move stylesheet cache out of the uploads directory
2015-05-05 15:50:13 +10:00
0369f26a39
add some ignores
2015-05-04 16:12:03 +10:00
803feefd54
MessageBus handles readonly redis now, no need to wrap it
2015-05-04 12:21:00 +10:00
439d0d2e37
Check Rails.version instead of ENV
...
Like that we can have code that works on multiple Rails versions, and we
dont need to mix a new method on Kernel.
Also, this makes easier to have multiple versions.
For instance, before master was 4.2, which is not the case anymore, so
on the code we should check versions and not Environment variables
2015-04-28 22:27:47 -04:00
5b3f99aa50
Don't blow up if Redis switches to READONLY
2015-04-24 14:37:16 -04:00
0c11b4c707
timings is a POST
2015-04-17 12:49:55 +10:00
2599b94920
ignore uploads for mini profiler
2015-04-17 12:16:37 +10:00
788b66e4a3
Update SourceURL to work better
2015-04-16 16:51:49 -04:00
2d9d60e9a2
we don't need oobgc in ruby 2.2, disable for now
2015-04-08 15:24:17 +10:00
a0369855b9
FIX: subfolder offsite message bus was not returning wrong header
2015-03-18 09:10:35 +11:00
a82530012a
FEATURE: Allow selection of highlight js languages
...
PERF: stop loading highlight js on load
To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
31ca464c31
We define `console.log` as an empty function for old browsers now
2015-03-09 14:51:37 -04:00
d4d5f739ea
get rid of deprecation
2015-03-09 13:14:29 +11:00
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
6960639c58
Merge pull request #3190 from riking/thrown_logging
...
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
cdef67667a
PERF: allow background jobs to flush between requests in same thread
2015-02-17 09:58:43 +11:00
5657006aca
Rename handle_exception to handle_job_exception
2015-02-09 12:47:46 -08:00
a7cb93a5c3
FEATURE: failsafe, in multisite if a site is bad still boot up
2015-02-09 18:31:05 +11:00
63404b16bb
FIX: on upgrade via discourse docker client json not updating
2015-02-09 17:58:56 +11:00
820ce8765e
refactor traffic report
...
split traffic report in 2, page view vs raw traffic
hide raw traffic report by default
improve flushing logic for application reqs
2015-02-06 14:39:16 +11:00
08b790b3c2
improve metrics gathered using in our traffic section
...
this also pulls out the middleware into its own home and inserts in front
2015-02-05 16:08:52 +11:00
dae39b5b71
missed closing paren
2015-01-19 01:29:02 -08:00
4cb6606e8c
block some more dumb trackback spam from logging
2015-01-19 01:19:34 -08:00
a2e77d8bf4
better regex JS err suppression for Logster
2015-01-16 23:30:06 -08:00
18215f90d0
more flexible regex to block empty JS Logster errors
2015-01-16 17:36:18 -08:00
77ae0b4f7f
block empty JS errors from Logster
2015-01-16 17:28:50 -08:00
ef62933034
Ruby 2.2 fixes
2014-12-29 13:31:15 +11:00
2535e22151
stop logging csrf errors for API
2014-12-12 08:00:22 +11:00
23ad68678e
rails master fixes
2014-11-11 12:58:56 +11:00
b1a0cd417d
Avoid a deprecation warning by poly-filling #deliver_now and #deliver_now
2014-11-10 01:05:46 -08:00
aa9b3bb35a
FEATURE: allow long polling to go to a different url
...
Added the site setting long_polling_base_url , this allows you
to farm long polling to a different server.
This setting is very important if a CDN is serving dynamic content.
2014-10-24 13:38:38 +11:00
f88075cbba
FEATURE: CORS settings per-site in a multisite env
2014-10-15 15:20:39 -04:00
5e0623d1e5
FEATURE: airbrake dependency removed, can be added via a plugin if needed
2014-09-25 10:30:29 +10:00
492aca05c2
FIX: authorized callback deprecated
2014-08-22 11:05:20 +10:00
e291138cf1
Unknown format is not interesting
2014-08-18 13:10:22 +10:00
f897c89d48
FIX: run reaper after fork
2014-08-11 17:51:55 +10:00
9ceb0556bc
PERF: add connection pool drainer to keep connection counts down
2014-08-11 16:48:10 +10:00
44d45c6eda
FIX: logster update, enable ignore patterns
2014-08-07 10:30:12 +10:00
562d2e0c86
TEMP: comment out logster ignore patterns
2014-08-06 14:50:48 +02:00
3cab3acd60
FIX: stop logging way too much information
2014-08-05 16:14:28 +10:00
2f30ce79c8
Add Access-Control-Allow-Credentials to the CORS headers.
2014-07-30 02:36:30 +05:30
1c25f00615
Fix build
2014-07-29 12:47:26 +10:00
400bbb57fe
Suppress trackback CSRF errors from Logster
2014-07-25 12:43:57 -07:00
46c406360d
FIX: cors setting was broken
...
Some days I wonder why we bother taking a whole gem
dependency when 10 lines of code does the job right
2014-07-23 17:04:09 +10:00
Guo Xiang Tan
David Taylor
Guo Xiang Tan
Robin Ward
Felix Freiberger
Sam
Neil Lalonde
Jeff Atwood
Régis Hanol
Erick Guan
Gerhard Schlager
Kane York
Aaron Boushley
Arthur Neves
Godfrey Chan
Vikhyat Korrapati