Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-06 19:38:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests
History
Robin Ward 1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER 
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
..
admin
FIX: remote theme record not saved when checking for updates (#8054)
2019-08-30 00:32:54 +03:00
about_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
application_controller_spec.rb
FIX: apply defaults constraints to routes format (take 2) (#7920)
2019-07-23 20:17:44 +03:00
associate_accounts_spec.rb
SECURITY: Require POST with CSRF token for OmniAuth request phase
2019-08-08 11:58:00 +01:00
badges_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
categories_controller_spec.rb
SECURITY: don't reveal category details to users that do not have access
2019-08-19 12:38:28 +05:30
category_hashtags_controller_spec.rb
DEV: avoid double sign-in which can lead to flaky tests
2019-06-03 10:15:49 +10:00
clicks_controller_spec.rb
DEV: Fix failling test.
2019-05-07 11:19:13 +03:00
composer_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
composer_messages_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
csp_reports_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
directory_items_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
draft_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
drafts_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
email_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
embed_controller_spec.rb
FEATURE: Allow embedding to ignore HTTP REFERER
2019-09-10 12:27:07 -04:00
exceptions_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
export_csv_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
extra_locales_controller_spec.rb
FIX: ensure extra locales are only available to staff
2019-08-20 12:38:46 +02:00
finish_installation_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
forums_controller_spec.rb
FIX: Don't use DistributedCache to store redis readonly state
2019-06-25 11:20:34 +08:00
groups_controller_spec.rb
FEATURE: add support for group members visibility level (#8004)
2019-08-14 19:00:04 +05:30
inline_onebox_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
invites_controller_spec.rb
UX: update invite 'not found' message
2019-07-19 16:39:44 +05:30
list_controller_spec.rb
FEATURE: add support for group members visibility level (#8004)
2019-08-14 19:00:04 +05:30
metadata_controller_spec.rb
FEATURE: Site settings for linking with iOS/Android native apps
2019-08-27 14:05:37 -04:00
notifications_controller_spec.rb
DEV: Prefer public_send over send.
2019-05-07 09:33:21 +08:00
offline_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
omniauth_callbacks_controller_spec.rb
SECURITY: Reset password when activating an account via auth provider
2019-08-28 14:07:07 +01:00
onebox_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
permalinks_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
post_action_users_controller_spec.rb
More prefabrication
2019-05-10 08:34:04 -04:00
post_actions_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
post_readers_controller_spec.rb
UX/PERF: Update readers count when a post from another user is read. Don't fetch the post data again just to update the count. (#8078)
2019-09-09 11:29:15 +10:00
posts_controller_spec.rb
FEATURE: New post editing period for >= tl2 users (#8070)
2019-09-06 07:44:12 -04:00
push_notification_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
reviewable_claimed_topics_controller_spec.rb
More prefabrication
2019-05-10 08:34:04 -04:00
reviewables_controller_spec.rb
FEATURE: Adds a pop up that shows a more detailed score for reviewables (#8035)
2019-09-04 09:56:25 -06:00
robots_txt_controller_spec.rb
Revert "FEATURE: add Noindex to robots.txt for disallowed routes"
2019-07-30 11:33:38 +10:00
safe_mode_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
search_controller_spec.rb
FEATURE: when under extreme load disable search
2019-07-02 11:22:01 +10:00
session_controller_spec.rb
FIX: Better error when SSO fails due to blank secret (#7946)
2019-07-26 17:37:23 +03:00
similar_topics_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
site_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
static_controller_spec.rb
FIX: Fallback to gzip compression if brotli isn't supported (#7895)
2019-07-16 11:05:37 -03:00
steps_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
stylesheets_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
svg_sprite_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
tag_groups_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
tags_controller_spec.rb
FIX: Topics with muted tag didn't show up when filtering by category and tag
2019-09-06 20:38:03 +02:00
theme_javascripts_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
topics_controller_spec.rb
FIX: Allow topic edits when using a hidden tag
2019-08-21 16:33:01 -04:00
uploads_controller_spec.rb
FIX: Correctly encode non-ASCII filenames in HTTP header
2019-08-07 19:10:50 +02:00
user_actions_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
user_api_keys_controller_spec.rb
bug: keep query params present in auth_redirect (#7923)
2019-07-23 12:16:03 -04:00
user_avatars_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
user_badges_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
users_controller_spec.rb
Fix the build.
2019-08-01 15:23:50 +08:00
users_email_controller_spec.rb
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
webhooks_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
wizard_controller_spec.rb
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00