Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
David Taylor 1fa7a87f86
SECURITY: Remove ember-cli specific response from application routes (#15155) 
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
 		2021-12-01 16:10:40 +00:00
..
components SECURITY: Remove ember-cli specific response from application routes (#15155) 2021-12-01 16:10:40 +00:00
fabricators SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
fixtures FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
helpers DEV: Remove xlink hrefs (#15059) 2021-11-25 15:22:43 +11:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950) 2021-11-15 15:50:12 +00:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs REFACTOR: Improve support for consolidating notifications. (#14904) 2021-11-30 13:36:14 -03:00
lib FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
mailers DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
models SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
multisite FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
requests SECURITY: Remove ember-cli specific response from application routes (#15155) 2021-12-01 16:10:40 +00:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers FEATURE: ability to add description to tags (#15125) 2021-12-01 09:18:56 +11:00
services SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
support FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb DEV: Load fabricators for plugins automatically. (#15106) 2021-11-30 15:55:45 +11:00
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00