Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/config
History
Alan Guo Xiang Tan 3e331b1725
DEV: Set a bytesize limit for `ThemeSetting#json_value` (#25761) 
Why this change?

Firstly, note that this is not a security commit because this feature is
still in development and should not be used anywhere.

The reason we want to set a limit here is to greatly reduce the
possibility of a DoS attack in the future via `ThemeSetting` where
someone would set an arbituary large json string in
`ThemeSetting#json_value` and causing the server to run out of resources
trying to serialize/deserialize the value.

What does this change do?

Adds an ActiveRecord validation to ensure that the bytesize of the json
string being stored is smaller than or equal to 0.5mb. We believe 0.5mb
is a decent limit for now but we can review the limit in the future if
we believe it is too small.
 		2024-02-21 08:09:37 +08:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
environments DEV: Create unlogged tables by default in the test environment (#25451) 2024-01-29 09:57:58 +08:00
initializers DEV: chat streaming (#25736) 2024-02-20 09:49:19 +01:00
locales DEV: Set a bytesize limit for `ThemeSetting#json_value` (#25761) 2024-02-21 08:09:37 +08:00
application.rb FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
boot.rb PERF: Stop running bootsnap in development mode on all environments (#25737) 2024-02-19 11:33:52 +08:00
cdn.yml.sample
database.yml DEV: Fix checkout time not properly enabled on CI (#25621) 2024-02-09 06:02:42 +08:00
deploy.rb.sample
dev_defaults.yml DEV: Convert `admin-incoming-email` modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse.config.sample
discourse.pill.sample
discourse_defaults.conf DEV: Increase default SMTP read timeout to 30s (#25763) 2024-02-21 07:13:18 +10:00
environment.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample DEV: Remove `db_id` from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
routes.rb FEATURE: Groundwork for schema theme settings UI (#25673) 2024-02-16 09:31:49 +03:00
sidekiq.yml
site_settings.yml DEV: Make more group-based settings client: false (#25735) 2024-02-19 13:25:59 +11:00
spring.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn.conf.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
unicorn_launcher
unicorn_upstart.conf