Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/controllers/admin
History
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental) 
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
 		2020-06-03 13:19:57 +10:00
..
admin_controller.rb DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
api_controller.rb FEATURE: Overhaul of admin API key system (#8284) 2019-11-05 14:10:23 +00:00
backups_controller.rb DEV: use DiskSpace module for all disk space calculations 2020-02-18 15:13:19 +11:00
badges_controller.rb FIX: Unassign user titles when a badge is deleted (#9573) 2020-05-02 18:02:28 -07:00
color_schemes_controller.rb DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
dashboard_controller.rb DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
email_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_styles_controller.rb FEATURE: customization of html emails (#7934) 2019-07-30 15:05:08 -04:00
email_templates_controller.rb FEATURE: Add welcome message for admins. (#8293) 2019-11-05 18:15:55 +05:30
embeddable_hosts_controller.rb DEV: add a few frozen string literals 2019-05-02 16:57:12 +10:00
embedding_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
emojis_controller.rb FEATURE: allows multiple custom emoji groups (#9308) 2020-03-30 20:16:10 +02:00
groups_controller.rb FIX: Don't responde with error 500 if domain is invalid when adding automatic membership domain (#9655) 2020-05-26 15:40:09 +10:00
impersonate_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
permalinks_controller.rb FEATURE: Permalinks for tags 2020-05-25 14:51:01 +02:00
plugins_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reports_controller.rb FEATURE: alows to add a description link to a report (#9065) 2020-03-02 14:30:51 -05:00
robots_txt_controller.rb FEATURE: Allow customization of robots.txt (#7884) 2019-07-15 20:47:44 +03:00
screened_emails_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
screened_ip_addresses_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_urls_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
search_logs_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_settings_controller.rb FIX: update `email_digests` user option when `default_email_digest_frequency` updated. 2020-03-20 00:55:47 +05:30
site_texts_controller.rb FIX: Ensure only edited badge titles update a users title 2020-01-21 19:09:42 -07:00
staff_action_logs_controller.rb FIX: Don't error when the empty current value in dif (#8406) 2019-11-26 09:17:14 +11:00
themes_controller.rb FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
user_fields_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
users_controller.rb DEV: improve code readability & add tests for user guardian. 2020-04-30 20:59:33 +05:30
versions_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
watched_words_controller.rb FEATURE: Watched words improvements (#7899) 2019-07-22 14:59:56 +03:00
web_hooks_controller.rb FIX: Don't display webhooks for inactive plugins (#9206) 2020-03-17 10:39:24 -06:00