Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/requests
History
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental) 
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
 		2020-06-03 13:19:57 +10:00
..
admin FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
api DEV: api documentation updates (#9612) 2020-05-11 13:06:49 -06:00
about_controller_spec.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
application_controller_spec.rb FEATURE: default canonical URL (#9738) 2020-05-12 09:13:20 +10:00
associate_accounts_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
badges_controller_spec.rb FEATURE: add noindex header to badges, groups, and /my pages (#9736) 2020-05-11 15:05:42 +10:00
bookmarks_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
categories_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
category_hashtags_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
clicks_controller_spec.rb DEV: Fix failling test. 2019-05-07 11:19:13 +03:00
composer_messages_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
csp_reports_controller_spec.rb DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
directory_items_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
draft_controller_spec.rb FIX: saving drafts unconditionally increases sequence 2020-05-12 16:55:42 +10:00
drafts_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
email_controller_spec.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
embed_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
exceptions_controller_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
export_csv_controller_spec.rb fix the build (take 2). 2019-12-24 19:27:35 +05:30
extra_locales_controller_spec.rb FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
finish_installation_controller_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
forums_controller_spec.rb Add tests for /srv/status behavior 2020-03-09 14:06:13 -07:00
groups_controller_spec.rb FIX: add X-Robots-Tag header for check_xhr-covered GET actions, too (#9868) 2020-05-27 11:57:05 -04:00
inline_onebox_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
invites_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
list_controller_spec.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
metadata_controller_spec.rb FEATURE: Support for App Shortcuts Menu (#9749) 2020-05-12 12:24:33 -03:00
notifications_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
offline_controller_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
omniauth_callbacks_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
onebox_controller_spec.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
permalinks_controller_spec.rb DEV: improve usability of subfolder specs 2019-11-15 16:48:24 +11:00
post_action_users_controller_spec.rb FIX: Do not raise an error if the post action type is nil (#9458) 2020-04-17 14:23:33 -03:00
post_actions_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
post_readers_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
posts_controller_spec.rb FIX: sending messages to groups with non-lowercase names 2020-05-27 14:52:08 -06:00
published_pages_controller_spec.rb FEATURE: allows to to style published page with themes/plugins (#9570) 2020-04-28 18:24:24 +02:00
push_notification_controller_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_claimed_topics_controller_spec.rb FIX: Make reviewable claiming work with deleted topics (#9040) 2020-02-25 15:49:23 +02:00
reviewables_controller_spec.rb DEV: Add framework for filtered plugin registers (#9763) 2020-05-15 14:04:38 +01:00
robots_txt_controller_spec.rb FEATURE: let Google index pages so it can remove them 2020-05-11 12:15:18 +10:00
safe_mode_controller_spec.rb FEATURE: Always disable customizations on the `/safe-mode` route (#9052) 2020-02-28 10:53:11 +00:00
search_controller_spec.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
session_controller_spec.rb FIX: Handle missing provider return sso url 2020-05-12 18:16:50 -06:00
similar_topics_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
site_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
static_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
steps_controller_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
stylesheets_controller_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
svg_sprite_controller_spec.rb DEV: Allow 3-digit HEX color code in single icon route 2020-05-14 16:37:45 -04:00
tag_groups_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
tags_controller_spec.rb FEATURE: add noindex header to tags pages (#9748) 2020-05-12 10:44:46 -04:00
theme_javascripts_controller_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topics_controller_spec.rb SECURITY: make find topic by slug adhere to SiteSetting.detailed_404 (#9898) 2020-05-27 11:28:38 -07:00
uploads_controller_multisite_spec.rb FIX: Change secure media to encompass attachments as well (#9271) 2020-03-26 07:16:02 +10:00
uploads_controller_spec.rb FIX: randomize file name when created from fixtures (#9731) 2020-05-19 09:09:36 +10:00
user_actions_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
user_api_keys_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
user_avatars_controller_spec.rb DEV: Use a copy of the fixture file instead of the original one (#9645) 2020-05-06 11:54:08 -03:00
user_badges_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00
users_controller_spec.rb DEV: Clean up some Redis leaks in test env. 2020-05-18 17:27:37 +08:00
users_email_controller_spec.rb FIX: `EmailValidator` needs to validate format of email. 2020-06-03 10:34:37 +08:00
webhooks_controller_spec.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
wizard_controller_spec.rb DEV: Use `response.parsed_body` in specs (#9615) 2020-05-07 17:04:12 +02:00