discourse/lib
Sam cedcdb0057
FEATURE: allow for local theme js assets (#16374)
Due to default CSP web workers instantiated from CDN based assets are still
treated as "same-origin" meaning that we had no way of safely instansiating
a web worker from a theme.

This limits the theme system and adds the arbitrary restriction that WASM
based components can not be safely used.

To resolve this limitation all js assets in about.json are also cached on
local domain.

{
  "name": "Header Icons",
  "assets" : {
    "worker" : "assets/worker.js"
  }
}

This can then be referenced in JS via:

settings.theme_uploads_local.worker

local_js_assets are unconditionally served from the site directly and
bypass the entire CDN, using the pre-existing JavascriptCache

Previous to this change this code was completely dormant on sites which
used s3 based uploads, this reuses the very well tested and cached asset
system on s3 based sites.

Note, when creating local_js_assets it is highly recommended to keep the
assets lean and keep all the heavy working in CDN based assets. For example
wasm files can still live on the CDN but the lean worker that loads it can
live on local.

This change unlocks wasm in theme components, so wasm is now also allowed
in `theme_authorized_extensions`

* more usages of upload.content

* add a specific test for upload.content

* Adjust logic to ensure that after upgrades we still get a cached local js
on save
2022-04-07 07:58:10 +10:00
..
auth PERF: Throttle updates to API key last_used_at (#16390) 2022-04-06 11:01:52 -03:00
autospec DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
backup_restore DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
common_passwords PERF: Load all common passwords in one go (#15986) 2022-02-18 19:47:15 +01:00
compression FIX: Decompressing lots of small files triggered error 2020-01-09 15:11:31 +01:00
content_security_policy FIX: Set CSP base-uri to `self` (#13654) 2021-07-07 09:43:48 -04:00
demon DEV: Route Sidekiq logs to Rails logger (#15817) 2022-02-04 16:28:20 +00:00
discourse_dev DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
email DEV: Clean up freedom patches 2022-04-06 10:07:14 +02:00
emoji FEATURE: Add missing emojis (#15582) 2022-01-14 17:51:13 -03:00
faker DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
file_store DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
freedom_patches DEV: Clean up freedom patches 2022-04-06 10:07:14 +02:00
generators/rails DEV: removes plugin generator (#14101) 2021-08-20 11:29:06 +02:00
guardian FIX: Respect the cooldown window when editing a flagged topic. (#16046) 2022-02-25 11:09:31 -03:00
highlight_js
i18n DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
imap FIX: Add random suffix to outbound Message-ID for email (#15179) 2021-12-06 10:34:39 +10:00
import
import_export FEATURE: include user custom fields in base exporter (#14690) 2021-10-22 10:02:56 -07:00
javascripts DEV: Disallow `Ember` global usage (#16147) 2022-03-09 17:54:07 +01:00
middleware DEV: Improve background-request information in request_tracker (#16037) 2022-02-23 12:45:42 +00:00
migration DEV: Correctly tag heredocs (#16061) 2022-02-28 20:50:55 +01:00
onebox DEV: Don’t patch Sanitize::Config 2022-04-06 17:10:51 +02:00
plugin DEV: Add discourse-bcc to the official plugins (#16251) 2022-03-22 18:18:09 +01:00
pretty_text DEV: replaces huge generated emoji list by a simpler regex (#11053) 2021-04-22 08:43:06 +02:00
rate_limiter FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
reviewable Revert "FEATURE: Let reviewables override the score type title. (#16234)" (#16238) 2022-03-21 16:32:47 -03:00
scheduler
search FEATURE: Use Postgres unaccent to ignore accents (#16100) 2022-03-07 23:03:10 +02:00
second_factor UX: Add description to the 2FA page when adding new admins (#16098) 2022-03-04 06:43:06 +03:00
seed_data FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
sidekiq DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_settings FEATURE: Add new site setting list type with name and values (#16045) 2022-03-08 13:18:43 +02:00
stylesheet DEV: Correctly tag heredocs (#16061) 2022-02-28 20:50:55 +01:00
svg_sprite FEATURE: allow for local theme js assets (#16374) 2022-04-07 07:58:10 +10:00
tasks DEV: Improve `plugin:versions` task (#16391) 2022-04-06 18:29:39 +02:00
theme_store FEATURE: allow for local theme js assets (#16374) 2022-04-07 07:58:10 +10:00
topic_query FIX: exclude topics from muted tag in category featured list. (#14925) 2021-11-16 12:10:50 +05:30
turbo_tests FIX: Make thumbnail tests start with a clean slate (#15216) 2021-12-07 13:07:45 -06:00
validators FEATURE: upload an avatar option for uploading avatars with selectable avatars (#15878) 2022-02-24 12:57:39 -08:00
webauthn SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
wizard FEATURE: Enable auto dark mode on new instances (#14208) 2021-09-02 14:55:38 -04:00
admin_confirmation.rb FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
admin_constraint.rb Revert "DEV: Add context in `AdminConstraint` (#15838)" (#15845) 2022-02-07 21:05:19 +03:00
admin_user_index_query.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
age_words.rb
archetype.rb
auth.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
backup_restore.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
badge_posts_view_manager.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
badge_queries.rb FIX: Don't grant sharing badges to users who don't exist (#13851) 2021-07-27 16:32:59 +10:00
base62.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
bookmark_manager.rb FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
bookmark_query.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
bookmark_reminder_notification_handler.rb FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
browser_detection.rb FIX: Detect DiscourseHub user agent. 2019-08-09 11:58:15 +03:00
cache.rb DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
canonical_url.rb FEATURE: Send a 'noindex' header in non-canonical responses (#15026) 2021-11-25 16:58:39 -03:00
category_badge.rb
chrome_installed_checker.rb DEV: Add chromium to ChromeInstalledChecker (#16224) 2022-03-19 11:00:06 +01:00
comment_migration.rb
composer_messages_finder.rb FEATURE: Make allow_uploaded_avatars accept TL (#14091) 2021-08-24 10:46:28 +03:00
configurable_urls.rb Replace `base_uri` with `base_path` (#10879) 2020-10-09 12:51:24 +01:00
content_buffer.rb
content_security_policy.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
cooked_post_processor.rb DEV: Remove duplicated methods (#16178) 2022-03-14 19:35:01 +02:00
cooked_processor_mixin.rb FIX: Make sure max_oneboxes_per_post is enforced (#16215) 2022-03-23 17:36:08 +02:00
crawler_detection.rb FEATURE: Implement browser update in crawler view (#12448) 2021-03-22 19:41:42 +02:00
csrf_token_verifier.rb DEV: Provide method for auth plugins to generate a CSRF token 2019-08-13 01:13:08 +01:00
current_user.rb
custom_renderer.rb
custom_setting_providers.rb
db_helper.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
directory_helper.rb
discourse.rb DEV: Include exception class in Discourse.warn_exception log (#15822) 2022-02-04 19:41:08 +00:00
discourse_connect_base.rb DEV: rename single_sign_on classes to discourse_connect (#15332) 2022-01-06 16:28:46 +04:00
discourse_connect_provider.rb DEV: rename single_sign_on classes to discourse_connect (#15332) 2022-01-06 16:28:46 +04:00
discourse_cookie_store.rb
discourse_dev.rb DEV: move `discourse_dev` gem to the core. (#13360) 2021-06-14 20:34:44 +05:30
discourse_diff.rb Escape values of HTML attributes 2021-08-10 10:25:15 -04:00
discourse_event.rb DEV: Remove site_setting_saved event (#15164) 2021-12-02 09:33:03 -06:00
discourse_hub.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_ip_info.rb DEV: Typo. (#16092) 2022-03-03 09:24:58 +08:00
discourse_js_processor.rb DEV: Prefix deprecation notices with plugin name (#15942) 2022-02-14 20:13:52 +00:00
discourse_logstash_logger.rb FIX: Use 'hostname' when Discourse.os_hostname is not available 2020-02-18 13:37:39 +02:00
discourse_plugin_registry.rb REFACTOR: Improve support for consolidating notifications. (#14904) 2021-11-30 13:36:14 -03:00
discourse_redis.rb DEV: Remove DiscourseRedis.namespace (#15993) 2022-02-18 18:44:22 +01:00
discourse_tagging.rb FEATURE: Allow multiple required tag groups for a category (#16381) 2022-04-06 14:08:06 +01:00
discourse_updates.rb FIX: Regression introduced in #14715 (#14842) 2021-11-09 17:20:09 +11:00
disk_space.rb FIX: correct upload statistics report for external storage 2020-02-20 15:15:53 +11:00
distributed_cache.rb FIX: Handle `nil` values in `DistributedCache#defer_get_set` (#15978) 2022-02-17 14:52:14 +00:00
distributed_memoizer.rb DEV: Make DistributedMemoizer use DistributedMutex (#16229) 2022-04-05 19:29:58 +02:00
distributed_mutex.rb FIX: Off-by-one error setting the distributed mutex key to expire 2020-02-03 14:54:50 +00:00
edit_rate_limiter.rb FEATURE: Increase daily edit limits proportionally to trust level (#13090) 2021-05-19 13:57:21 +04:00
email.rb DEV: pull email address validation out to a new EmailAddressValidator 2022-02-17 21:49:22 -05:00
email_backup_token.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
email_cook.rb PERF: Avoid lookbehinds when replacing links in imported emails (#11931) 2021-02-02 17:34:00 +01:00
email_updater.rb DEV: Update :critical_user_email calls to use strings (#15827) 2022-02-04 23:43:53 +00:00
encodings.rb
enum.rb
enum_site_setting.rb
excerpt_parser.rb DEV: Remove dead code 2021-05-31 10:22:50 +08:00
external_upload_helpers.rb DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
feed_element_installer.rb
feed_item_accessor.rb FIX: Select best link from Atom feed (#15663) 2022-01-21 17:54:18 +02:00
file_helper.rb DEV: Expand UploadMarkdown generation capabilities (#15930) 2022-02-14 15:48:27 +10:00
filter_best_posts.rb
final_destination.rb FIX: Do not raise if title cannot be crawled (#16247) 2022-03-22 20:13:27 +02:00
flag_query.rb DEV: Remove deprecated methods (#14885) 2021-11-11 12:21:25 -06:00
flag_settings.rb
gaps.rb
global_path.rb FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
group_email_credentials_check.rb FEATURE: Scheduled group email credential problem check (#15396) 2022-01-04 10:14:33 +10:00
guardian.rb FIX: staff should not be able to PM groups that "Nobody" can message (#16163) 2022-03-22 10:23:14 +10:00
has_errors.rb
hijack.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
homepage_constraint.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
html_prettify.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
html_to_markdown.rb FIX: Hoisting linebreaks shouldn't fail for HTML5 elements (#14364) 2021-09-17 10:41:34 +02:00
http_language_parser.rb FIX: Include resolved locale in anonymous cache key (#10289) 2020-07-22 18:00:07 +01:00
image_sizer.rb
import_export.rb FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
inline_oneboxer.rb Only block domains at the final destination (#15689) 2022-01-31 15:35:12 +08:00
introduction_updater.rb FIX: replace default welcome topic post with new value from wizard 2020-04-01 15:42:45 -04:00
js_locale_helper.rb FIX: Overridden MessageFormat fallbacks (#15855) 2022-02-08 12:31:08 +11:00
json_error.rb
letter_avatar.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
markdown_linker.rb
mem_info.rb
message_bus_diags.rb PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
method_profiler.rb DEV: Add output_sql_to_stderr! to MethodProfiler (#12445) 2021-03-19 17:48:30 +10:00
mini_sql_multisite_connection.rb DEV: Use MiniSql ActiveRecordPostgres adapter (#15767) 2022-02-03 10:00:28 +00:00
mobile_detection.rb FIX: include crawler content on old mobile browsers (#16387) 2022-04-06 11:09:12 +01:00
new_post_manager.rb SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
new_post_result.rb DEV: Let's always give a drop_from param to deprecate (#14901) 2021-11-12 08:52:59 -06:00
notification_levels.rb
onebox.rb DEV: Don’t patch Sanitize::Config 2022-04-06 17:10:51 +02:00
oneboxer.rb DEV: Don’t patch Sanitize::Config 2022-04-06 17:10:51 +02:00
onpdiff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
pbkdf2.rb Use Xorcist.xor! instead of refinements since Ruby 3.2+ removes Refinment-include (#15694) 2022-02-03 16:19:30 +11:00
permalink_constraint.rb
pinned_check.rb
plain_text_to_markdown.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
plugin_gem.rb DEV: Don't load bundler when installing plugin gem. (#16117) 2022-03-07 13:20:43 +08:00
plugin_initialization_guard.rb DEV: Correctly tag heredocs (#16061) 2022-02-28 20:50:55 +01:00
post_action_creator.rb DEV: Create post actions without creating a notification and store custom data. (#15397) 2021-12-27 11:25:37 -03:00
post_action_destroyer.rb FIX: correctly notifies subscribers with post_action_destroyer (#16084) 2022-03-03 09:49:36 +01:00
post_action_result.rb
post_creator.rb FIX: Update user stat counts when post/topic visibility changes. (#15883) 2022-02-11 09:00:58 +08:00
post_destroyer.rb FIX: avoid validations when destroying posts (#16049) 2022-02-25 11:20:54 +11:00
post_jobs_enqueuer.rb FIX: Do not send emails to mailing_list_mode subscribers for PMs (#14159) 2021-08-26 15:16:35 +10:00
post_locker.rb
post_merger.rb FEATURE: TL4 & category moderators can merge posts (#12843) 2021-04-27 18:24:27 +02:00
post_revisor.rb FIX: Don't advance draft sequence when editing topic title (#16002) 2022-02-23 10:39:54 +03:00
presence_channel.rb DEV: Fix random typos (#16066) 2022-02-28 10:20:58 +08:00
pretty_text.rb DEV: Drop lodash (#16110) 2022-03-06 18:15:25 +01:00
promotion.rb FIX: check if BasicBadge is enabled for TL1 welcome message (#13983) 2021-08-11 08:39:25 +10:00
quote_comparer.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
rake_helpers.rb Try fix upload_spec flakys and remove logging from tasks/uploads_spec 2020-02-18 15:08:58 +10:00
rate_limiter.rb DEV: Consolidate Redis evalsha logic into DiscourseRedis::EvalHelper (#15957) 2022-02-15 16:06:12 +00:00
read_only_header.rb
redis_snapshot.rb PERF: Redis snapshotting during tests (#15260) 2021-12-10 14:25:26 -06:00
require_dependency_backward_compatibility.rb DEV: Remove Zeitwerk inflection monkey patch. 2022-03-29 16:04:49 +02:00
retrieve_title.rb FIX: Do not raise if title cannot be crawled (#16247) 2022-03-22 20:13:27 +02:00
route_format.rb
route_matcher.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
rtl.rb Check site default locale if Rtl class is initialized without a user (#8417) 2019-11-26 15:01:37 -05:00
s3_cors_rulesets.rb DEV: Skip logging in test environment (#14971) 2021-11-16 18:01:48 +03:00
s3_helper.rb FEATURE: Direct S3 multipart uploads for backups (#14736) 2021-11-11 08:25:31 +10:00
s3_inventory.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
score_calculator.rb
screening_model.rb
search.rb FIX: Do not wrap unaccent around tsqueries (#16284) 2022-03-25 19:10:05 +02:00
secure_session.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
shrink_uploaded_image.rb DEV: Improve `script/downsize_uploads.rb` (#13508) 2021-06-24 00:09:40 +02:00
site_icon_manager.rb PERF: Defer setting of distributed cache in more spots. 2021-06-04 09:13:18 +08:00
site_setting_extension.rb FIX: Resetting selectable avatars was failing (#16302) 2022-03-28 14:15:28 -04:00
slug.rb FIX: Make category slugs lowercase (#11277) 2021-01-12 17:28:33 +02:00
socket_server.rb
spam_handler.rb FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
staff_constraint.rb FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
staff_message_format.rb
suggested_topics_builder.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
system_message.rb DEV: Add option to send system message to groups (#12256) 2021-03-02 18:51:50 +01:00
temporary_db.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
temporary_redis.rb DEV: Introduce `TemporaryRedis` and unset `DISCOURSE_*` env vars in the `themes:isolated_test` rake task (#13401) 2021-06-23 07:38:43 +03:00
text_cleaner.rb FEATURE: Correctly convert topic title to uppercase and lowercase for Turkish default locale (#13115) 2021-05-24 18:13:30 +10:00
text_sentinel.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
theme_javascript_compiler.rb FEATURE: Allow theme tests to be run in production (take 2) (#12845) 2021-04-28 23:12:08 +03:00
theme_modifier_helper.rb Code review comments. 2021-06-21 11:06:58 +08:00
theme_settings_manager.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
theme_settings_parser.rb FEATURE: Allow theme settings to request refresh (#15037) 2021-11-22 13:16:56 +01:00
theme_translation_manager.rb
theme_translation_parser.rb
timeline_lookup.rb FIX: ensures timeline_lookup includes last tuple (#11829) 2021-01-25 11:30:59 +01:00
tiny_japanese_segmenter.rb FEATURE: Split up text segmentation for Chinese and Japanese. 2022-02-07 09:21:14 +08:00
topic_creator.rb FIX: Validate category tag restrictions before sending new topics to review (#16292) 2022-03-28 21:25:26 +03:00
topic_list_responder.rb DEV: Refactor draft attributes for `CategoryList` and `TopicList`. 2020-07-24 10:11:30 +08:00
topic_publisher.rb FIX: Use destroy_all instead of delete_all for shared drafts 2020-03-05 11:13:43 -08:00
topic_query.rb FEATURE: mute subcategory when parent category is muted (#15966) 2022-02-17 00:42:02 +01:00
topic_query_params.rb FIX: Build correct topic list filter (#11473) 2020-12-11 14:20:48 +02:00
topic_retriever.rb FEATURE: Fallback to system users when creating new TopicEmbed (#12386) 2021-03-15 11:58:53 -03:00
topic_subtype.rb
topic_upload_security_manager.rb DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) 2021-01-29 09:03:44 +10:00
topic_view.rb FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
topics_bulk_action.rb FEATURE: Rename Reset Read bulk action to Defer (#15972) 2022-02-21 22:45:01 +02:00
trust_level.rb FIX: Don't store translated trust level names in anonymous cache (#13224) 2021-06-01 22:11:48 +02:00
turbo_tests.rb FIX: Make thumbnail tests start with a clean slate (#15216) 2021-12-07 13:07:45 -06:00
twitter_api.rb FIX: Replace Twitter handles one at a time (#15870) 2022-02-09 13:54:02 +02:00
unicorn_logstash_patch.rb DEV: Fix lint. 2020-07-21 15:55:03 +08:00
unread.rb FEATURE: Add last visit indication to topic view page. (#13471) 2021-07-05 14:17:31 +08:00
upload_creator.rb FIX: Blurry onebox favicon images (#15258) 2021-12-10 12:25:50 -07:00
upload_fixer.rb
upload_markdown.rb DEV: Expand UploadMarkdown generation capabilities (#15930) 2022-02-14 15:48:27 +10:00
upload_recovery.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
upload_security.rb FIX: Do not mark badge image uploads as secure (#13193) 2021-05-28 12:35:52 +10:00
url_helper.rb FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970) 2021-08-06 20:07:42 +04:00
user_lookup.rb REVERT "FIX: do not show private group flair on user avatars" (#13991) 2021-08-10 17:25:11 +05:30
user_name_suggester.rb FEATURE: when suggesting usernames skip input that consist entirely of disallowed characters (#15368) 2021-12-21 21:13:05 +04:00
vary_header.rb FIX: Include the Vary:Accept header on all Accept-based responses (#14647) 2021-10-25 12:53:50 +01:00
version.rb Version bump to v2.9.0.beta3 (#16256) 2022-03-22 14:46:23 -04:00
webauthn.rb FEATURE: RS512, RS384 and RS256 COSE algorithms (#15804) 2022-02-08 14:07:47 +02:00
wizard.rb DEV: Allow plugins to add wizard steps after specific steps (#9315) 2020-04-01 08:36:50 -05:00