Commit Graph

228 Commits

Author SHA1 Message Date
Jeff Wong
a1f9b1a7fc
FIX: correctly remove authentication_data cookie on oauth login flow (#9238)
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:
* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-19 09:00:46 -07:00
David Taylor
3d71b68195
DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
Gerhard Schlager
61b1f9c36b FEATURE: Load translation overrides without JS eval 2019-11-05 19:16:38 +01:00
Penar Musaraj
8f601d5025 UI: Add viewport meta tag to embedded topics layout 2019-09-12 14:14:32 -04:00
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Penar Musaraj
0f67350764 FIX: only use app argument for official iOS app banner
When showing the native app banner, we include an app argument to automatically add the current site to the official DiscourseHub app. However, the app id can be changed via a hidden site setting, and when changed, that argument is no longer useful. This ensures the argument is only included for the official iOS app banner.
2019-08-27 10:23:57 -04:00
David Taylor
6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Joe
340173eb12 DEV: consistent theme lookup in application / crawler / no-ember views (#7955)
* removes `raw` helpers

* include theme footer in the crawler view

* include theme body tag content in no-ember pages
2019-07-30 19:00:46 +02:00
Vinoth Kannan
839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Régis Hanol
f6ced0a78a Remove unused & empty author meta tag 2019-06-03 12:00:14 +02:00
David Taylor
7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Kris
98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Penar Musaraj
5e546ba7d1 Standardize viewport rules for mobile and desktop
Also removes`maximum-scale` on non-mobile devices, better for accessibility.
2019-05-06 10:28:29 -04:00
Sam Saffron
1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Penar Musaraj
7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Penar Musaraj
eae22548de
Footer navigation for iOS PWAs and DiscourseHub app (#7347) 2019-04-10 12:23:18 -04:00
Saurabh Patel
da2f659635 UX: Improve posts layout for crawler (#7286) 2019-04-03 11:58:00 +02:00
Rafael dos Santos Silva
8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Jeff Wong
b0d93a38e8 FEATURE: Add plugin html hook to insert html before any other scripts 2019-03-05 10:41:16 -08:00
David Taylor
880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
David Taylor
49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
Guo Xiang Tan
ffdacba219 Remove extra apple-touch-icon link in head.
The sizes attribute does not make a difference because both
image provided is of the same size.
2018-11-29 15:24:52 +08:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Guo Xiang Tan
0972516abe FIX: Incorrect "rel" used for apple icons in <head>.
Nothing on the web I can find suggests that this should have been `rel=icon`.
See https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
2018-11-26 10:40:09 +08:00
Kyle Zhao
80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
David Taylor
37fb8fc0e7
FIX: Do not display broken image on crawler/print view (#6575) 2018-11-07 22:28:45 +00:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Joe
4234058358 UX: don't show crawler navigation in print view (#6551)
* UX: adds CSS classes to crawler navigation links

* UX: hide crawler navigation in print view
2018-11-02 09:18:07 +11:00
Gerhard Schlager
733b8af47b FIX: Uploads didn't work for subfolder anymore 2018-10-30 12:53:57 +01:00
Vinoth Kannan
92bf3c667e FIX: Flash authentication data not rendered in latest iOS safari browser 2018-10-30 04:00:36 +05:30
Sam Saffron
abaa3f0650 FEATURE: add server:before-head-close-crawler outlet for plugins
This outlet allows plugins to inject html prior to closing head tag
2018-10-25 16:31:05 +11:00
Sam
4c8fe13500 FIX: remove code that restricted "header" theme field from admin
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion

Conditional is now removed
2018-10-15 17:29:10 +11:00
Robin Ward
c2add85e75 FIX: Typo, should be authentication
cc @xrav3nz
2018-10-11 14:58:46 -04:00
Kyle Zhao
acba7d2a5d Extract discourse_javascript.html.erb to a scrip include
* extract omniauth auth complete inline JS

* extract Ember error logging inline JS

* transpile `authentication-complete`

This is CSP related work
2018-10-09 16:50:45 +11:00
Kyle Zhao
ab448ca8f3 extract client side Discourse setup inline JS (#6409) 2018-10-01 21:29:04 -07:00
Kyle Zhao
d0f660806d FIX: close data-preloaded div tag 2018-10-01 15:24:27 +08:00
Kyle Zhao
819f090d6a move large blobs out of <head> (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Osama Sayegh
16bd3f2cf2 FIX: use current user color scheme when filling theme-color attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Gerhard Schlager
cc851af750 FIX: HTML lang attribute expects hyphen instead of underscore 2018-08-20 13:55:58 +02:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Christoph Holtermann
bed26ea0b3 fix indentation 2018-06-25 15:01:39 +10:00
Christoph Holtermann
a0af15d525 no redeclaring state 2018-06-25 15:01:39 +10:00
Christoph Holtermann
e874afaf31 read embed state info from data attribute 2018-06-25 15:01:39 +10:00
Christoph Holtermann
5914a3db20 Update embed.html.erb
Small fix
2018-06-25 15:01:39 +10:00
Christoph Holtermann
2244f19ff9 Update embed.html.erb
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00