When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119
* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
This version includes a fix to stop `env` mutation that occurred in
Logster default store which caused chained loggers to report different
backtraces for the same message when backtrace is provided via `env`.
https://github.com/discourse/logster/compare/v2.7.0...v2.7.1
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security
* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.
* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL
* Many improvements to uploads:secure_upload_analyse_and_update
* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.
* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
This change both improves readability and fixes potential race-condition issues where promises were nested instead of being chained.
Also includes:
* Use arrow functions and Promise shorthands
* Remove the obsolete `asyncTestDiscourse` helper
* FIX: We need to skip users with associated reviewables when auto-approving them
* Update spec/initializers/track_setting_changes_spec.rb
* Update spec/initializers/track_setting_changes_spec.rb
Co-authored-by: Robin Ward <robin.ward@gmail.com>
* FIX: Add aria-labels to topic list items
Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.
context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539
* Update app/assets/javascripts/discourse/lib/utilities.js.es6
Co-Authored-By: Régis Hanol <regis@hanol.fr>
* Multiline fix
* Fix more tests
Co-authored-by: Régis Hanol <regis@hanol.fr>
* DEV: Remove server global test variable
* Delete yarn-error.log
* prettier and some eslint fixes
* add global server variable back for plugins
* rename imported server to pretender
* prettier
* support plugin server. usage
* Export pretender as named
* Prettier
* change default pretender export
* fix bad import
* Use pretender() and original default export
* export new Pretender as default
* fix accidental change
* WIP testing
* add pretend handlers in correct location
* move more stuff into the correct pretender
* Consolidated more pretenders
* comment out another bad test
* fix user acceptance tests
* commented out bad test
* fixed another composer server stub
* fix more tests
* fixed tag test pretender
* Fix admin email test
* removed another draft handler
* add back test
* fix and uncomment another test
* remove test that is not useful
* remove commented out lines
* reapply handlers between every test
* no need to re-stub requests now :)
* cleanup from review
* more cleanup
* PERF: Allow passing an existing list of user field ids when loading
This avoids the need for running `UserField.pluck(:id)` for each user that is serialized
* Memoize user_fields to avoid rebuilding hash ever time
In some cases CTE caused pathologically bad query plans.
This optimises it so query runs by itself and caches for lifetime
of the topic query object.
This lightweight caching is done cause topic query will often
execute two queries (one for pinned and one for non pinned)
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.
This commit is an addition to 374534f00e.