Vinoth Kannan
72810853ea
FIX: strip the trailing slash (/) of cors origins. ( #10996 )
...
Strips trailing `/` from global settings
Provides a validation for site settings to ensure a trailing `/` is not added
2020-10-29 13:01:06 +11:00
Sam Saffron
25f1f23288
FEATURE: Stricter rules for user presence
...
Previously we would consider a user "present" and "last seen" if the
browser window was visible.
This has many edge cases, you could be considered present and around for
days just by having a window open and no screensaver on.
Instead we now also check that you either clicked, transitioned around app
or scrolled the page in the last minute in combination with window
visibility
This will lead to more reliable notifications via email and reduce load of
message bus for cases where a user walks away from the terminal
2020-03-26 17:36:52 +11:00
Sam Saffron
494fe335d3
DEV: allow handling crawler reqs with no user agent
...
Followup to e440ec25
we treat no user agent as crawler reqs.
2019-12-09 18:40:10 +11:00
Robin Ward
ddd45d1419
FIX: Broken spec
2019-09-09 15:07:40 -04:00
Sam Saffron
4ea21fa2d0
DEV: use #frozen_string_literal: true on all spec
...
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.
Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Davide Porrovecchio
005e1f5373
Add Cache-Control header to CORS ( #6490 )
2018-10-16 10:46:55 +11:00
Sam
37c5280f73
correct spec
2018-09-17 11:37:01 +10:00
Davide Porrovecchio
1826626272
FEATURE: Add Content-Type header to CORS
...
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
2018-08-28 11:19:38 +10:00
Davide Porrovecchio
dd9d815178
FIX: Add User Api Key headers to CORS
...
- add User-Api-Key and User-Api-Client-Id to Access-Control-Allow-Headers
- update test
2018-07-24 10:28:23 +10:00
Sam
adae963751
ensure we do not override charset for content type
2018-01-25 18:43:42 +11:00
Sam
fc36f095a7
FIX: ensure proper header transfer (except for cache control)
...
allows discourse special headers to be visible on hijacked reqs
2018-01-21 14:26:42 +11:00
Sam
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Sam
90a55d6f7c
FIX: handle CORS in hijacked requests
2017-12-07 10:31:04 +11:00
Sam
df84e1c358
Correctly track hijacked requests
2017-11-28 16:47:20 +11:00
Sam
0caa335ef0
FIX: Handle more cases where HTTP status is not correct
...
HTTP status was not correct with send_file which uses streaming
2017-11-28 11:00:13 +11:00
Sam
ca7af7b88f
FIX: displaying wrong avatar and letter avatar
...
correct regression where params and env is reused in production
2017-11-28 09:28:40 +11:00
Sam
608207b2e5
FEATURE: avatar proxy happens in background
...
This ensures that even if it is slow to download avatars site will
continue to work
Also simplifies hijack pattern
2017-11-27 17:43:24 +11:00
Guo Xiang Tan
2e04ef97d9
Fix the build.
2017-11-27 10:53:05 +08:00
Sam
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00