Commit Graph

53595 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan
27b0ebff4c
DEV: Fix syntax for Link entity header for experimental_preconnect_link_header (#26218)
Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link, the
syntax for multiple links is something like

```
Link: <https://one.example.com>; rel="preconnect", <https://two.example.com>; rel="preconnect", <https://three.example.com>; rel="preconnect"
```

There should be no trailing `;` before the `,`.
2024-03-18 19:49:16 +08:00
dependabot[bot]
85bf6c6833
Build(deps-dev): Bump puppeteer-core from 22.4.1 to 22.5.0 (#26214)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.4.1 to 22.5.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.4.1...puppeteer-core-v22.5.0)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 09:03:29 +01:00
Joffrey JAFFEUX
5e3bc594c6
UX: do not close post text selection on scroll (#26217) 2024-03-18 09:03:13 +01:00
Joffrey JAFFEUX
bbb8595107
PERF: defer loading channels (#26155)
Prior to this change we would pre-load all the user channels which making initial page load slower. This change will make them be loaded right after initial load. In the past this was not possible as the channels would have to be loaded on each page transition. However since about a year, we made the channels to be cached on the frontend and no other request will be needed.

I have decided for now to not show a loading state in the sidebar as I think it would be noise, but we can reconsider this later.

Note given we don't have the channels loaded at first certain things where harder to accomplish. The biggest UX change of this commit is that we removed all the complex logic of computing the best channel to display when you load /chat. We will now store the id of the last channel you visited and will use this id to decide which channel to show.
2024-03-18 08:35:07 +01:00
Joffrey JAFFEUX
0bccdc4dbc
DEV: removes generated documentation (#26207) 2024-03-18 06:58:59 +01:00
Alan Guo Xiang Tan
36cdb1444c
EXPERIMENTAL: preconnect and dns-prefetch resource hints for CDN domains (#26215)
Why this change?

In https://web.dev/articles/preconnect-and-dns-prefetch, it describes
how hinting to the browser to preconnect to domains which we will
eventually use the connection for can help improve the time it takes to
load a page.

We are putting this behind an experimental flag so that we can test and
profile this in a production environment.

What does this change introduce?

Introduce a hidden experimental `experimental_preconnect_link_header`
site setting which when enabled will add the `preconnect` and
`dns-prefetch` resource hints to the response headers for full page load
requests.
2024-03-18 13:45:41 +08:00
David Battersby
d5b944f1de
FEATURE: add chat direct message button to user profile (#26135)
This change adds the chat direct message button to user profiles, similarly to how we use it within the user card.
2024-03-18 11:17:37 +08:00
Alan Guo Xiang Tan
426c035b80
UX: First pass styling experimental objects typed setting editor (#26194)
Why this change?

This is a first pass at styling the editor for creating/editing/updating
an objects typed theme setting. Only the desktop view is being
considered at the current moment.

The objects typed theme setting is still behind a feature flag at this moment so there is no need for us to get the styling perfect. The purpose of this PR is to get us to a state which we can quickly iterate with a designer on.
2024-03-18 10:03:30 +08:00
dependabot[bot]
a95840d39d
Build(deps): Bump rails_multisite from 5.0.1 to 6.0.0 (#26208)
Bumps [rails_multisite]() from 5.0.1 to 6.0.0.

---
updated-dependencies:
- dependency-name: rails_multisite
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:57 +08:00
dependabot[bot]
e5a35baf49
Build(deps-dev): Bump json-schema from 4.1.1 to 4.2.0 (#26212)
Bumps [json-schema](https://github.com/voxpupuli/json-schema) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/voxpupuli/json-schema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/voxpupuli/json-schema/compare/v4.1.1...v4.2.0)

---
updated-dependencies:
- dependency-name: json-schema
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:36:44 +08:00
dependabot[bot]
d451b149fd
Build(deps): Bump nokogiri from 1.16.2 to 1.16.3 (#26209)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.2...v1.16.3)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:04:04 +08:00
dependabot[bot]
7d9795a10e
Build(deps-dev): Bump sqlite3 from 1.7.2 to 1.7.3 (#26210)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.2...v1.7.3)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:03:49 +08:00
dependabot[bot]
192874d0a8
Build(deps-dev): Bump shoulda-matchers from 6.1.0 to 6.2.0 (#26211)
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 6.1.0 to 6.2.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: shoulda-matchers
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 08:00:29 +08:00
dependabot[bot]
df18da64b3
Build(deps-dev): Bump lefthook from 1.6.6 to 1.6.7 (#26213)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.6 to 1.6.7.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.6...v1.6.7)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-18 07:55:16 +08:00
Ted Johansson
e2ee70c4e2
FIX: Amend broken Mailgun API key check (#26206) 2024-03-18 09:10:30 +10:00
Martin Brennan
78bafb331a
FEATURE: Allow site settings to be edited throughout admin UI (#26154)
This commit makes it so the site settings filter controls and
the list of settings input editors themselves can be used elsewhere
in the admin UI outside of /admin/site_settings

This allows us to provide more targeted groups of settings in different
UI areas where it makes sense to provide them, such as on plugin pages.
You could open a single page for a plugin where you can see information
about that plugin, change settings, and configure it with custom UIs
in the one place.

In future we will do this in "config areas" for other parts of the
admin UI.
2024-03-18 08:50:39 +10:00
Kris
d0d659e733
UX: update twitter icon, add threads & mastodon (#26203) 2024-03-15 16:48:23 -04:00
Daniel Waterworth
1fbcc6936c
DEV: Regression test for categories N+1 (#26204) 2024-03-15 15:10:37 -05:00
Penar Musaraj
531e33b303
DEV: Allow user api key scope for notifications#totals (#26205)
The `/notifications/totals` route is a stripped down version of `notifications#index`. This just allows the mobile app to use this new route.
2024-03-15 16:06:32 -04:00
Penar Musaraj
8cf2f909f5
DEV: Dedicated route for current user notification counts (#26106)
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-03-15 12:08:37 -04:00
Nat
ad7e3e04f3
Bump version to v3.3.0.beta1 2024-03-15 15:01:58 +08:00
Bianca Nenciu
b425fbc2a2
SECURITY: Generate more category CSS on client
This commit moves the generation of category background CSS from the
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visible to the
current user.
2024-03-15 14:24:11 +08:00
Penar Musaraj
62ea382247
SECURITY: Limit invites params length 2024-03-15 14:24:07 +08:00
Daniel Waterworth
8cade1e825
SECURITY: Prevent large staff actions causing DoS
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
Alan Guo Xiang Tan
003b80e62f
SECURITY: Add rate limits for uploads 2024-03-15 14:24:00 +08:00
Daniel Waterworth
819361ba28
SECURITY: Don't disclose the existence of secret subcategories 2024-03-15 14:23:55 +08:00
dependabot[bot]
085edb170d
Build(deps): Bump sassc-embedded from 1.70.0 to 1.70.1 (#26184)
Bumps sassc-embedded from 1.70.0 to 1.70.1.

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:54 +08:00
dependabot[bot]
f2914bafd3
Build(deps): Bump follow-redirects from 1.15.4 to 1.15.6 (#26191)
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.4 to 1.15.6.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.4...v1.15.6)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 07:48:39 +08:00
Alan Guo Xiang Tan
cdba864598
DEV: Support description for properties in objects schema (#26172)
Why this change?

When editing a objects typed theme setting, the input fields which are
rendered should include a description so that the user knows the purpose
of the field which they are changing.

What does this change do?

This change adds support for adding description to each property in the
schema for an object by following a given convention in the locale file.

For a schema like this:

```
objects_setting:
  type: objects
  schema:
    name: section
    properties:
      name:
        type: string
        required: true
      links:
        type: objects
        schema:
          name: link
          properties:
            name:
              type: string
              required: true
              validations:
                max_length: 20
            url:
              type: string
```

Description for each property in the object can be added like so:

```
en:
  theme_metadata:
    settings:
      objects_setting:
        description: <description> for the setting
        schema:
          properties:
            name: <description for the name property>
            links:
              name: <description for the name property in link>
              url: <description for the url property in link>
```

If the a description is not present, the input field will simply not
have an description.

Also note that a description for a theme setting can now be added like
so:

```
en:
  theme_metadata:
    settings:
      some_other_setting: <This will be used as the description>
      objects_setting:
        description: <This will also be used as the description>
```
2024-03-15 07:47:42 +08:00
dependabot[bot]
ede6118f69
Build(deps): Bump terser from 5.29.1 to 5.29.2 (#26186)
Bumps [terser](https://github.com/terser/terser) from 5.29.1 to 5.29.2.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.29.1...v5.29.2)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:36:08 +08:00
dependabot[bot]
70d27de7fe
Build(deps-dev): Bump esbuild from 0.20.1 to 0.20.2 (#26187)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.20.1...v0.20.2)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:52 +08:00
dependabot[bot]
1a7ea82198
Build(deps-dev): Bump lefthook from 1.6.5 to 1.6.6 (#26188)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.6.5 to 1.6.6.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.6.5...v1.6.6)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:37 +08:00
dependabot[bot]
31c41dd013
Build(deps): Bump sass-embedded from 1.71.1 to 1.72.0 (#26189)
Bumps sass-embedded from 1.71.1 to 1.72.0.

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:22 +08:00
dependabot[bot]
6901fcd254
Build(deps): Bump json_schemer from 2.2.0 to 2.2.1 (#26190)
Bumps json_schemer from 2.2.0 to 2.2.1.

---
updated-dependencies:
- dependency-name: json_schemer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-15 06:35:08 +08:00
Blake Erickson
70c23f11a9
DEV: Add API scopes for post revisions (#26183)
This commit adds API scopes for reading, modifying, and deleting post
revisions.
2024-03-14 15:24:54 -06:00
Joffrey JAFFEUX
c986f9a947
DEV: adds details/location options to downloadCalendar (#26177)
This will now only be used for google to pre-fill the associated fields in: https://calendar.google.com/calendar/u/0/r/eventedit
2024-03-14 21:32:15 +01:00
Penar Musaraj
a71f68afdd
DEV: Improve localizability for a few labels (#26178)
Using separate prefix + date elements makes it harder to translate in
some languages. This moves a few dates inside i18n strings.
2024-03-14 15:01:43 -04:00
David Taylor
2546817d07
FIX: correctly strip unneeded csp directives under strict-dynamic (#26180) 2024-03-14 18:50:09 +00:00
David Taylor
b16f212c47
DEV: Add discourse prefix to d-popover deprecations (#26181) 2024-03-14 18:50:00 +00:00
Régis Hanol
5213bba672
FIX: support [code] in blockquotes (#26182)
> [code]
> line1
> line2
> [/code]

would render as

| line1
| > line2

instead of the correct

| line1
| line2

That was due to the `bbcode-block` code using a `slice` to get the content of a block and not taking into account it being nested in a quote block for example.

The fix was to get the content using the `getLines` utils method.

Context: https://meta.discourse.org/t/markdown-bbcode-code-quote-bug/299047
2024-03-14 19:31:22 +01:00
Rafael dos Santos Silva
679a773411
FIX: Handle nil post_search_data for search result (#26179)
Since we are introducing new ways to search in Discourse, like the AI
semantic search using embeddings, posts can be part of a search result
list without having any search data.

Since the code path already handles this, we only need to add a safety
check when accessing the post_search_data.
2024-03-14 14:40:46 -03:00
Régis Hanol
c662a99db3
FIX: clicking "more..." in emoji autocomplete (#26176)
This reverts the "fix" made in 44f6b24e34 since it wasn't the correct fix and the emoji picker wasn't showing in chat 🤦‍♂️

The proper fix is to `stopPropagation()` on the `click` event since the click handler has been made `async`. `preventDefault()` isn't enough.
2024-03-14 18:15:02 +01:00
Andrei Prigorshnev
dedf1a5e03
Correct versions (#26175)
This is a follow-up to https://github.com/discourse/discourse/pull/25883. 
Somehow I forgot to address this comment –https://github.com/discourse/discourse/pull/25883#discussion_r1503234622
2024-03-14 20:36:56 +04:00
Kris
9376a2e755
FEATURE: optionally show "Powered by Discourse" link to discourse.org (#26162) 2024-03-14 10:30:12 -04:00
Jan Cernik
83495f656d
DEV: Convert time-gap widget to a component (#26165)
* DEV: Convert time-gap widget to a component

* inline timegap component

* Remove top level wrapper

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-03-14 10:01:38 -03:00
David Taylor
6da176580b
DEV: Unsilence header-related deprecations (#26173)
https://meta.discourse.org/t/296544
2024-03-14 11:03:03 +00:00
Régis Hanol
44f6b24e34
FIX: clicking "more..." in emoji autocomplete (#26160)
Should open the emoji picker. But it wasn't 😅

The `handleOutsideClick` event was listening too early and would catch the click on the "more..." option in the autocomplete as a click outside the emoji picker and would immediately close it 🤦

The fix was to defer registering to this event.
2024-03-14 09:31:49 +01:00
David Battersby
139e21e37d
UX: fix chat title margin on drawer and side panel (#26171)
Fixes alignment issues within the drawer mode and chat sidebar panel on desktop.
2024-03-14 13:41:42 +08:00
Sam
e05628c079
PERF: omit HTML view from sessions by logged on users. (#26170)
You need JS to log on to Discourse anyway, HTML only serves for debugging
purpose, no need to send it
2024-03-14 15:48:29 +11:00
chapoi
1f786f4972
UX: fix chat navbar header alignment (#26161) 2024-03-14 12:11:08 +08:00