Commit Graph

90 Commits

Author SHA1 Message Date
Gina Haeussge
f0fc38418c FEATURE: Support referrerPolicy on embed iframe
This commit adds a new property "discourseReferrerPolicy" to the
set of supported configuration properties for the comment embed
script. If provided the value will be used to set the "referrerPolicy"
attribute on the iframe created to display the comments. This in turn
will allow embedding pages to define a more lenient referer policy on
the embed iframe for pages whose default policy is so strict it
keeps the comment embed from working.

Example:

  * Setup:
    * Discourse hosted at discourse.example.com
    * Comments embedded at example.com
    * Referrer-Policy at example.com set to 'same-origin'
  * Without this commit:
    * Loading the comments fails due to the referer being empty
  * With this commit and no adjusted configuration:
    * Loading the comments fails due to the referer being empty
      (= same behaviour as without the commit)
  * With this commit and DiscourseEmbed.discourseReferrerPolicy =
    'no-referrer-when-downgrade' as additional configuration:
    * Loading the comments succeeds

Note that this change is of special interest for embedding pages
wanting to restrict data flows under the terms of the GDPR since
it allows selectively whitelisting comment embeds while preventing
referer leaking by default.
2018-06-25 14:59:34 +10:00
Joffrey JAFFEUX
0e15a575f4
EXPERIMENTAL: new dashboard UI
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Bruno Perel
6750ff6873 (S)CSS cleanup: 0px => O and removal of duplicated properties (#5526) 2018-01-25 09:53:36 -05:00
Arpit Jalan
d18900c24b Update Chart.min.js to latest version 2018-01-15 12:41:03 +05:30
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Régis Hanol
9206741190 update pikaday.js 2017-06-23 17:50:13 +02:00
James Kiesel
48c0f3faf3 Use image gallery feature of magnific
commit cc7061e9458d04dd02aad9c02ba3a89306e0fae7
Author: James Kiesel <james.kiesel@gmail.com>
Date:   Tue Apr 25 11:21:08 2017 +0900

    ;

commit 9233be7e432daff605812e6b49042f69d348b6e7
Author: James Kiesel <james.kiesel@gmail.com>
Date:   Tue Apr 25 10:01:26 2017 +0900

    Don't break if $elem is undefined

commit 598a694c070c86df8d9f5ffa1ed84e2f8756e65f
Author: James Kiesel <james.kiesel@gmail.com>
Date:   Tue Apr 25 04:51:14 2017 +0900

    .

commit 1711685a33ccd236011f54d3e652991728530b3a
Author: James Kiesel <james.kiesel@gmail.com>
Date:   Tue Apr 25 04:34:11 2017 +0900

    ;

commit 81703f36c0593250aeac3418fde86660fd307092
Author: James Kiesel <james.kiesel@gmail.com>
Date:   Tue Apr 25 04:12:37 2017 +0900

    Use image gallery functionality in magnific
2017-04-25 11:23:15 +09:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Robin Ward
c40d8d37dd Put an error in the console if the discourseEmbedUrl is relative 2017-02-13 11:18:24 -05:00
Arpit Jalan
6ea040dd5f FIX: lower case URLs before comparing for embedding comments 2016-10-13 00:35:51 +05:30
Robin Ward
7a01d575c2
FIX: Make embeddable discourse more forgiving with https 2016-04-26 15:03:44 -04:00
Régis Hanol
fd93fff39b update pikaday.js to latest and replace date inputs with pikadays 2016-04-15 17:58:32 +02:00
Sam
4bc860652b FEATURE: add graph support to admin reports
thanks to graph js, this runs latest beta cause we needed support for
smarter X axis legend
2016-04-14 15:46:01 +10:00
Régis Hanol
c79a8e836e FIX: date picker on mobile
UPDATE pickaday.js to latest version
2016-01-20 21:06:41 +01:00
Régis Hanol
e37ecb9d2f FIX: pikaday wasn't working when using the mouse with a touch-enabled monitor 2015-09-23 15:35:22 +02:00
Régis Hanol
0f62a7f781 FEATURE: new date picker component 2015-08-10 12:50:38 +02:00
Robin Ward
ae277e28a6 FEATURE: Allow embedding topics without creating them, by id 2015-06-09 16:24:20 -04:00
Robin Ward
cd27ba3478 FIX: Properly add no-conflict to ace editor 2015-05-14 12:46:51 -04:00
Robin Ward
d90063fc59 FIX: Error with ace editor and new ember.
Fix upgrades ace editor, which was a huge headache due to AMD.
2015-05-13 16:25:33 -04:00
Sam
c51dc9af54 update ace editor to latest, fix regression where syntax highlighting was missing 2015-03-12 12:20:50 +11:00
Sam
163929c819 UPGRADE: highlight js to latest from master 2014-09-24 13:03:30 +10:00
Régis Hanol
6b45b635f8 FIX: properly whitelist <code> classes needed for syntax highlighting 2014-07-09 16:27:47 +02:00
Justin Leveck
a78df3d57d Add custom embed_by_username feature
Feature to allow each imported post to be created using a different discourse
username. A possible use case of this is a multi-author blog where discourse
is being used to track comments. This feature allows authors to receive
updates when someone leaves a comment on one of their articles because each of
the imported posts can be created using the discourse username of the author.
2014-06-09 12:35:38 -07:00
Robin Ward
6dd1880f1f FIX: More safety when displaying link counts on blogs 2014-05-20 15:20:33 -04:00
Régis Hanol
2aa907e34e Update highlight.js to support Go 2014-05-06 18:33:13 +02:00
Robin Ward
8b7212f3d6 FIX: Extra & character 2014-04-14 11:44:35 -04:00
Sam
e62409aa89 Upgrade Ace editor
(used in stylesheet editor)
2014-04-04 11:31:22 +11:00
Régis Hanol
9d23cfcece update highlight.js to latest version 2014-03-25 18:13:38 +01:00
Robin Ward
ebb0661029 FIX: Should be href for the link 2014-03-20 15:37:00 -04:00
Robin Ward
fa3e9144e2 FIX: Update links regardless of trailing slashes 2014-03-20 15:33:56 -04:00
Robin Ward
bcc7f3aba4 Support embedded link counts via data-* attribute 2014-01-13 13:37:55 -05:00
Robin Ward
af3edfd5eb FEATURE: Show Reply count on blog index page when embedding 2014-01-13 12:47:41 -05:00
Robin Ward
c762e3c4b1 Support for scrolling to another post in the iframe; more complicated than you'd think! 2014-01-03 14:45:59 -05:00
Robin Ward
1ffcf39448 Make embedded comments look nicer 2014-01-03 12:52:42 -05:00
Robin Ward
5621a64579 Move embed.js to public 2013-12-31 18:01:09 -05:00
Régis Hanol
bfd2fd8607 update magnific popup to latest (v. 0.9.9) 2013-12-02 10:38:15 +01:00
Régis Hanol
ba3d07ddcb replaced colorbox with magnific popup lightbox 2013-06-12 00:32:48 +02:00
Sam
fa8a84f20c removed sugar.js, port functionality to moment and underscore.js
bring in latest ace from local so we don't mess up with https
2013-06-11 15:27:26 +10:00
Sam Saffron
d9531d94d5 basic lightbox support 2013-02-19 17:57:14 +11:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00