Commit Graph

1145 Commits

Author SHA1 Message Date
Michael Brown
d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood
20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
Robin Ward
d11c462104 SECURITY: ERB execution in custom Email Style 2020-05-21 14:48:30 -04:00
Joffrey JAFFEUX
7b6fbe9af2
FIX: adds missing tags to published page header (#9835) 2020-05-21 11:04:23 +02:00
Jordan Vidrine
8e7efb48ae
FIX: Update default_template.html 2020-05-20 10:39:04 -05:00
Kris
864fb45ff0 Improve mobile friendliness of crawler view 2020-05-19 00:24:17 -04:00
Dan Ungureanu
321879a619
FIX: Load locale first in wizard app 2020-05-14 11:48:55 +03:00
Dan Ungureanu
b80128a973
FEATURE: Add structured data to follow Google's guidelines (#9764)
All Schema.org properties are optional, but Google has a set of
properties which are required.
2020-05-14 10:42:01 +03:00
Dan Ungureanu
141f16eb6b
FIX: Multiple schema.org improvements
* Do not show "Uncategorized" category in topics list.
* Use "BreadcrumbList" only if topic is in a category.
* Add tags list as keywords to the first post.
* Add "dateModified" even if it is the same with "datePublished".
* Show "crawler-linkback-list" only if there are links to be shown.
2020-05-11 20:38:49 +03:00
Joffrey JAFFEUX
addf9d62f8
FIX: prevents rendering topic-category if empty (#9720) 2020-05-11 17:45:28 +03:00
Sam Saffron
bb4e8899c4
FEATURE: let Google index pages so it can remove them
Google insists on indexing pages so it can figure out if they
can be removed from the index.

see: https://support.google.com/webmasters/answer/6332384?hl=en

This change ensures the we have special behavior for Googlebot
where we allow indexing, but block the actual indexing via
X-Robots-Tag
2020-05-11 12:15:18 +10:00
Robin Ward
69ef0da4c2 FIX: preload-store was removed 2020-05-07 11:00:47 -04:00
Dan Ungureanu
1019789d1a
FIX: Resolve Schema.org validation issues 2020-05-05 16:57:16 +03:00
Penar Musaraj
5706cab897
FIX: Improve digest email styling on Outlook 2016 (#9626) 2020-05-04 14:07:03 -04:00
Dan Ungureanu
fe51f7a863
FEATURE: More improvements to crawler and old browsers view
Related to c85018cdfd.
2020-04-30 12:07:51 +03:00
Dan Ungureanu
c85018cdfd
Improve support for old browsers (#9515)
* FEATURE: Improve crawler view

* FIX: Make lazyYT crawler-friendly

* DEV: Rename discourse-internet-explorer to discourse-unsupported-browser

* DEV: Detect more unsupported browsers

Follow-up to 4eebbd2212.

* FIX: Hide browser update notice in print view
2020-04-29 21:40:21 +03:00
Joffrey JAFFEUX
a6f986b50f
FEATURE: allows to to style published page with themes/plugins (#9570) 2020-04-28 18:24:24 +02:00
Roman Rizzi
7a2e8d3ead
DEV: Add the missing app subdirectory (#9499)
* DEV: Add missing  directory to the Discourse ember app

* DEV: Resolve imports correctly
2020-04-23 10:07:54 -03:00
Sam Saffron
ee36382640
FEATURE: improve rendering of RSS feeds
- Eliminate superfluous "author wrote" block
- Eliminate block-quote for all posts
- Move participant count and reply count to 1 line
- Prioritize name over username if forum requests
- Use fabrication in list controller spec to speed up spec
2020-04-20 16:08:24 +10:00
tshenry
a10c36994b
UX: Improve published page avatar resolution (#9405) 2020-04-13 08:57:27 -07:00
Kris
14467757df UX: Adjust noscript footer nav 2020-04-08 17:29:13 -04:00
Dan Ungureanu
73d71e3fee
FEATURE: Show noscript view to unsupported browsers (#9373) 2020-04-08 20:24:18 +03:00
Robin Ward
e1f8014acd
FEATURE: Support for publishing topics as pages (#9364)
If the feature is enabled, staff members can construct a URL and publish a
topic for others to browse without the regular Discourse chrome.

This is useful if you want to use Discourse like a CMS and publish
topics as articles, which can then be embedded into other systems.
2020-04-08 12:52:36 -04:00
Kane York
ed95a6005b FEATURE: screenreader landmarks for main, suggested topics
In order to avoid a boatload of attributeBindings, I moved the root
element of the suggested-topics component into the template. Also,
autoformat their hbs files.

Testing info: https://www.scottohara.me/blog/2018/03/03/landmarks.html#using-screen-readers-to-navigate-landmarks

Additionally, flag modals with aria-modal=true to avoid the screenreader
accidentally escaping the modal. There's no need to ever toggle the
attribute to false, because we display:none the modal root when it's
closed.
2020-04-07 15:42:03 -07:00
Mark VanLandingham
c721bdb300
DEV: Add build_plugin_html to wizard head (#9293) 2020-03-27 10:02:48 -05:00
Jeff Wong
3189dab622 FIX: correctly remove authentication_data cookie on oauth login flow
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-21 14:34:25 -07:00
Jeff Wong
4ecc0a25ae Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)"
This reverts commit beaeb0c4b2.
2020-03-20 14:37:55 -07:00
Jeff Wong
beaeb0c4b2
FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)
Attempt 2, with more test.

Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:

Setting the cookie for the correct path, and not having it on root
Correctly removing the cookie on first login
2020-03-20 14:03:38 -07:00
Robin Ward
0d3386d255 Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238)"
This reverts commit a1f9b1a7fc.

This might have caused a problem with social logins. We are confirming
via this revert and will follow up.
2020-03-20 15:25:10 -04:00
David Taylor
22d5ba0f77
DEV: Load plugin stylesheets before theme stylesheets (#9240)
This is a more logical order, since themes are more lightweight than plugins, and are often used to augment plugin styles
2020-03-19 16:02:12 +00:00
Jeff Wong
a1f9b1a7fc
FIX: correctly remove authentication_data cookie on oauth login flow (#9238)
Additionally correctly handle cookie path for authentication_data

There were two bugs that exposed an interesting case where two discourse
instances hosted across two subfolder installs in the same domain
with oauth may clash and cause strange redirection on first login:

Log in to example.com/forum1. authentication_data cookie is set with path /
On the first redirection, the current authentication_data cookie is not unset.
Log in to example.com/forum2. In this case, the authentication_data cookie
is already set from forum1 - the initial page load will incorrectly redirect
the user to the redirect URL from the already-stored cookie, to /forum1.

This removes this issue by:
* Setting the cookie for the correct path, and not having it on root
* Correctly removing the cookie on first login
2020-03-19 09:00:46 -07:00
Rafael dos Santos Silva
8ae472bc41 FEATURE: Google Calendar doesn't support URL in iCalendar, add fallback description 2020-03-18 17:51:16 -03:00
Rafael dos Santos Silva
d6838608ff FEATURE: iCalendar feed for Bookmark reminders 2020-03-18 17:51:16 -03:00
David Taylor
3d71b68195
DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
Robin Ward
a3f0543f99
Support for transpiling .js files (#9160)
* Remove some `.es6` from comments where it does not matter

* Use a post processor for transpilation

This will allow us to eventually use the directory structure to
transpile rather than the extension.

* FIX: Some errors and clean up in confirm-new-email

It would throw an error if the webauthn element wasn't present.
Also I changed things so that no-module is not explicitly
referenced.

* Remove `no-module`

Instead we allow a magic comment: `// discourse-skip-module` to prevent
the asset pipeline from creating a module.

* DEV: Enable babel transpilation based on directory

If it's in `app/assets/javascripts/dicourse` it will be transpiled
even without the `.es6` extension.

* REFACTOR: Remove Tilt/ES6ModuleTranspiler
2020-03-11 09:43:55 -04:00
Dan Ungureanu
5905930c32
FIX: Sync Ember and non-Ember layouts (#9028) 2020-02-25 15:31:04 +02:00
Arpit Jalan
7b92280b97 UX: use same styling for username and user-name 2020-02-20 17:51:37 +05:30
Arpit Jalan
f36719c1f5 FIX: respect prioritize_username_in_ux setting in email
UX: only the first attribute should be hyperlinked
UX: add margin based on attribute position
2020-02-20 17:47:16 +05:30
Kris
e6e5ce3c54 FIX: Don't use theme colors for digest unsubscribe footer links 2020-02-11 15:52:38 -05:00
Régis Hanol
96b64df4d4 FIX: use schema.org's BreadcrumList
The data-vocabulary.org schema is being deprecated.
We're now using the BreadcrumList data from the latest and greatest schema.org.

FIX: categories_breadcrumb helper to support more than 2 levels of categories.
2020-01-21 22:27:21 +01:00
Dan Ungureanu
89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
David Taylor
84a2aae77f
FIX: Allow the app to generate and accept longer backup codes (#8761)
- Increase size of textarea when displaying generated codes
- Adjust maxlength of input field in JS UI
- Adjust maxlength of input field in no_ember UI

Follow-up to bff9880d63
2020-01-21 14:28:31 +00:00
Martin Brennan
66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Martin Brennan
9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
David Taylor
cf60de59b1 FIX: Allow omniauth confirmation page to pass through GET parameters
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
Sam Saffron
b57e108e84 FEATURE: improve email change workflow
- Show old and new email address during the process
- Ensure correct user is logged on when attempting to make email changes
- Support reloading a page during the email reset process without resubmit
of form
- Improve tests
- Fixed issue where redirect back to site was not linking correctly in
subfolder setups

Internal refactor of single action into 4 distinct actions that are simpler
to reason about.

This also removes the step that logs on an account after you confirm an
email change, since it is no longer needed which leaves us with safer
internals.

This left me no choice but to amend translations cause the old route was
removed.
2019-11-21 16:28:35 +11:00
Blake Erickson
3b16eb7abb FIX: Confirm new email with backup codes enabled
This is a fix for this bug:

https://meta.discourse.org/t/-/133185?u=blake

where rails would throw a missing template error when trying to confirm
a new email address when you had two factor backup codes enabled.

Apparently this feature broke during this commit:

68d35b14f4

when a partial that contained a lot of javascript was removed most
likely because it didn't comply with our Content Security Policy, so as
a fix I rewrote the previous js functionality without using any
javascript and then added a spec to verify that the correct backup code
form is displayed when that page is loaded.
2019-11-14 16:27:42 -07:00
Arpit Jalan
b869ef8a76 FIX: add <img> alt attribute for Summary emails 2019-11-06 15:26:46 +05:30
Gerhard Schlager
61b1f9c36b FEATURE: Load translation overrides without JS eval 2019-11-05 19:16:38 +01:00
Arpit Jalan
b7327d2c34 UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
Mark VanLandingham
66e0bdc053
FEATURE: Create New Topic button on embed with params (#8280)
* FEATURE: Create New Topic button on embed with params
2019-11-01 14:19:10 -05:00
Neil Lalonde
4935c9f1f8 DEV: replace inline RTL attributes with classes in digest.html.erb 2019-10-28 16:36:55 -04:00
Kris
67ad8fbd1b minor button styling for admin login 2019-10-22 16:45:23 -04:00
Kris
d6118c8bc8 Add digest email template classes for popular post section 2019-10-16 11:22:33 -04:00
Kris
1c4baadc49 UX: Wrap digest email footer in a table for better alignment options 2019-10-16 10:39:40 -04:00
Kris
645faa847b Follow up fix to c71da3f, class was defined twice 2019-10-15 20:12:50 -04:00
Kris
50b618dd44 UX: Add CSS classes to digest email template to allow for easier styling 2019-10-15 16:21:55 -04:00
Arpit Jalan
815edf6f4d FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
Dan Ungureanu
fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
David Taylor
d2bceff133
FEATURE: Use full page redirection for all external auth methods (#8092)
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.

For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Martin Brennan
68d35b14f4 FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099)
Adds 2 factor authentication method via second factor security keys over [web authn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).

Allows a user to authenticate a second factor on login, login-via-email, admin-login, and change password routes. Adds registration area within existing user second factor preferences to register multiple security keys. Supports both external (yubikey) and built-in (macOS/android fingerprint readers).
2019-10-01 19:08:41 -07:00
Jarek Radosz
d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
David Taylor
3da9b99dbf FIX: Live reload plugin stylesheets when the color scheme changes 2019-09-17 09:54:55 +01:00
Penar Musaraj
8f601d5025 UI: Add viewport meta tag to embedded topics layout 2019-09-12 14:14:32 -04:00
Krzysztof Kotlarek
32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Arpit Jalan
972c1acef8 DEV: better class names for Flexbox 2019-09-09 21:33:53 +05:30
Arpit Jalan
103629d257 UX: better user image for embed/topics 2019-09-06 06:23:07 +05:30
Arpit Jalan
d78ed3159d FEATURE: add topic creator username on topic list embed 2019-09-05 22:43:38 +05:30
Arpit Jalan
a5c28f56d1 UX: use Flexbox for topic list embed 2019-09-04 20:22:57 +05:30
Arpit Jalan
111ae95cbc
FEATURE: embed topic with detailed metadata (#8062) 2019-09-02 19:55:44 +05:30
Sam Saffron
ac7d68a745 FIX: in case of orphan user records skip badge
There are rare cases where orphan user records can exist, skip badges
2019-08-30 17:21:34 +10:00
Arpit Jalan
b63d476ee9 UX: convert embedded topic list HTML structure from table to div 2019-08-29 22:23:52 +05:30
Penar Musaraj
0f67350764 FIX: only use app argument for official iOS app banner
When showing the native app banner, we include an app argument to automatically add the current site to the official DiscourseHub app. However, the app id can be changed via a hidden site setting, and when changed, that argument is no longer useful. This ensures the argument is only included for the official iOS app banner.
2019-08-27 10:23:57 -04:00
Vinoth Kannan
41f22946c3 FIX: properly load desktop and mobile only plugin css assets.
5bd6b70d98
2019-08-22 08:39:10 +05:30
Vinoth Kannan
5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
David Taylor
213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
David Taylor
6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
David Taylor
3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
David Taylor
7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Neil Lalonde
4b9d35cd0e FEATURE: add option to always send excerpts in emails
Enable the new setting "post excerpts in emails" to send excerpts
instead of complete posts in notification emails. Control the length of
excerpts with the "post excerpt maxlength" setting.
2019-08-06 12:45:28 -04:00
Neil Lalonde
43365a2bf1 Fix some broken styles 2019-07-30 16:46:20 -04:00
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Joe
340173eb12 DEV: consistent theme lookup in application / crawler / no-ember views (#7955)
* removes `raw` helpers

* include theme footer in the crawler view

* include theme body tag content in no-ember pages
2019-07-30 19:00:46 +02:00
Sam Saffron
5feb342914 Revert "FEATURE: add Noindex to robots.txt for disallowed routes"
This reverts commit d84256a876.

This is not supported by Google and causes robots.txt to be flagged as
invalid

Removing Noindex
2019-07-30 11:33:38 +10:00
Saurabh Patel
08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Gerhard Schlager
2ecc613c5d FIX: URL encode usernames in user profile links in RSS feeds
user_url() failed for usernames containing Unicode characters because it expects URL encoded usernames. RSS feeds do not support IRIs, so lets convert them to URIs by encoding the usernames.
2019-07-18 23:18:23 +02:00
Vinoth Kannan
839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Neil Lalonde
6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Arpit Jalan
324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
Joffrey JAFFEUX
dfde59f631
FIX: provides an emoji helper to replace codes by images (#7802) 2019-06-26 15:11:04 +02:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Sam Saffron
a0474a0774 FIX: always take the first post in the RSS fee
`.posts.first` may be the first post and may not, depending on luck

Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Saurabh Patel
b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Vinoth Kannan
f9f12ed221 PERF: fix N+1 queries for non-JS topic view. 2019-06-03 21:47:33 +05:30
Régis Hanol
f6ced0a78a Remove unused & empty author meta tag 2019-06-03 12:00:14 +02:00
David Taylor
7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Kris
98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Arpit Jalan
553ffbfcb5 FEATURE: add OpenGraph data to /login page 2019-05-23 07:03:01 +05:30
Gerhard Schlager
58f72cd439 Remove duplicate translations 2019-05-22 16:15:22 +02:00
Osama Sayegh
14bae6d52d Make email_excerpt method take an optional post param (#7570)
The spoiler alert plugin replaces spoiler text found in email excerpts with posts URL, which means it needs to have a reference to the post it's processing.

This change makes `email_excerpt` accepts an optional post param, which calls `PrettyText.format_for_email` which then triggers the `reduce_cooked` event that the plugin subscribes to.
2019-05-20 10:04:23 +02:00
Saurabh Patel
e20f13ebb7 fix css of prev and next page links, move them to bottom of page (#7465)
Thanks 👍
2019-05-07 17:04:27 +02:00
Penar Musaraj
5e546ba7d1 Standardize viewport rules for mobile and desktop
Also removes`maximum-scale` on non-mobile devices, better for accessibility.
2019-05-06 10:28:29 -04:00
Sam Saffron
1be01f8dd4 DEV: Add support for Rails 6
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
2019-05-02 16:23:25 +10:00
Saurabh Patel
d4bec7fdfb use description_text instead of description to show correct sanitized description (#7420) 2019-04-24 16:33:58 +10:00
Bianca Nenciu
1867f2dda0
FEATURE: Always track clicks using AJAX. (#7373) 2019-04-23 12:41:36 +03:00
Saurabh Patel
3658be42f5 FIX: remove like_count and <hr> tag from post crawler layout (#7413)
* show likes value in crawler view if count is > 0

* remove <hr> since horizontal line is already provided by css - this removes one of 2 horizontal lines in post crawler view
2019-04-23 15:35:57 +10:00
Robin Ward
a8e3ac90a0 FIX: nil error in list, incorrect count in reviewable pending 2019-04-22 12:18:57 -04:00
Saurabh Patel
3f9ec197e7 FIX: use last_activity_date instead of created_at for crawler view 2019-04-22 11:38:48 -04:00
Penar Musaraj
7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Roman Rizzi
12a5c69abd
FEATURE: Allow users to tone down digest emails (#7353)
* FEATURE: Allow user to tone down email digest insteand of only unsubscribing

* Reordered options and select the next slowest frequency by default
2019-04-17 12:14:40 -03:00
Penar Musaraj
eae22548de
Footer navigation for iOS PWAs and DiscourseHub app (#7347) 2019-04-10 12:23:18 -04:00
Saurabh Patel
9b288613ae DEV: remove span from inside <tr> and move meta info to a td (#7324) 2019-04-05 09:32:11 +02:00
Saurabh Patel
90fc2d15c4 FEATURE: change layout when default page is category to tabular for _… (#7270) 2019-04-04 15:57:18 +02:00
Saurabh Patel
da2f659635 UX: Improve posts layout for crawler (#7286) 2019-04-03 11:58:00 +02:00
Robin Ward
76669bb5a6 FIX: Don't refer to pending review items as flags
They could be queued posts or users, and the notice should reflect that
properly.
2019-04-01 14:46:56 -04:00
Penar Musaraj
fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Saurabh Patel
4a47ec791f * FEATURE: change layout of escaped_fragment_ topic page to table one like live discourse (#7250) 2019-03-27 21:32:56 +01:00
Rafael dos Santos Silva
8ce20090f7 FEATURE: Allow users to fetch a customized manifest on PWA install
This will allow users installing a Discourse PWA to use their active
theme colors on the generated app. Thanks for @mgiuca for the tip.

Also makes the share_target config explicit to silence Chrome warnings
2019-03-15 17:10:05 -03:00
Jeff Wong
b0d93a38e8 FEATURE: Add plugin html hook to insert html before any other scripts 2019-03-05 10:41:16 -08:00
Arpit Jalan
ad5f5b931d DEV: deprecate blank files for static modal pages 2019-03-04 15:05:33 +05:30
Arpit Jalan
01e2180548 FIX: /signup and /password-reset direct links were broken 2019-03-04 09:02:22 +05:30
Joffrey JAFFEUX
900e187627
DEV: removing blank files (#7057) 2019-02-25 09:52:44 +01:00
Dan Ungureanu
90ce448675 PERF: Cache build_not_found_page 2019-02-12 21:20:33 +11:00
Vinoth Kannan
e0c16d3a8a minor refactoring to improve code readability 2019-02-11 17:24:02 +05:30
Vinoth Kannan
2c12336c6b FIX: Display post updated date in non-JS view for crawler 2019-02-11 16:48:22 +05:30
Vinoth Kannan
3d52f690b3 UX: Add post action text in non-JS topic view 2019-01-28 22:51:06 +05:30
Joffrey JAFFEUX
096a81158a
FIX: siteNavigationElement was reversed (#6934) 2019-01-23 15:47:39 +01:00
David Taylor
880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Arpit Jalan
93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor
49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
Saurabh Patel
a52baf4b28 FEAT: use category logo image as meta image (#6865) 2019-01-10 09:33:13 +08:00
cfitz
19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Guo Xiang Tan
ffdacba219 Remove extra apple-touch-icon link in head.
The sizes attribute does not make a difference because both
image provided is of the same size.
2018-11-29 15:24:52 +08:00
Arpit Jalan
654d7996ae FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30
Arpit Jalan
bdb1268528 FIX: static page title should be consistent on client side and server side 2018-11-27 22:03:52 +05:30
Maja Komel
a0fca2b6ed FIX: popular posts font weight in summary email 2018-11-27 12:58:28 +01:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Guo Xiang Tan
0972516abe FIX: Incorrect "rel" used for apple icons in <head>.
Nothing on the web I can find suggests that this should have been `rel=icon`.
See https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
2018-11-26 10:40:09 +08:00
Joe
336436dfb4
UX: better handling of logo size 2018-11-23 22:04:42 +08:00
Joe
e2214b50f3
UX: add height attribute to logo on error pages
This matches what we do in the home-logo widget. The height is set as an attribute and we use CSS to get a scaled width that preserves the aspect ratio of the image.
2018-11-23 15:04:34 +08:00
Kyle Zhao
80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao
5f754b43f1
extract inline onpopstate handler on 404 page (#6613) 2018-11-15 13:35:38 -05:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Joe
7707e42441 DEV: moves print-specific styles from internal style tag to external print sheet (#6581)
* DEV: removes internal styles from print view

* DEV: adds styles to print sheet
2018-11-13 14:45:55 +11:00