Commit Graph

58 Commits

Author SHA1 Message Date
Robin Ward
cdbe027c1c Refactor FileHelper to use keyword arguments. 2017-05-24 13:54:26 -04:00
Sam Saffron
0013a23dc1 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:01:42 -04:00
Sam Saffron
b94c7b4902 missing disposition 2017-03-20 17:07:32 -04:00
Sam
652b2d7199 remove redundent header setting 2017-03-20 16:08:18 -04:00
Sam
c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Arpit Jalan
801b5838e1 FIX: do not show faq/guidelines page to anonymous users for private forums 2017-03-08 16:00:49 +05:30
Sam Saffron
3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam
98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Sam
dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Sam
8a98d617df correct headers and add better caching 2016-12-05 15:11:07 +11:00
Sam
39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Neil Lalonde
56e47c8d7e FEATURE: report on admin dashboard when favicon is failing to load 2016-04-05 14:42:32 -04:00
Guo Xiang Tan
62011a252f FIX: Follow redirects when downloading favicons. 2016-02-25 11:50:34 +08:00
Neil Lalonde
9ad226aaa8 FEATURE: add email query param to login, signup, and password-reset URLs to prefill form 2016-01-19 16:53:46 -05:00
Sam Saffron
00342faff9 FIX: use default favicon if a bad favicon is specified 2015-12-22 18:08:27 +11:00
Arpit Jalan
362c515f33 FEATURE: compose a new pre-filled message via URL 2015-11-24 18:55:45 +05:30
Sam
c70bb0c032 we got to clean up js debugging, its busting caching. 2015-11-22 01:20:39 +11:00
Sam
4e37bcc3e2 Add extra safety 2015-08-25 12:05:15 +10:00
Sam
2c59ad3dd3 FIX: favicon update broken when favicon lived on a CDN 2015-08-25 11:54:23 +10:00
Arpit Jalan
d1632c1dbd FIX: new-topic URL should survive login redirection 2015-06-14 20:24:47 +05:30
Sam Saffron
9787cb07aa FIX: when missing a static topic we were returning an error 2015-06-01 11:40:52 +10:00
Sam
f5af4768eb FEATURE: add clean support for running Discourse in a subfolder
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam
6c09b6739d BUG: minor, do not send access origin if not set 2015-02-17 09:58:43 +11:00
Robin Ward
572842721d FIX: Better page titles for SEO 2014-10-30 14:26:56 -04:00
Robin Ward
316f1bea04 SECURITY: Don't allow redirects with periods in case you don't control
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
Régis Hanol
de415b804c FIX: add 'Content-Length' header for avatars 2014-10-22 15:39:51 +02:00
Sam
832655df14 attempt to get content length through 2014-10-21 16:17:13 +11:00
Sam
4e7057efb1 Clean up content type and add Expires header when serving CDN assets 2014-10-21 15:59:34 +11:00
Sam
8efee0d03d don't use Markdown 2014-10-18 17:17:38 +11:00
Sam
742c5e29c9 FEATURE: advanced search help 2014-10-18 14:27:33 +11:00
Robin Ward
85c6eb9b08 SECURITY: Only redirect to our host by path on the login action 2014-08-28 17:45:13 -04:00
Sam
03c8f09be8 PERF: finalize porting to new incoming links structure 2014-08-04 16:43:57 +10:00
Régis Hanol
3d6e2713d1 BUGFIX: login was broken when login was required 2014-07-26 23:16:08 +02:00
Neil Lalonde
5a33e6f00c Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-25 14:41:20 -04:00
Sam
40af9ce612 FIX: do not store incoming links on avatars or uploads 2014-07-25 15:10:06 +10:00
Neil Lalonde
e565ae2528 FEATURE: /guidelines route will always show our FAQ, ignoring the faq_url site setting 2014-07-10 12:58:41 -04:00
Sam
27f85e5451 FIX: allow for subdirectorys for cdn assets 2014-07-10 17:29:38 +10:00
Sam
6019e3f257 FIX: remove hardcoding from middleware stack so we can control it 2014-07-10 17:01:21 +10:00
Sam
5032c96486 FIX: disable x accl redirect for CDN assets
We need to keep headers in tact
2014-07-10 16:32:46 +10:00
Sam
efd6bf1490 FIX: set last modified date on CDN assets 2014-07-08 14:48:20 +10:00
Sam
832a730e36 BUGFIX: re-enable CDN js debugging in a robust way
May be disabled if needed via site setting
2014-05-19 08:46:28 +10:00
Neil Lalonde
ce5ebc3eb5 On sites with login_required enabled, after signup, don't show the /login page again 2013-10-30 16:37:36 -04:00
Neil Lalonde
89265c3a8b FIX: BAD CSRF on login. Don't check csrf in the fake login form since it doesn't actually do anything. 2013-08-27 11:31:14 -04:00
Sam
06bd9e3234 allow login required screen to be customized 2013-07-16 20:49:04 +10:00
Stephan Kaag
e39cc464b1 Refactor routes in order to be compatible with Rails 4 2013-07-01 20:00:06 +02:00
Sam
9fd00cac65 work in progress, add custom faq link, ember router needs to know about this or the redirect trick will not work 2013-06-27 17:15:59 +10:00
Neil Lalonde
eea00afb80 tos and privacy urls redirect based on site settings 2013-06-18 10:52:04 -04:00
Chris Hunt
978785720a Redirect to root after login if no path provided
If we do not do this, then people that login from /login will just be
redirected back to the login page. We'd rather have them see the root
path.
2013-06-04 16:10:10 -07:00