Commit Graph

7296 Commits

Author SHA1 Message Date
Bianca Nenciu
275b748016
FIX: Replace links to removed uploads from reviewables with a placeholder (#10180) 2020-07-10 17:57:06 +03:00
Dan Ungureanu
c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
Rafael dos Santos Silva
e866e3d609
FEATURE: Add global rate limit for anon searches (#10208) 2020-07-10 09:08:34 +10:00
Guo Xiang Tan
d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan
31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan
fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan
f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Kris
66257ca8b6 FEATURE: Add "smallest" option to user text size preferences 2020-07-07 13:08:19 -04:00
Bianca Nenciu
6705c45156
FEATURE: Add reply_as_new_group_message composer action (#10168) 2020-07-07 18:30:48 +03:00
Joffrey JAFFEUX
56475f57c5
UX: simplifies editing email templates by always having a default (#10179) 2020-07-07 11:44:13 +02:00
Daniel Waterworth
1bd8a075d8 FIX: Make Email::Styles operate on html documents instead of fragments
`Nokogiri::HTML.fragment` is a huge hack (a comment in the source code
admits this). The current behavior of `Email::Styles` is to try to
emulate `fragment` using nokogumbo, but it misses some edge cases. In
particular, meta tags in a email template don't make it through to the
final email.

Instead of treating the provided HTML as an indeterminate fragment, this
commit makes `Email::Styles` treat the HTML as a complete document. This
means that the generated HTML for an email will now always contain top
level structure (a doctype, html, head and body tags).

This new behavior is behind a hidden site setting for now and defaults
off.
2020-07-06 11:45:39 +01:00
David Taylor
5284d41a8e
FEATURE: Optionally skip the create account popup for external auth 2020-07-06 10:18:57 +01:00
David Taylor
977766e7a8
FEATURE: sso_overrides_(email|username|name) for all auth methods
These settings previously applied only to discourse-sso. Now they work for all external authentication methods.
2020-07-06 10:18:45 +01:00
Sam Saffron
199a53e936
UX: suppress "in reply to" section in emails by default
Previously we would include this section, unfortunately

1. It is usually elided in gmail
2. It can make the emails longer and more confusing
3. Omission is a feature, it means people need to visit site to get context
2020-07-06 10:40:04 +10:00
Guo Xiang Tan
af52df2d96
DEV: Add hidden site setting for PG search ranking normalization. 2020-07-02 14:11:18 +08:00
Guo Xiang Tan
82964265cc
DEV: Remove logster current context config.
Multisite middleware sits at the top of the middleware stack.
2020-07-01 11:44:22 +08:00
Mark VanLandingham
cd5cfc1496
FEATURE: Site setting to always show category definitions (#10124) 2020-06-29 13:22:02 -05:00
Guo Xiang Tan
2c4c953bf8
DEV: Avoid logging errors on bad Redis connection during PG failover. 2020-06-29 11:54:55 +08:00
Sam Saffron
88459e08c9
FEATURE: allow disabling of extra term injection in search
There is a feature in search where we take over from the tokenizer
in postgres and attempt to inject more words into search.

So for example: sam.i.am will inject the words i and am.

This is not ideal cause there are many edge cases and this can
cause extreme index bloat.

This is an opening move commit to make it configurable, over the
next few weeks we will evaluate and decide if we disable this by
default or simply remove.
2020-06-25 13:36:52 +10:00
Guo Xiang Tan
42a6c8a85f
DEV: Rescue from ActiveRecord::Readonly error in lograge. 2020-06-25 10:25:28 +08:00
Neil Lalonde
8e07ee7e36
Update translations
Carefully because permalink.external_url is untranslated in many
locales due to a recent change in client.en.yml in 516a03be09.
2020-06-24 10:47:45 -04:00
Guo Xiang Tan
27b2e335ef
DEV: Retry on distributed mutex timeout error when starting sidekiq.
We need Sidekiq to start `mini_scheduler` no matter what. Timeouts
happen when trying to boot an app with Redis in readonly mode.
2020-06-23 15:43:28 +08:00
Bianca Nenciu
68f767a557
FEATURE: Check if selectable avatars exist before enabling them (#10032) 2020-06-22 16:58:26 +03:00
Bianca Nenciu
685646540a
FIX: Hide PM tags if the site setting is disabled (#10089)
* FIX: Hide PM tags if the site setting is disabled

* Apply code suggestions
2020-06-22 16:48:24 +03:00
Guo Xiang Tan
3370ef188e
FEATURE: Remove deprecated uploads url site settings.
The site settings have been replaced with direct image upload since
Discourse 2.3.
2020-06-22 14:32:29 +08:00
Martin Brennan
516a03be09
FIX: Improve admin permalink UX (#10101)
The admin permalink list was a little tricky to use because the URLs are easily reduced with a ... if they are too long. This adds a copy to clipboard button for the URL and a title on hover so the full text of the URL can be seen.
2020-06-22 13:14:16 +10:00
Gerhard Schlager
390dc5c7a9 Update translations 2020-06-21 11:58:21 +02:00
Robin Ward
4a2871f7f6
FEATURE: Don't display muted/ignored users under "who liked" (#10084)
* FEATURE: Don't display muted/ignored users under "who liked"

Previously, if you clicked on the heart icon below a post
it would show you the avatar for a user even if you ignored or muted
them.

This commit will instead display a (?) icon. The count of likes will
remain correct, but you needn't be reminded of the person you
preferred not to see.

* Use a circle instead of (?) for unknown user
2020-06-19 10:44:21 -04:00
Robin Ward
494a27dc27 FIX: A much nicer error message if you can't ignore/mute a user 2020-06-18 13:41:27 -04:00
Patrick Schleizer
2d63d7d05e
make unix domain sockets listening example match web.socketed.template.yml (#10060) 2020-06-18 11:30:08 -04:00
Bernhard Suttner
e31471585a
DEV: allow to have duplicate topic titles if categegory is different (#10034)
Co-authored-by: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-06-18 11:19:47 -04:00
Jeff Atwood
978aba632e minor copyedit on site setting description 2020-06-17 14:13:52 -07:00
David Taylor
159fc41f40
FIX: Restore missing translation keys
These were accidentally removed/renamed in 5bfe1ee4
2020-06-17 14:24:22 +01:00
Joffrey JAFFEUX
9da3a7f436
FEATURE: allows published pages to be public (#10053) 2020-06-17 12:42:20 +02:00
Samuel Carvalho Santos
ce37561e10
UX: Improve revert label in post history modal (#10038) 2020-06-16 11:31:25 -04:00
Jeff Atwood
2bbb870b11 copyedit on push icon help text 2020-06-15 22:43:55 -07:00
Guo Xiang Tan
def4cd33ea
DEV: Disable Redis warnings. 2020-06-16 12:53:04 +08:00
Guo Xiang Tan
c611f3703c
DEV: Don't use logster when logging in Redis failover. 2020-06-16 11:53:52 +08:00
Guo Xiang Tan
b08a0d15c4
DEV: Fix undefined method due to rails_failover. 2020-06-16 11:03:57 +08:00
Guo Xiang Tan
092ae858af
DEV: Bump rails_failover.
Avoid configuring AR stuff if `replica_host` and `replica_port` hasn't
been provided.
2020-06-16 10:51:21 +08:00
Guo Xiang Tan
402b80f306
DEV: Make rails_failover compatible with SKIP_DB_AND_REDIS env. 2020-06-15 16:23:24 +08:00
Guo Xiang Tan
e0d798c06c
DEV: Fix undefined method. 2020-06-15 16:04:41 +08:00
Guo Xiang Tan
f38438c6de
DEV: Don't configure rails_failover is db and redis is skipped take 2 2020-06-15 16:02:30 +08:00
Guo Xiang Tan
e0fdf41537
DEV: Don't configure rails_failover is db and redis is skipped. 2020-06-15 15:56:57 +08:00
Guo Xiang Tan
58e52c0e4f
DEV: Use rails_failover gem for ActiveRecord and Redis failover handling 2020-06-15 15:47:07 +08:00
Guo Xiang Tan
d8cd912769
DEV: Switch to db config to disable advisory locks. 2020-06-15 14:33:41 +08:00
Martin Brennan
35a157619a
FEATURE: Add "Now" as an option (default hidden) to the future date input selector (#10047)
Sometimes you need to schedule things from now onward. "Now" in this case is now + 1 minute. this option is hidden by default.
2020-06-15 14:06:03 +10:00
Guo Xiang Tan
0ff86b00cb
DEV: Upgrade Redis to 4.2.1. 2020-06-15 10:05:22 +08:00
Gerhard Schlager
36a3675e0a Update translations 2020-06-14 23:39:33 +02:00
Guo Xiang Tan
c9964b95ce
DEV: Increase log level for /srv/status route.
This reduces the amount of noise in our logs.
2020-06-12 12:17:28 +08:00
Guo Xiang Tan
78b5ab746c
DEV: No longer need to clear anon cache when toggling readonly mode. 2020-06-12 09:58:17 +08:00
Guo Xiang Tan
dc4071dfef
DEV: Use Rails.logger instead of logster for rails_failover callbacks
`Discourse.warn_exception` logs to logger by default but it means we
lose all the backtrace when the logs are written to the log file.
2020-06-11 17:24:32 +08:00
Guo Xiang Tan
b66f2187f1
DEV: Don't use logstash for unicorn if ENV is blank. 2020-06-11 15:58:18 +08:00
Guo Xiang Tan
1411b095eb
DEV: Rescue errors when runngin AR failover/fallback callbacks. 2020-06-11 13:02:42 +08:00
Guo Xiang Tan
34ee1f2e71
DEV: Fix undefined method in rails_failover initializer. 2020-06-11 12:30:01 +08:00
Guo Xiang Tan
cbb4ea1ea8
DEV: Don't blow up request redis can't be reached during failover. 2020-06-11 11:41:06 +08:00
Dan Ungureanu
5bfe1ee4f1
FEATURE: Improve UX support for multiple email addresses (#9691) 2020-06-10 19:11:49 +03:00
Neil Lalonde
65dd8e2fa2
Update translations 2020-06-10 12:01:02 -04:00
Dan Ungureanu
3a7ca97c36
FIX: Use include-subcategories filter in report export (#10007)
Some filters were renamed and the conversion of the filter names and arguments
was removed.
2020-06-10 18:57:39 +03:00
Vinoth Kannan
3ff3e6dc10 minor copyedit on category setting options.
`default_list_filter`

3e7f7fdde8
2020-06-10 16:03:57 +05:30
Guo Xiang Tan
a3dfd553a1
Revert "Bump redis to 4.2.0."
This reverts commit 98bc28cea2.
2020-06-10 14:52:05 +08:00
Guo Xiang Tan
98bc28cea2
Bump redis to 4.2.0. 2020-06-10 14:28:56 +08:00
Guo Xiang Tan
2ce829cc01
DEV: Allow multisite apps to boot with reading connection handler. 2020-06-10 14:18:29 +08:00
Sam Saffron
7589551d68
PERF: enable bootsnap globally
If people wish to opt out they can use `DISABLE_BOOTSNAP = 1`

Bootsnap is production ready and was tested on our production
servers for safety.

Promoting it now so it is enabled globally.

Will result in faster application boot
2020-06-10 12:20:17 +10:00
Jeff Atwood
7e1c93326f copyedit: make it more clear PMs are blocked by ignore and mute 2020-06-09 18:56:30 -07:00
Arpit Jalan
3094459cd9
FEATURE: multiple use invite links (#9813) 2020-06-09 20:49:32 +05:30
Guo Xiang Tan
a1c13eb3c6
DEV: Redis failover should only clear redis recently readonly. 2020-06-09 16:36:31 +08:00
Kane York
9b050f2822
FIX: Enforce maximum of 100 years on all site settings counted in days (#9991) 2020-06-09 12:48:51 +10:00
Gerhard Schlager
0bf753a739 DEV: Remove unused routes 2020-06-08 10:26:29 +02:00
Guo Xiang Tan
f6628e4f43
DEV: Disable messageBus keepalive when Redis fails over. 2020-06-08 12:33:08 +08:00
OsamaSayegh
985900818f DEV: Fix indentation for routes.rb 2020-06-05 05:49:31 +03:00
Guo Xiang Tan
320b1e95bf
DEV: Silence all freedom patches trace in verbose query logs. 2020-06-05 09:09:54 +08:00
Guo Xiang Tan
e82d4d8a75
DEV: Update rails_failover to avoid monkey patching Rails config. 2020-06-05 09:05:19 +08:00
Jeff Wong
de29b4a511
PERF: rate limit search, and add anon cache for search results (#9969)
Adds new hidden site settings for rate limits:
30 for logged in users, 15 for anon

Adds an anon cache for searching, caches results of searches for 1 minute
2020-06-04 09:26:08 -07:00
Penar Musaraj
2d880b42a3
UX: Add simple-list setting type (#9970) 2020-06-04 10:44:54 -04:00
Guo Xiang Tan
87673e6571
DEV: Fix moving of rails_failover middleware. 2020-06-04 20:29:47 +08:00
Guo Xiang Tan
aaece34e8b DEV: Update rails_failover so that we can move middleware up the stack. 2020-06-04 17:14:13 +08:00
Guo Xiang Tan
54f79ea3ba DEV: Pausing Sidekiq is multisite aware. 2020-06-04 15:46:30 +08:00
Guo Xiang Tan
8e1681d356 Bump rails_failover. 2020-06-04 15:22:35 +08:00
Jeff Atwood
50d4ad562e copyedit, better email reply rejection copy 2020-06-03 19:59:51 -07:00
Vinoth Kannan
3e7f7fdde8
FEATURE: category setting for default list filter. (#9975) 2020-06-04 00:56:56 +05:30
Robin Ward
22789e0201 New bootstrap.json endpoint for starting up Discourse
Discourse needs a bunch of data preloaded before it can start up.
Normally we throw blobs of this into the HTML document that is requested
but in some cases that's awkward to retrieve.

For example with Ember CLI you have a separate javascript application
that needs to make its own HTML.

This API endpoint returns a JSON object with all the data Discourse needs to
bootstrap and start up.
2020-06-03 14:45:23 -04:00
Sam Saffron
cbaad631a4
PERF: add FORCE_BOOTSNAP env var
Bootsnap is designed to work in production per:
https://github.com/Shopify/bootsnap

Over the years we have seen very few issues with it, none of which
were corruption.

This allows us to enable bootsnap in production

Having bootsnap enabled means that we can speed up deploys by
about 5 seconds per server. It also means a lot less waiting for
various production rake tasks and so on.
2020-06-03 15:18:47 +10:00
Sam Saffron
57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental)
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
2020-06-03 13:19:57 +10:00
Guo Xiang Tan
062db10c52
FIX: EmailValidator needs to validate format of email. 2020-06-03 10:34:37 +08:00
Gerhard Schlager
9c42c0fe9a FIX: Broken MessageFormat string 2020-06-02 21:42:39 +02:00
Gerhard Schlager
0cf297725f DEV: Use consistent interpolation key format in translations
From now on client strings can easily be reused on the server and you don’t have to think about choosing the right format anymore.
2020-06-02 19:05:10 +02:00
Guo Xiang Tan
439db7ca1e
DEV: Add REDIS_RAILS_FAILOVER env to test our new redis failover. 2020-06-02 17:24:14 +08:00
Bianca Nenciu
d76ea9fa6b
FIX: Do not destroy $.fileupload element (#9888)
conditional-loading-section component rerendered the <input> element
and lost the necessary event handlers for jQuery-File-Upload.
2020-06-02 16:14:41 +10:00
Guo Xiang Tan
426b62a04a
DEV: Add silencer for verbose query logs in development. 2020-06-02 12:15:31 +08:00
Guo Xiang Tan
e4cd4f7e0b
DEV: Avoid reaching for Redis#_client which is considered deprecated. 2020-06-02 11:46:55 +08:00
Guo Xiang Tan
ade60b0cbc
DEV: Enable readonly mode for all multisite sites when PG goes down.
The risk here is that the database for one site goes down in the multisite setup and we drop everything to readonly mode. However, I discussed this with Sam and we agree that one database having problem is very rare. Most of the time, it is the entire DB cluster that goes down.
2020-06-02 11:32:07 +08:00
Guo Xiang Tan
326d6d5b0f
DEV: Pause Sidekiq when forcing pg readonly mode. 2020-06-02 09:20:03 +08:00
Neil Lalonde
72c09ab4ae
Update translations 2020-06-01 13:58:51 -04:00
Guo Xiang Tan
32735be5bd
DEV: Fix publish to message_bus when forcing pg readonly. 2020-06-01 13:26:12 +08:00
Guo Xiang Tan
2c3ff3e524
DEV: Missing readonly mode banner when forcing PG readonly. 2020-06-01 12:25:27 +08:00
Krzysztof Kotlarek
9a6ef80739
FEATURE: notify admins about old credentials (#9918)
* FEATURE: notify admins about old credentials

Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-06-01 13:49:27 +10:00
Guo Xiang Tan
b0b37bf5a3
DEV: Add force rails_over switch via Redis. 2020-06-01 11:23:58 +08:00
Robin Ward
2b2434b82d
Start Discourse in an initializer (#9930)
* DEV: To be pedantic, there is more than EMBER in there now

* DEV: Use less globals. Have `Discourse` start in an initializer

* DEV: Remove another global
2020-05-29 14:37:02 -04:00
David Taylor
e159fb06df
FEATURE: Download remote images even for old posts (#9925)
When a post is rebaked, the admins expect it to work the same regardless of how old the post is.
2020-05-29 17:13:55 +01:00
Guo Xiang Tan
ca28ad8f9a
DEV: Remove db_id from sample multisite config.
See 2bb4d5170c
2020-05-29 10:48:29 +08:00
Vinoth Kannan
ce1491e830
UX: remove in:unpinned filter from advanced search page. (#9911) 2020-05-29 00:47:28 +05:30
Guo Xiang Tan
8c86a109bb
DEV: Add ENV flag to test out ActiveRecord::Failover. 2020-05-28 16:24:22 +08:00
Dan Ungureanu
570b12a903
FEATURE: Show a detailed 404 page for private topics (#9894) 2020-05-27 20:10:01 +03:00
Roman Rizzi
461df7d050
UX: Rename Priority to score for sorting. (#9846) 2020-05-27 12:50:28 -03:00
Régis Hanol
2a4db15544 FIX: don't send digests to users with no primary email
It might happen that some User records have no associated primary emails.
In which case we don't ever want to send them a digest.

Also added a new "user_email_no_email" skipped email log to ensure these cases
are properly handled and surfaced.
2020-05-27 17:09:40 +02:00
Krzysztof Kotlarek
34e5f0a9a3
Revert "FEATURE: notify admins about old credentials (#9854)" (#9886)
This reverts commit 349a67bee6.
2020-05-27 09:52:53 +10:00
Krzysztof Kotlarek
349a67bee6
FEATURE: notify admins about old credentials (#9854)
* FEATURE: notify admins about old credentials

Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-05-27 08:13:47 +10:00
Neil Lalonde
3d20a1143b
Update translations 2020-05-26 10:06:07 -04:00
Bianca Nenciu
f47400475e
FEATURE: Send a private message when a group membership is accepted (#9822)
* FEATURE: Send a private message when a group membership is accepted

* DEV: Small code improvements

* FIX: Send PM as group owner

* Copy edits
2020-05-26 16:28:03 +03:00
Joshua Rosenfeld
41f742c2f9
FIX: Copyedit for the dominating topic warning 2020-05-26 07:18:36 -04:00
Guo Xiang Tan
878f06f1fe DEV: Remove custom connection reaper.
Rails 6 fixed the reaper to use one thread to reap all the connection pools.
2020-05-26 09:09:46 +08:00
Rafael dos Santos Silva
b48299f81c
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872) 2020-05-25 17:09:34 -03:00
Gerhard Schlager
631024ae5d FEATURE: Permalinks for tags 2020-05-25 14:51:01 +02:00
Vinoth Kannan
8e56197728
UX: use "icon-picker" & "image-uploader" fields to set group flair. (#9779) 2020-05-25 11:08:47 +05:30
Michael Brown
d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood
20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
Jeff Atwood
e62a85cf6f Merge branch 'master' of https://github.com/discourse/discourse 2020-05-22 20:25:42 -07:00
Jeff Atwood
2660c2e21d minor copyedit on theme import error 2020-05-22 20:25:35 -07:00
Mark VanLandingham
1a5bcf2a64
UX: Remove live theme previewing in favor of refresh (#9798) 2020-05-21 08:32:50 -05:00
David Taylor
bde8862f0f
FIX: Allow GitHub app client_id to be used for OAuth configuration 2020-05-21 10:44:25 +01:00
Martin Brennan
df68d11c38
FEATURE: Add topic excerpt max length site setting (#9847)
Adds a new topic_excerpt_maxlength site setting.

* When topic excerpt is requested for a post, use the new topic_excerpt_maxlength site setting to limit the size of the excerpt
* Remove code for getting/setting Post.excerpt_size as it is not used anywhere
2020-05-21 13:19:48 +10:00
Krzysztof Kotlarek
bf7103343a
FIX: sidekiq is using _forim_session (#9825)
Configure Sidekiq to use _forum_session instead of a rack.session
2020-05-21 08:19:21 +10:00
Robin Ward
ba04bb7552 FIX: Path should be addon not app 2020-05-20 12:13:15 -04:00
Bianca Nenciu
fb15da43da
Remove old web hooks in favor of 'reviewable' web hook (#9776)
* FIX: Emit web hooks for flags

* FEATURE: Remove 'flag' web hook in favor of 'reviewable' web hook

* FEATURE: Remove 'queued post' web hook in favor of 'reviewable' web hook

* FIX: Do not set a default value for web hooks with no events
2020-05-20 12:07:48 +03:00
Guo Xiang Tan
2f03a879f9
DEV: Require rails_failover before global settings. 2020-05-20 16:06:40 +08:00
Guo Xiang Tan
f7f436e536
DEV: Install rails_failover gem to test our Redis changes. 2020-05-20 15:40:27 +08:00
Sam Saffron
05f7d5a2de
UX: Rename "Edit Message" to "Edit"
This reduces the space taken by the button.
2020-05-20 14:12:58 +10:00
Roman Rizzi
52228b1fa6
DEV: These routes don't exist anymore (#9823) 2020-05-19 16:09:03 -03:00
dave0688
f2574736a2
FEATURE: Add same site cookie 'None' option to make cross domain systems possible (#9374)
Previously reverted in cb8f8de4, but can be re-applied now that Rack has been updated
2020-05-19 10:33:46 +01:00
Guo Xiang Tan
96c02caba7
DEV: Change use of Redis flushall to flushdb.
FLUSHALL removes all keys from all databases. Instead we only want to
remove keys from the current Redis database.
2020-05-19 10:20:00 +08:00
Robin Ward
db8e872bda
DEV: Move select kit to an addon (#9797) 2020-05-15 16:07:35 -04:00
Joffrey JAFFEUX
b07f1bfd93
FIX: displays a title on sk header if no selected name (#9794)
none has to be defined.
2020-05-15 17:36:00 +02:00
Justin DiRose
9810ca1dbd
UX: Add copied text upon copy button click (#9793) 2020-05-15 17:08:46 +02:00
Penar Musaraj
5ff2a235f6 DEV: Allow 3-digit HEX color code in single icon route
Followup to aee8e62
2020-05-14 16:37:45 -04:00
Penar Musaraj
aee8e62e21
FEATURE: Add endpoint for individual SVG icons (#9765) 2020-05-14 14:17:19 -04:00
Mark VanLandingham
a047004c9a
FIX: Specific email error for replies to digest emails (#9770) 2020-05-14 09:04:58 -05:00
Vinoth Kannan
c014b93854
UX: don't disable "create account" button & display error message for required fields. (#9643) 2020-05-14 12:15:33 +05:30
David Taylor
cb8f8de422
Revert "FEATURE: Add same site cookie 'None' option to make cross domain systems possible (#9374)"
samesite=none is not supported in Rack 2.0.8. We can re-apply this change once Rack has been upgraded.

https://meta.discourse.org/t/cooke-samesite-none-not-working-because-of-outdated-rack-version/151331

This reverts commit 94c0228681.
2020-05-13 16:17:05 +01:00
RK Aranas
7d857d79bd UX: Fix hard coded value in Crazy in Love badge description
Currently, the Crazy in Love badge's description has a hard coded
value of 50.This should correspond to the max_likes_per_day value
instead.
2020-05-13 16:59:28 +08:00
Daniel Waterworth
497dc6eaa7 Add a global setting for CDN origin
This is so that, on a multisite cluster, when we handle a CDN request,
the hostname that is requested corresponds to one of the sites -
specifically the default site.
2020-05-12 16:43:40 +01:00
Penar Musaraj
90b900704b FIX: Improve mobile footer nav accessibility 2020-05-11 16:55:34 -04:00
David Taylor
5fc51ed49c
DEV: Remove unused DiscoursePlugin class (#9715) 2020-05-11 15:46:54 +01:00
Risto
a9cf680f76
A typo fix (#9717) 2020-05-11 10:43:21 -04:00
Sam Saffron
d8d54a92f1
FEATURE: tighten rate limiting rules for forgot password
1. Total 6 attempts per day per user
2. Total of 5 per unique email/login that is not found per hour
3. If an admin blocks an IP that IP can not request a reset
2020-05-08 13:30:51 +10:00
Sam Saffron
609e929186
Revert "Revert "DEV: upgrade to Rails 6.0.3""
This reverts commit 2ff8b4f5d9.

Attempt #2 at a Rails update this time we also update the
rails_multisite gem to allow for cleaner reordering
2020-05-08 11:49:22 +10:00
David Taylor
2ff8b4f5d9
Revert "DEV: upgrade to Rails 6.0.3"
This was causing issues during multisite:migrate

https://meta.discourse.org/t/multisite-migrate-broken-since-rails-6-0-3-update/150691

This reverts commit 136a545653.
2020-05-07 11:44:39 +01:00
Sam Saffron
136a545653
DEV: upgrade to Rails 6.0.3
Upgrades Rails to latest, this version has better compatibility
with Ruby 2.7

During the upgrade we needed a new cleaner mechanism for configuring
message bus.

All tests are green.

If anything weird pops up please revert.
2020-05-07 15:53:40 +10:00
Martin Brennan
6fb0f36ce1
FEATURE: Optionally delete bookmark when reminder sent (#9637)
We now show an options gear icon next to the bookmark name.

When expanded we show the "delete bookmark when reminder sent" option. The value of this checkbox is saved in local storage for the user.

If this is ticked, when a reminder is sent for the bookmark the bookmark itself is deleted. This is so people can use the reminder functionality by itself.

Also remove the blue alert reminder section from the "Edit Bookmark" modal as it just added clutter, because the user can already see they had a reminder set:

Adds a default false boolean column `delete_when_reminder_sent` to bookmarks.
2020-05-07 13:37:39 +10:00
Robin Ward
97657aa322 Don't precompile preload-store 2020-05-06 16:47:04 -04:00