Commit Graph

60 Commits

Author SHA1 Message Date
Vinoth Kannan
58bb3967e5 SECURITY: Oneboxer should escape the URL before processing 2018-03-15 19:57:55 +05:30
Régis Hanol
3be0294465 FIX: local post onebox was always pointing to 1st post 2018-02-26 16:05:35 +01:00
Régis Hanol
7d7f6faf40 FIX: properly render emojis in local oneboxes 2018-02-26 11:16:53 +01:00
Régis Hanol
0799831dbe FIX: use the avatar of the post rather than the topic in local oneboxes 2018-02-20 19:49:39 +01:00
Régis Hanol
60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Régis Hanol
93b1829f04 tiny refactor 2018-02-16 11:21:11 +01:00
Sam
cda3f72ab8 SECURITY: don't onebox whispers 2018-02-16 08:57:20 +11:00
Sam
57e140dc07 FIX: oneboxing to private messages 2018-02-16 08:00:22 +11:00
Régis Hanol
8e0da35857 FIX: allow local oneboxes to public topics/posts in PM 2018-02-15 18:14:41 +01:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Régis Hanol
8e55400392 FIX: add 'SiteSetting.port' to 'Onebox.allowed_ports' in development mode 2017-12-18 18:31:41 +01:00
Joffrey JAFFEUX
6cd8203686 FIX: allows onebox to force GET hosts returning wrong headers on HEAD 2017-08-08 11:44:27 +02:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Blake Erickson
6fc5ece628 FIX: onebox for dropbox video links not working
add dropbox to the list of ignore redirects for onebox links
2017-07-26 14:37:54 -06:00
Régis Hanol
9e03fae26c FIX: internal oneboxing wasn't working when login was required 2017-07-17 17:33:10 +02:00
Robin Ward
db485ae0da FIX: Support for skipping redirects on certain domains (like steam) 2017-06-26 15:38:43 -04:00
Robin Ward
0de5d01d79 FIX: Onebox wasn't using correct uri 2017-06-06 16:39:15 -04:00
Robin Ward
369bb78f8e FIX: Support for cookies in onebox redirects 2017-06-06 15:02:11 -04:00
Robin Ward
4c690f7089 Use FinalDestination to ensure public redirects for onebox 2017-05-22 16:42:49 -04:00
David McClure
b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Régis Hanol
ba115480ba FIX: wasn't extracting links to quoted posts 2017-02-06 14:45:04 +01:00
Guo Xiang Tan
d10fe51b72 Fix broken specs since all urls will be oneboxed. 2017-01-06 10:05:51 +08:00
Régis Hanol
b12b2b1911 change onebox preview key for me consistency 2016-12-20 11:18:47 +01:00
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Régis Hanol
a655e4b092 ensure we allow self oneboxing of login required sites 2016-11-03 22:48:32 +01:00
Régis Hanol
08d53b32ca let's try loading onebox engines this way 2016-10-25 01:25:44 +02:00
Régis Hanol
3841cd9a7f FEATURE: onebox everything by default
FEATURE: new 'max_oneboxes_per_post' site setting
FEATURE: change onebox whitelist to a blacklist
PERF: debounce the loading of oneboxes
PERF: improve perf of mention links in preview
FIX: sort loading of custom oneboxer
2016-10-24 12:46:22 +02:00
Robin Ward
0396b14b70
FEATURE: New "First Onebox" badge 2016-04-12 15:31:14 -04:00
Arpit Jalan
f38abbe279 FIX: onebox links should respect nofollow settings 2015-12-04 01:59:12 +05:30
Sam
57870b970d correct hack and move to oneboxer 2015-09-25 20:14:53 +10:00
Sam
18a8853181 FIX: don't crash out searching for parent in oneboxer 2015-09-22 12:42:13 +10:00
Sam
88a5a676a7 lower error level on onebox failures 2015-08-24 10:43:07 +10:00
riking
5657006aca Rename handle_exception to handle_job_exception 2015-02-09 12:47:46 -08:00
riking
d90404e830 Change 'code' to 'message' 2014-07-17 15:19:58 -07:00
Robin Ward
fc20332c0f Lift all oneboxes out of <p> tags. 2014-07-04 16:09:51 -04:00
Robin Ward
7bb33c28c2 Add new max_width feature for oneboxes. Allows vimeo oneboxes to not
look like total garbage.
2014-06-05 13:18:18 -04:00
Sam
0bc3525b10 BUGFIX: more robust onebox implementation 2014-05-28 17:15:10 +10:00
Robin Ward
b0405d7cfa Adds a Site Setting to whitelist onebox domains 2014-04-09 16:57:45 -04:00
Sam
239bcd19df BUGFIX: protect ourselved against rogue onebox gem 2014-04-01 15:29:14 +11:00
Sam
00a46253ae BUGFIX: Don't resolve oneboxes when cooking
Defer to post save job
2014-03-18 15:22:53 +11:00
Robin Ward
cd7ef6b49a Revert "FIX: Bunch of Onebox issues"
This reverts commit ccbe671e4a.
2014-02-25 13:35:08 -05:00
Robin Ward
ccbe671e4a FIX: Bunch of Onebox issues 2014-02-25 13:29:05 -05:00
Neil Lalonde
d343e9f360 Add DiscourseLocalOnebox 2014-01-29 14:14:07 -05:00
Robin Ward
e453bfa073 Work in progress: Swap out onebox code for onebox gem 2014-01-29 14:14:07 -05:00
Neil Lalonde
86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Sam
e4a76812a6 this is a slightly round about way of making our self oneboxes sane
shrunk avatar to 60px, added global whitelisting
2013-05-01 16:38:13 +10:00
Sam Saffron
94a578e4b2 ignore assets
fix runner so it works on mac
get rid of some test warnings
2013-04-30 12:43:59 +10:00
Sam
33e3ad1603 clean up onebox application so it uses a single code path
use fragments for oneboxes
strip parent <p> if <div> is in it
clean some tests
2013-04-10 17:52:38 +10:00
Robin Ward
ee5213be5f Fixes regression with video embeds 2013-03-21 20:53:12 -04:00
Robin Ward
babcfe6234 Cache oneboxes in Redis now instead of postgres. 2013-03-21 13:11:54 -04:00