Commit Graph

907 Commits

Author SHA1 Message Date
Christoph Holtermann
68bfe0260a Fix typo (#6043)
typo: state instead of status
2018-07-05 09:26:48 +08:00
Joffrey JAFFEUX
1772b56cda
FIX: minor micro data fixes 2018-06-29 13:41:04 +02:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Maja Komel
24dfa1b657 Rename s3 vars, change condition when displaying s3 uploads 2018-06-25 17:16:01 +02:00
Joffrey JAFFEUX
803968147c
FIX: ListItem can’t have itemprop=url and itemprop=item together 2018-06-25 14:12:55 +02:00
Christoph Holtermann
bed26ea0b3 fix indentation 2018-06-25 15:01:39 +10:00
Christoph Holtermann
a0af15d525 no redeclaring state 2018-06-25 15:01:39 +10:00
Christoph Holtermann
e874afaf31 read embed state info from data attribute 2018-06-25 15:01:39 +10:00
Christoph Holtermann
6eb0b310fe add data attributes to reflect embed status 2018-06-25 15:01:39 +10:00
Christoph Holtermann
5914a3db20 Update embed.html.erb
Small fix
2018-06-25 15:01:39 +10:00
Christoph Holtermann
2244f19ff9 Update embed.html.erb
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00
Rafael dos Santos Silva
8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Joffrey JAFFEUX
276526e30e
FIX: improves micro data support 2018-06-13 23:20:48 +02:00
Angus McLeod
0997eb6486 Add theme stylesheet(s) to the crawler layout 2018-06-12 12:47:48 +10:00
Jeff Wong
4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Régis Hanol
0402e97368 FIX: redirect to sso_destination_url after account activation 2018-05-11 19:57:04 +02:00
Régis Hanol
6a006b3646 FIX: format posts for embedded comments as we do for emails 2018-05-09 19:24:44 +02:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Jeff Wong
62a8904729
Feature: Include participants at the bottom of PM emails (#5797)
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
2018-05-03 15:50:06 -07:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Sam
54d153068a DEV: remove qunit rails fork and add a couple of async tests 2018-04-23 16:42:40 +10:00
Arpit Jalan
45cfb61af1 FIX: sanitize click track links 2018-04-17 12:35:16 +05:30
Robin Ward
3d7dbdedc0 FEATURE: An API to help sites build robots.txt files programatically
This is mainly useful for subfolder sites, who need to expose their
robots.txt contents to a parent site.
2018-04-16 15:43:20 -04:00
Sam
223379e21a per spec we need to repeat disallow paths per agent 2018-04-16 15:38:10 +10:00
Arpit Jalan
a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Régis Hanol
1a9271dd2f add a warning in robots.txt when using subfolder 2018-04-12 00:00:15 +02:00
Régis Hanol
df7970a6f6 prefix the robots.txt rules with the directory when using subfolder 2018-04-11 22:05:02 +02:00
Sam
489c22d93c FEATURE: Disallow tags and categories rss feeds
This stops crawlers from hitting tags and category rss feeds to discover
new content, instead they should focus on latest/posts if they need to
consume something regular
2018-04-11 14:36:10 +10:00
Sam
f40f10240c FEATURE: remove topic rss from robots
Crawlers love hitting the rss feeds (confirmed that both Google and Bing do)

Experimenting with the impact of blocking these feeds and forcing Crawlers to hit
the content direct. It is better if they hit the actual page to start with as opposed to

1. Hit RSS feed
2. Find new content
3. Hit post link
4. Get canonical
5. Hit canonical

Lots of pointless work.

We do not know for sure what impact this will have on newsreader apps,
we will listen for feedback.
2018-04-11 11:57:52 +10:00
Jeff Wong
32f919ea34 Fix - service worker registrations
* register service workers in a development env

* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
Sam
3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Neil Lalonde
b7ecdb72d6 FIX: update Google Tag Manager javascript 2018-04-03 14:22:06 -04:00
Arpit Jalan
5e4dd20795 Revert "Prevent robots from indexing uploads"
This reverts commit 0fd622e5d1.
2018-04-02 21:29:29 +05:30
Neil Lalonde
c9216626d8
Merge pull request #5688 from discourse/fix-embed-comments-template-error
FIX: Make sure a post has replies before accessing the reply_id
2018-03-27 15:30:53 -04:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
scossar
f213dea529 Make sure a post has replies before accessing the reply id 2018-03-20 12:13:41 -07:00
Régis Hanol
89f5c90ce0 FIX: show an error page on click tracking error 2018-03-17 00:33:11 +01:00
Sam
8c1d145f0e FIX: when visiting post on mobile it is not selected 2018-03-13 14:06:08 +11:00
Dan Nicholson
0fd622e5d1 Prevent robots from indexing uploads
Although most user uploads are probably harmless, it's possible someone
has (either maliciously or not) uploaded sensitive information. Prevent
robots from indexing the uploads route.
2018-03-09 05:51:55 -06:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Sam
e19ae6c55e FEATURE: disallow groups from being indexed 2018-03-02 13:38:30 +11:00
Guo Xiang Tan
70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Joffrey JAFFEUX
ac701696b3
FEATURE: replaces tag-chooser/tag-group-chooser with select-kit component
These component were also the last using select2. As a consequence select2 is removed from Discourse in this commit.
2018-02-26 11:42:57 +01:00
Guo Xiang Tan
a9699da672 UX: Specify pattern and maxlength for 2FA input fields. 2018-02-26 18:29:46 +08:00
Guo Xiang Tan
1f74509a75 FIX: 2FA prompt incorrectly displayed on admin login page. 2018-02-23 11:05:39 +08:00
Maja Komel
76a2fc3d07 UX: Add og metadata for groups.
https://meta.discourse.org/t/onebox-for-groups/79155
2018-02-22 15:03:41 +08:00
Guo Xiang Tan
964624f3ab FIX: No error displayed when 2FA token is invalid on admin login page. 2018-02-22 09:45:57 +08:00
Guo Xiang Tan
edf326a9a5 Fix incorrect translation. 2018-02-22 08:06:37 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Jeff Wong
f4f8a293e7 FEATURE: Implement 2factor login TOTP
implemented review items.

Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds.
I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail.
Translatable texts.
Move second factor logic to a helper class.
Move second factor specific controller endpoints to its own controller.
Move serialization logic for 2-factor details in admin user views.
Add a login ember component for de-duplication
Fix up code formatting
Change verbiage of google authenticator

add controller tests:
second factor controller tests
change email tests
change password tests
admin login tests

add qunit tests - password reset, preferences

fix: check for 2factor on change email controller
fix: email controller - only show second factor errors on attempt
fix: check against 'true' to enable second factor.

Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP

add two factor to email signin link

rate limit if second factor token present

add rate limiter test for second factor attempts
2018-02-21 09:04:07 +08:00
Guo Xiang Tan
7902296c11 Oops we should register a service worker as long as it is supported. 2018-02-15 15:02:14 +08:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward
0776340b29 SECURITY: Prevent robots from indexing more routes
These routes could contain sensitive material and should never be
indexed for content.
2018-02-04 13:24:36 -05:00
Neil Lalonde
2493648f9c PERF: calculate topic_counts for tags in an async job so tag queries that include counts are much faster 2018-01-12 11:03:03 -05:00
Sam
8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Vinoth Kannan
f08995c390 Remove unused code lines 2017-12-29 12:32:18 +05:30
Gerhard Schlager
44ee388070 FEATURE: omit images from og and twitter description tags 2017-11-28 21:34:02 +01:00
Kris
c2da25dd5c
Cleaning up the 404 page (#5363) 2017-11-24 12:41:31 -05:00
Neil Lalonde
66e53f449a UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse 2017-11-21 13:56:19 -05:00
Robin Ward
cef64e8f03 UX: Use no_ember styling for omniauth error page 2017-11-15 14:04:26 -05:00
Robin Ward
d07ebf9d4c UX: Support for custom error pages and headers in plugins 2017-11-14 16:31:44 -05:00
Robin Ward
1c56e1c063 Support for HTML builders on the no-ember view 2017-11-14 16:04:27 -05:00
Robin Ward
52480d554a UX: Support for custom 404 pages 2017-11-14 11:57:17 -05:00
Sam
dfe9f70747 UX: warn that something must be selected with safe mode 2017-11-13 15:59:51 +11:00
Michael Howell
38b8d68c68 FEATURE: Allow the user to select a custom home page (#5268)
* Add user_home configuration option

* Use the new user_home preference to actually show the right home page

* Fix trailing whitespace

* Update user_option_serializer.rb

* Fix JavaScript default homepage tests

* Use an object instead of a giant switch

* Remove trailing whitespace

* Make the default `user_home` set to `null` instead of `0`

* Rename user_home to homepage_id
2017-11-10 06:45:19 +11:00
Neil Lalonde
7eb5f78343 UX: increase max length of topic titles in summary email html by 40 characters 2017-11-06 10:00:01 -05:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Penar Musaraj
bd1616d3d9 Add offline route and service worker to fix Android app install banner (#5217)
* set up static offline.html route and service worker for Android Web App Banner

* add viewport meta tag to offline view for android app banner

* add i18n support for offline.html pages, cleanup

* fix html syntax, add page title, remove license for service-worker.js
2017-10-31 10:46:48 +11:00
Neil Lalonde
a5afc08363 FIX: html links in text part of summary email 2017-10-30 15:43:01 -04:00
Neil Lalonde
28bc5ac10a FIX: link to about page on subfolder 2017-10-30 14:34:12 -04:00
Neil Lalonde
fec5691064 FIX: unsubscribe links in summary emails were missing subfolder 2017-10-30 14:28:43 -04:00
Neil Lalonde
bf00ab5d4a FIX: grant admin on subfolder 2017-10-27 16:46:02 -04:00
Arpit Jalan
33f0d80ed5 UX: better title on search page 2017-10-27 09:13:04 +05:30
Guo Xiang Tan
ad9553ff86 Merge pull request #5238 from discourse/jomaxro-patch-1
Add div to login-required text
2017-10-24 17:04:18 +08:00
Robin Ward
e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Arpit Jalan
cafbf506cc better error message when confirming email change 2017-10-20 20:58:00 +05:30
Joshua Rosenfeld
64e5532b90 Add div to login-required text 2017-10-15 14:45:24 -04:00
Guo Xiang Tan
6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan
190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00
Sam
70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Sam
ebdf8d6718 remove uneeded code 2017-10-04 15:05:58 +11:00
Sam
14310d2eee UX: title in JS must match title on Server
Corrects title flashing with incorrect value on front page reloads
2017-10-04 15:04:42 +11:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Arpit Jalan
6d35b62238 add image type attribute to icon link tag 2017-09-08 12:48:30 +05:30
Leo McArdle
e183600563 FIX: redirect loop for new users visiting /new-topic using full screen login 2017-09-07 21:02:41 +01:00
Bianca Nenciu
fa69e0dd77 Improved metadata for tags. (#5067) 2017-08-28 13:11:34 -04:00
Neil Lalonde
d506e577a5 FEATURE: if full search returns no results, show google search form 2017-08-15 16:46:41 -04:00
Arpit Jalan
b354099252 FEATURE: add custom open graph tag for ignoring canonical url 2017-08-15 19:24:20 +05:30
David Taylor
37300d6777 SECURITY: Do not show latest/top topics on 404 for login_required sites 2017-08-13 19:02:44 +03:00
Arpit Jalan
bf2c35aa99 FEATURE: add RSS feed for badge pages 2017-08-09 13:43:49 +05:30
Robin Ward
2e4b3e9b06 Don't include all html builders on client and server side 2017-08-07 11:29:35 -04:00
Arpit Jalan
2d95b9dfbf FIX: prevent Cloudflare from obfuscating emails
https://support.cloudflare.com/hc/en-us/articles/200170016-What-is-Email-Address-Obfuscation-
2017-08-03 15:06:13 +05:30
Ryan Mulligan
f3f7dd02d1 safely call html_safe on category description
The `categories.description` column is not modified as "not null", so it is possible for the description to be nil. This changes the code not call html_safe on nil.
2017-07-25 11:40:02 -07:00
Benjamin Elijah Griffin
4f77ca72a3 Stop Rails from escaping the HTML in this description. 2017-07-24 17:15:15 -07:00
Sam Saffron
d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Neil Lalonde
3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam
79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron
ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00