github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-17 16:12:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
A platform for community discussion. Free, open, simple.
43,989 Commits 214 Branches 500 Tags 960 MiB
Ruby 60.5%
JavaScript 28%
HTML 4.6%
Handlebars 3.8%
SCSS 3%
2278c7f82d
Go to file
Rafael dos Santos Silva 2278c7f82d
FIX: Bypass service worker on the SSO path (#15558) 
This is a workaround a behavior change in Chromium v97.
The following text was sent to the blink-dev mailing list:

> This change broke a SingleSignOn login on the FOSS software Discourse. We have a flow like:
>
> 1. User visits forum.siteA.com, click login
> 2. Gets redirected to idp.siteB.com
> 3. Fills login details
> 4. Gets redirected to forum.siteA.com/session/sso_login?parameters
> 5. Gets redirected to forum.siteA.com/homepage
>
> On step 4, the response includes a `set-cookie` header, with proper `HttpOnly; SameSite=Lax; Secure `and set. But if there is an active service worker, the login will fail as that cookie will be rejected by Chromium due to SameSite rules now.
>
> t=2971 [st=258]        COOKIE_INCLUSION_STATUS
>                        --> domain = "forum.siteA.com"
>                        --> name = "_t"
>                        --> operation = "store"
>                        --> path = "/"
>                        --> status = "EXCLUDE_SAMESITE_LAX, DO_NOT_WARN"
>
> The service worker is a vanilla WorkboxJS service worker that intercepts all GETs with the "Network First" strategy.
>
> Disabling the service worker or using Firefox results in a successful login. There is no warning in either DevTools network tab nor the console that the cookie was rejected.
>
> Chrome 96: login works
> Chrome 97: login does not work
> Chrome 98: login does not work
>
> Is this expected behavior? Even if the request `GET forum.siteA.com` was initiated because of a redirect from a different domain, is it expected that Chrome will silently drop same site cookies from forum.siteA.com?
2022-01-12 20:01:53 -03:00
.devcontainer FEATURE: Support for GitHub Codespaces development (#11440) 2020-12-08 21:35:15 -03:00
.github DEV: Bump bundler from 2.2.26 to 2.3.4 (#15549) 2022-01-13 08:50:04 +11:00
.vscode-sample DEV: Move vscode config files to .vscode-sample directory (#11943) 2021-02-03 14:14:39 +00:00
app FIX: Bypass service worker on the SSO path (#15558) 2022-01-12 20:01:53 -03:00
bin DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
config DEV: Update message_bus to 4.0.0 (#15553) 2022-01-13 08:14:52 +11:00
db DEV: Drop bookmark trigger correctly (#15486) 2022-01-07 15:20:07 +10:00
docs FEATURE: Extend plugin API to add multiple poster icons (#15311) 2021-12-15 18:09:26 +08:00
images Replace README logo with PNG (#14044) 2021-08-13 14:23:49 -04:00
lib DEV: Support for running theme test with Ember CLI (second attempt) 2022-01-12 15:43:29 -05:00
log
plugins Update translations (#15540) 2022-01-11 14:21:34 +01:00
public DEV: Update emojis constants (#15506) 2022-01-10 14:53:52 -03:00
script DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
spec DEV: Support for running theme test with Ember CLI (second attempt) 2022-01-12 15:43:29 -05:00
test DEV: Log response headers when getting rate limit errors during smoke tests (#15487) 2022-01-07 11:50:59 +03:00
vendor DEV: Drop jQuery file uploader and old upload components (#15376) 2021-12-22 08:59:44 +10:00
.editorconfig Set trim_trailing_whitespace false for markdown 2016-06-25 22:29:01 +04:30
.eslintignore DEV: Support for running theme test with Ember CLI (second attempt) 2022-01-12 15:43:29 -05:00
.eslintrc DEV: Avoid using globals (#14909) 2021-11-13 13:10:13 +01:00
.git-blame-ignore-revs DEV: the referenced commit bc97… was rebased into 445d… (#11626) 2021-01-07 08:14:54 +11:00
.gitattributes Use proper encoding for email fixtures. 2018-02-21 17:06:35 +08:00
.gitignore DEV: Add GeoList2-ASN.mmdb and .bundle to .gitignore (#13902) 2021-07-30 16:17:55 +01:00
.licensed.yml DEV: Add a basic licensed config (#10128) 2020-06-25 18:01:36 -03:00
.npmrc DEV: Prevent npm usage (#13945) 2021-08-04 22:04:58 +02:00
.prettierignore DEV: Support for running theme test with Ember CLI (second attempt) 2022-01-12 15:43:29 -05:00
.prettierrc DEV: upgrades dev config (#10588) 2020-09-04 13:33:03 +02:00
.rspec DEV: Use --profile and --fail-fast in CI only 2019-03-11 22:04:47 -04:00
.rspec_parallel DEV: Introduce parallel rspec testing 2019-04-01 11:06:47 -04:00
.rubocop.yml Revert "Bump rubocop-discourse to 2.3.0." 2020-07-24 13:18:49 +08:00
.ruby-gemset.sample
.ruby-version.sample Update .ruby-version.sample 2021-07-30 14:42:14 -04:00
.template-lintrc.js enable eol-last for eslint and ember-template-lint (#12678) 2021-04-12 17:22:00 -07:00
adminjs
Brewfile DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
config.ru DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
CONTRIBUTING.md Proper long form for CLA 2015-09-10 20:49:03 +02:00
COPYRIGHT.md DEV: Absorb onebox gem into core (#12979) 2021-05-26 15:11:35 +05:30
d add wrappers for mailcatcher and sidekiq 2016-12-13 09:05:45 +11:00
discourse.sublime-project DEV: Exclude i18n .yml files from Sublime Text project. (#6473) 2018-10-10 20:21:24 +08:00
Gemfile Revert "DEV: Avoid duplication of gems in gemfile." (#14784) 2021-11-01 17:58:24 +05:30
Gemfile.lock DEV: Bump bundler from 2.2.26 to 2.3.4 (#15549) 2022-01-13 08:50:04 +11:00
install-imagemagick Add three reports (#14338) 2021-12-02 22:41:55 +05:30
jsapp
lefthook.yml DEV: Lint SCSS with prettier in pre-commit (#15033) 2021-11-22 11:30:12 +10:00
LICENSE.txt DEV: Absorb onebox gem into core (#12979) 2021-05-26 15:11:35 +05:30
package.json FEATURE: Automatic admin editor dark mode (#15419) 2021-12-29 11:02:37 -05:00
Rakefile FIX: Do not dump schema during production database migrations (#12785) 2021-04-21 16:26:20 +01:00
README.md Remove Atom from README 2021-09-16 14:28:56 -04:00
translator.yml DEV: Add styleguide locale files to Crowdin (#10876) 2020-10-09 13:23:32 +11:00
yarn.lock FEATURE: Automatic admin editor dark mode (#15419) 2021-12-29 11:02:37 -05:00

README.md

Discourse is the 100% open source discussion platform built for the next decade of the Internet. Use it as a:

  • mailing list
  • discussion forum
  • long-form chat room

To learn more about the philosophy and goals of the project, visit discourse.org.

Screenshots

Boing Boing

Mobile

Browse lots more notable Discourse instances.

Development

To get your environment setup, follow the community setup guide for your operating system.

  1. If you're on macOS, try the macOS development guide.
  2. If you're on Ubuntu, try the Ubuntu development guide.
  3. If you're on Windows, try the Windows 10 development guide.

If you're familiar with how Rails works and are comfortable setting up your own environment, you can also try out the Discourse Advanced Developer Guide, which is aimed primarily at Ubuntu and macOS environments.

Before you get started, ensure you have the following minimum versions: Ruby 2.7+, PostgreSQL 13+, Redis 6.0+. If you're having trouble, please see our TROUBLESHOOTING GUIDE first!

Setting up Discourse

If you want to set up a Discourse forum for production use, see our Discourse Install Guide.

If you're looking for business class hosting, see discourse.org/buy.

If you're looking for our remote work solution, see teams.discourse.com.

Requirements

Discourse is built for the next 10 years of the Internet, so our requirements are high.

Discourse supports the latest, stable releases of all major browsers and platforms:

Browsers Tablets Phones
Apple Safari iPadOS iOS
Google Chrome Android Android
Microsoft Edge
Mozilla Firefox

Built With

  • Ruby on Rails — Our back end API is a Rails app. It responds to requests RESTfully in JSON.
  • Ember.js — Our front end is an Ember.js app that communicates with the Rails API.
  • PostgreSQL — Our main data store is in Postgres.
  • Redis — We use Redis as a cache and for transient data.
  • BrowserStack — We use BrowserStack to test on real devices and browsers.

Plus lots of Ruby Gems, a complete list of which is at /main/Gemfile.

Contributing

Build Status

Discourse is 100% free and open source. We encourage and support an active, healthy community that
accepts contributions from the public including you!

Before contributing to Discourse:

  1. Please read the complete mission statements on discourse.org. Yes we actually believe this stuff; you should too.
  2. Read and sign the Electronic Discourse Forums Contribution License Agreement.
  3. Dig into CONTRIBUTING.MD, which covers submitting bugs, requesting new features, preparing your code for a pull request, etc.
  4. Always strive to collaborate with mutual respect.
  5. Not sure what to work on? We've got some ideas.

We look forward to seeing your pull requests!

Security

We take security very seriously at Discourse; all our code is 100% open source and peer reviewed. Please read our security guide for an overview of security measures in Discourse, or if you wish to report a security issue.

The Discourse Team

The original Discourse code contributors can be found in AUTHORS.MD. For a complete list of the many individuals that contributed to the design and implementation of Discourse, please refer to the official Discourse blog and GitHub's list of contributors.

Copyright / License

Copyright 2014 - 2021 Civilized Discourse Construction Kit, Inc.

Licensed under the GNU General Public License Version 2.0 (or later);
you may not use this work except in compliance with the License.
You may obtain a copy of the License in the LICENSE file, or at:

https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Discourse logo and “Discourse Forum” ®, Civilized Discourse Construction Kit, Inc.

Dedication

Discourse is built with love, Internet style.