discourse

mirror of https://github.com/discourse/discourse.git synced 2024-11-23 12:40:40 +08:00

History

David Taylor b1f74ab59e FEATURE: Add experimental option for strict-dynamic CSP (#25664 ) The strict-dynamic CSP directive is supported in all our target browsers, and makes for a much simpler configuration. Instead of allowlisting paths, we use a per-request nonce to authorize `<script>` tags, and then those scripts are allowed to load additional scripts (or add additional inline scripts) without restriction. This becomes especially useful when admins want to add external scripts like Google Tag Manager, or advertising scripts, which then go on to load a ton of other scripts. All script tags introduced via themes will automatically have the nonce attribute applied, so it should be zero-effort for theme developers. Plugins may need some changes if they are inserting their own script tags. This commit introduces a strict-dynamic-based CSP behind an experimental `content_security_policy_strict_dynamic` site setting.		2024-02-16 11:16:54 +00:00
..
composer	DEV: Automatically update groups for test users with explicit TL (#25415 )	2024-01-29 17:52:02 +08:00
emojis	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
groups	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
helpers	DEV: make sure we don't load all data into memory when exporting chat messages (#22276 )	2023-07-12 18:52:18 +04:00
page_objects	FIX: Serialize uploaded_avatars_allowed_groups check on current user (#25515 )	2024-02-02 09:32:45 +10:00
user_page	DEV: Do not require session confirmation for new users (#24799 )	2024-02-15 12:29:16 -05:00
admin_customize_form_templates_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
admin_customize_themes_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
admin_dashboard_new_features_spec.rb	DEV: Remove unnecessary fab! block (#24496 )	2023-11-21 17:03:17 -06:00
admin_plugins_list_spec.rb	FIX: Use plugin category name for plugin list (#24477 )	2023-11-23 08:40:55 +10:00
admin_revamp_sidebar_navigation_spec.rb	FIX: Respect homepage prefs on admin sidebar Back to Forum link (#25642 )	2024-02-16 14:31:42 +10:00
admin_site_setting_search_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
admin_user_badges_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
bookmarks_spec.rb	DEV: Convert min_trust_to_flag_posts setting to groups (#24864 )	2023-12-13 17:18:42 +08:00
category_edit_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
category_topics_spec.rb	DEV: Remove unnecessary `js: true` options from specs (#24463 )	2023-11-20 17:22:14 +01:00
change_owner_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
composer_uploads_spec.rb	FEATURE: Auto generate and display video preview image (#25633 )	2024-02-14 13:43:53 -07:00
content_security_policy_spec.rb	FEATURE: Add experimental option for strict-dynamic CSP (#25664 )	2024-02-16 11:16:54 +00:00
create_account_spec.rb	DEV: Add a basic account creation system spec (#24179 )	2023-10-31 14:53:24 +01:00
csv_exports_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
custom_sidebar_sections_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
discovery_breadcrumb_navigation_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
discovery_list_spec.rb	FIX: Sorting toggles on topic list (#24465 )	2023-11-20 17:45:13 +00:00
dismissing_new_spec.rb	DEV: Remove usage of `min_trust_to_create_topic` SiteSetting (#24887 )	2023-12-18 13:39:53 +11:00
editing_sidebar_categories_navigation_spec.rb	DEV: Unskip flaky editing sidebar nav menu categories on mobile test (#24412 )	2023-11-17 06:37:20 +08:00
editing_sidebar_community_section_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
editing_sidebar_tags_navigation_spec.rb	UX: Fix edit navigation tags modal height too long on desktop (#24765 )	2023-12-07 09:42:04 +08:00
email_change_spec.rb	DEV: Do not require session confirmation for new users (#24799 )	2024-02-15 12:29:16 -05:00
ember_deprecation_spec.rb	FEATURE: Show warning banner for critical JS deprecations to admins (#25091 )	2024-01-03 11:41:09 +00:00
filtering_topics_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
flagging_post_spec.rb	DEV: Convert min_trust_to_flag_posts setting to groups (#24864 )	2023-12-13 17:18:42 +08:00
grant_badge_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
group_activity_spec.rb	FIX: respect creation date when paginating group activity posts (#24993 )	2024-01-11 13:37:27 -03:00
group_card_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
hashtag_autocomplete_spec.rb	FEATURE: Async load of category and chat hashtags (#25526 )	2024-02-12 12:07:14 +02:00
keyboard_shortcuts_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
network_disconnected_spec.rb	DEV: Fix flaky network-based upload spec (#23286 )	2023-08-28 12:59:22 +08:00
new_topic_list_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
post_menu_spec.rb	DEV: Fix spec for post menu (#25100 )	2024-01-03 16:55:08 +10:00
post_selection_copy_quote_spec.rb	FIX: Do not show quote copy button to anon (#25471 )	2024-01-30 13:19:35 +10:00
post_selection_fast_edit_spec.rb	FIX: remove fast-edit regex and string replacement (#25496 )	2024-01-31 18:26:43 +08:00
post_small_action_spec.rb	DEV: Remove flaky spec (#24641 )	2023-11-30 11:06:27 +08:00
reviewables_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
s3_secure_uploads_spec.rb	DEV: Re-enable minio specs by pre-installing minio binary before test run (#24050 )	2023-10-24 12:43:14 +10:00
s3_uploads_spec.rb	DEV: Fix various rubocop lints (#24749 )	2023-12-06 23:25:00 +01:00
scroll_manager_service_spec.rb	DEV: Remove unused pageobject from scroll_manager_service_spec (#23501 )	2023-09-11 10:28:25 +01:00
search_spec.rb	FIX: Navigate search results using J/K keys (#24787 )	2023-12-08 11:06:59 -05:00
table_builder_spec.rb	DEV: Convert min_trust_to_edit_post to groups (#24840 )	2023-12-13 13:25:13 +08:00
tag_notification_level_spec.rb	DEV: Remove superfluous `js: true` metadata (#21960 )	2023-06-07 09:26:58 +08:00
tag_synonyms_spec.rb	DEV: Fix random typos (#22078 )	2023-06-13 22:02:21 +02:00
tags_intersection_spec.rb	FIX: Transitioning to tag-intersection route (#23931 )	2023-10-13 16:23:04 +01:00
theme_qunit_spec.rb	DEV: Stop building test assets in production under Embroider (#23388 )	2023-09-11 09:12:37 +01:00
topic_bulk_select_spec.rb	WIP: Experiemental Bulk Topic Actions Dropdown (#25245 )	2024-01-25 09:12:06 -07:00
topic_list_focus_spec.rb	DEV: Remove flaky spec (#24795 )	2023-12-08 11:43:17 -05:00
topic_map_spec.rb	DEV: add system test for topic map (#25242 )	2024-01-17 19:25:18 +08:00
topic_page_spec.rb	DEV: Update custom array implementations for Ember 5 compatibility (#24435 )	2023-11-20 13:26:46 +00:00
user_activation_spec.rb	FIX: Pass email correctly when resending activation email (#23741 )	2023-10-02 13:00:29 +01:00
user_selector_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
viewing_category_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
viewing_group_members_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
viewing_navigation_menu_preferences_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
viewing_sidebar_as_anonymous_user_spec.rb	UX: support links in tag descriptions (#22994 )	2023-08-16 11:43:54 -04:00
viewing_sidebar_mobile_spec.rb	DEV: Fix various rubocop lints (#24749 )	2023-12-06 23:25:00 +01:00
viewing_sidebar_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
viewing_user_menu_spec.rb	DEV: Add setUserMenuNotificationsLimit plugin-api method (#25119 )	2024-01-09 08:38:00 +08:00
viewing_user_private_messages_spec.rb	DEV: Fix `ember/no-private-routing-service` (#24009 )	2023-11-29 12:26:52 +01:00