mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 05:03:58 +08:00
57a3d4e0d2
In some restricted setups all JS payloads need tight control. This setting bans admins from making changes to JS on the site and requires all themes be whitelisted to be used. There are edge cases we still need to work through in this mode hence this is still not supported in production and experimental. Use an example like this to enable: `DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"` By default this feature is not enabled and no changes are made. One exception is that default theme id was missing a security check this was added for correctness. |
||
---|---|---|
.. | ||
admin_controller_spec.rb | ||
api_controller_spec.rb | ||
backups_controller_spec.rb | ||
badges_controller_spec.rb | ||
color_schemes_controller_spec.rb | ||
dashboard_controller_spec.rb | ||
email_controller_spec.rb | ||
email_styles_controller_spec.rb | ||
email_templates_controller_spec.rb | ||
embeddable_hosts_controller_spec.rb | ||
embedding_controller_spec.rb | ||
emojis_controller_spec.rb | ||
groups_controller_spec.rb | ||
impersonate_controller_spec.rb | ||
permalinks_controller_spec.rb | ||
plugins_controller_spec.rb | ||
reports_controller_spec.rb | ||
robots_txt_controller_spec.rb | ||
screened_emails_controller_spec.rb | ||
screened_ip_addresses_controller_spec.rb | ||
screened_urls_controller_spec.rb | ||
search_logs_spec.rb | ||
site_settings_controller_spec.rb | ||
site_texts_controller_spec.rb | ||
staff_action_logs_controller_spec.rb | ||
themes_controller_spec.rb | ||
user_fields_controller_spec.rb | ||
users_controller_spec.rb | ||
versions_controller_spec.rb | ||
watched_words_controller_spec.rb | ||
web_hooks_controller_spec.rb |