discourse/app/jobs/regular
David Taylor 5238f6788c
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.

`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

This implementation is purely server-side, and does not impact the composer preview.

Technically, there are two stages to this feature:

1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute

2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 15:23:04 +01:00
..
admin_confirmation_email.rb UX: show user email address on "grant admin access" email and UI 2019-11-04 14:47:00 +05:30
anonymize_user.rb FIX: Destroy invites of anonymized emails (#13404) 2021-06-17 10:45:40 +03:00
automatic_group_membership.rb UX: drop the automatic_membership_retroactive column from groups model. (#9430) 2020-04-22 22:07:39 +05:30
backup_chunks_merger.rb PERF: Remove database query when publishing to staff users. 2020-04-27 11:50:21 +08:00
bulk_grant_trust_level.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
bulk_invite.rb DEV: pull email address validation out to a new EmailAddressValidator 2022-02-17 21:49:22 -05:00
bulk_user_title_update.rb FIX: Unassign user titles when a badge is deleted (#9573) 2020-05-02 18:02:28 -07:00
bump_topic.rb DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698) 2021-01-19 13:30:58 +10:00
clear_slow_mode.rb DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698) 2021-01-19 13:30:58 +10:00
close_topic.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
confirm_sns_subscription.rb SECURITY: Improve validation of SNS subscription confirm (#14671) 2021-10-20 22:20:52 +01:00
crawl_topic_link.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
create_avatar_thumbnails.rb DEV: Remove gifsicle dependency (#10357) 2020-10-16 13:41:27 +03:00
create_backup.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
create_linked_topic.rb FIX: when creating linked topics make sure they belong to same category (#11188) 2020-11-11 00:44:27 +05:30
create_user_reviewable.rb Link website when reviewing users 2020-02-19 10:18:05 -05:00
critical_user_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
delete_inaccessible_notifications.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
delete_replies.rb FEATURE: Allow durations < 1 hour and < 1 day for topic timers where duration is specified (auto delete replies, close based on last post) (#11961) 2021-02-05 10:12:56 +10:00
delete_topic.rb DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698) 2021-01-19 13:30:58 +10:00
download_avatar_from_url.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
download_backup_email.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
download_profile_background_from_url.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
emit_web_hook_event.rb DEV: decrease webhook timeout and move to 'low' priority queue. (#14038) 2021-08-13 10:41:02 +05:30
enable_bootstrap_mode.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
export_csv_file.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
export_user_archive.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
feature_topic_users.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
generate_topic_thumbnails.rb FIX: Handle a deleted topic in thumbnail generation 2020-05-11 13:32:37 -03:00
group_pm_alert.rb FIX: Update group inbox notifications on archive/unarchive (#16152) 2022-03-11 11:57:47 +01:00
group_pm_update_summary.rb FIX: Update group inbox notifications on archive/unarchive (#16152) 2022-03-11 11:57:47 +01:00
group_smtp_email.rb DEV: Upgrade to Rails 7 2022-04-28 11:51:03 +02:00
index_category_for_search.rb FIX: don't error-index category job when missing category 2020-12-01 09:30:53 +08:00
invite_email.rb FIX: Correctly use invite to topic email templates (#12411) 2021-03-16 17:08:54 +02:00
invite_password_instructions_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
make_embedded_topic_visible.rb FIX: Concurrency issues with making topic embedded posts visible 2020-04-20 15:11:59 -04:00
mass_award_badge.rb FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571) 2021-07-15 05:53:26 +03:00
merge_user.rb PERF: run user merging task in a background job. (#10961) 2020-12-10 15:52:08 +11:00
notify_category_change.rb FIX: correct notification when tag or category is added (#8801) 2020-01-29 11:03:47 +11:00
notify_mailing_list_subscribers.rb FIX: Do not send emails to mailing_list_mode subscribers for PMs (#14159) 2021-08-26 15:16:35 +10:00
notify_moved_posts.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notify_post_revision.rb FIX: Use destroy_all instead of delete_all for shared drafts 2020-03-05 11:13:43 -08:00
notify_reviewable.rb FIX: Clear stale status of reloaded reviewables (#13750) 2021-07-16 19:57:12 +03:00
notify_tag_change.rb PERF: Perform user filtering in SQL (#13358) 2021-06-11 10:55:50 +10:00
open_topic.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
post_alert.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_update_topic_tracking_state.rb FEATURE: Display unread and new counts for messages. (#14059) 2021-08-25 11:17:56 +08:00
process_bulk_invite_emails.rb FIX: Zeitwerk-related fixes for jobs. (#8219) 2019-10-21 20:25:35 +03:00
process_email.rb DEV: Add created_via column to IncomingEmail (#11751) 2021-01-20 13:22:41 +10:00
process_post.rb FEATURE: Pull hotlinked images immediately after posting 2022-05-23 14:28:02 +01:00
process_sns_notification.rb DEV: Add bounce_error_code to EmailLog (#15948) 2022-02-15 14:17:26 +10:00
publish_topic_to_category.rb DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698) 2021-01-19 13:30:58 +10:00
pull_hotlinked_images.rb FEATURE: Allow hotlinked media to be blocked (#16940) 2022-06-07 15:23:04 +01:00
pull_user_profile_hotlinked_images.rb FIX: Skip pulling hotlinked images for nil user bio (#16901) 2022-05-24 11:52:13 +01:00
push_notification.rb FIX: Mobile app notification urls w/ subfolder (#12282) 2021-03-04 07:07:37 -07:00
rebake_custom_emoji_posts.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
rebake_posts_for_upload.rb FIX: Mark secure media upload insecure automatically if used for theme component (#8413) 2019-11-28 07:32:17 +10:00
remove_banner.rb DEV: adds support for bannered until (#13417) 2021-06-24 11:35:36 +02:00
retrieve_topic.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
run_heartbeat.rb DEV: Replace Time.new with Time.now (#9142) 2020-03-09 17:37:49 +01:00
send_push_notification.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
send_system_message.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
suspicious_login.rb DEV: Use strings for :user_email job type argument 2022-02-04 18:28:18 +00:00
sync_acls_for_uploads.rb PERF: Speed up secure media and ACL sync rake tasks (#16849) 2022-05-23 13:14:11 +10:00
sync_topic_user_bookmarked.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
toggle_topic_closed.rb DEV: Split toggle topic close job (#11679) 2021-01-13 08:49:29 +10:00
topic_action_converter.rb FIX: Limit personal message participants when converting from topic (#9343) 2020-04-03 16:42:01 +01:00
topic_timer_base.rb DEV: Change Topic Timer from enqueue_at scheduled jobs to incrementally executed jobs (#11698) 2021-01-19 13:30:58 +10:00
truncate_user_flag_stats.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
unpin_topic.rb DEV: adds support for bannered until (#13417) 2021-06-24 11:35:36 +02:00
update_gravatar.rb FIX: Gravatar download attempt if user is missing their email 2020-09-02 20:19:46 -06:00
update_group_mentions.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
update_hotlinked_raw.rb FEATURE: Pull hotlinked images immediately after posting 2022-05-23 14:28:02 +01:00
update_post_uploads_secure_status.rb PERF: Update post uploads secure status in a job (#13459) 2021-06-21 19:15:24 +03:00
update_s3_inventory.rb FEATURE: Add hidden setting to disable configuration of inventory bucket 2020-01-14 17:23:12 +01:00
update_top_redirection.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
update_topic_upload_security.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
update_username.rb FIX: Don't raise error in update username job if user has been deleted. 2020-09-02 11:17:17 +08:00
user_email.rb DEV: Accept force_respect_seen_recently argument in UserEmail job (#16460) 2022-04-18 13:32:11 -05:00