github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 14:19:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
eeb84806bc
discourse/app/views
History
Robin Ward 1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER 
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
..
about FIX: title was repeating on about page 2018-11-28 08:06:14 +05:30
admin/backups FEATURE: further restrict downloading of backups 2017-03-01 08:28:34 -07:00
application UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
badges FIX: in case of orphan user records skip badge 2019-08-30 17:21:34 +10:00
categories FEATURE: change layout when default page is category to tabular for _… (#7270) 2019-04-04 15:57:18 +02:00
common FIX: properly load desktop and mobile only plugin css assets. 2019-08-22 08:39:10 +05:30
default FIX: Add a title to the groups pages 2016-07-25 14:24:43 -04:00
email FEATURE: add option to always send excerpts in emails 2019-08-06 12:45:28 -04:00
embed DEV: better class names for Flexbox 2019-09-09 21:33:53 +05:30
exceptions FIX: provides an emoji helper to replace codes by images (#7802) 2019-06-26 15:11:04 +02:00
finish_installation Upgrade to FontAwesome 5 (take two) (#6673) 2018-11-26 16:49:57 -05:00
groups UX: Add og metadata for groups. 2018-02-22 15:03:41 +08:00
invites FIX: better handling of invite links after they are redeemed 2018-05-08 20:17:57 +05:30
layouts FEATURE: Allow embedding to ignore HTTP REFERER 2019-09-10 12:27:07 -04:00
list FIX: URL encode usernames in user profile links in RSS feeds 2019-07-18 23:18:23 +02:00
metadata DEV: Add support for Rails 6 2019-05-02 16:23:25 +10:00
offline FIX: HTML lang attribute expects hyphen instead of underscore 2018-08-20 13:55:58 +02:00
posts FIX: RSS feed must have unique GUID 2016-02-22 18:28:09 +05:30
qunit UX: improvements to admin theme UI 2018-09-17 09:49:53 +10:00
robots_txt Revert "FEATURE: add Noindex to robots.txt for disallowed routes" 2019-07-30 11:33:38 +10:00
safe_mode Upgrade to FontAwesome 5 (take two) (#6673) 2018-11-26 16:49:57 -05:00
search UX: better title on search page 2017-10-27 09:13:04 +05:30
session SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
static FEATURE: add OpenGraph data to /login page 2019-05-23 07:03:01 +05:30
tags FEATURE: show tags in crawler view of tags page for static site 2019-06-06 12:55:37 +10:00
topics FIX: URL encode usernames in user profile links in RSS feeds 2019-07-18 23:18:23 +02:00
user_api_keys FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
user_notifications Fix some broken styles 2019-07-30 16:46:20 -04:00
users UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
users_email FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
wizard Upgrade to FontAwesome 5 (take two) (#6673) 2018-11-26 16:49:57 -05:00