Commit Graph

23 Commits

Author SHA1 Message Date
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Kyle Zhao
80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Christoph Holtermann
bed26ea0b3 fix indentation 2018-06-25 15:01:39 +10:00
Christoph Holtermann
a0af15d525 no redeclaring state 2018-06-25 15:01:39 +10:00
Christoph Holtermann
e874afaf31 read embed state info from data attribute 2018-06-25 15:01:39 +10:00
Christoph Holtermann
5914a3db20 Update embed.html.erb
Small fix
2018-06-25 15:01:39 +10:00
Christoph Holtermann
2244f19ff9 Update embed.html.erb
Add state descriptor to message being sent to parent window
2018-06-25 15:01:39 +10:00
Pat David
aa009dd2b5 Add @embeddable_css_class from embed_controller 2017-05-11 15:16:16 -04:00
Sam
5dd752877e FEATURE: try adding some preload hints for chrome 2017-04-17 11:52:43 -04:00
Arpit Jalan
fe29fe71c5 FIX: embedding comments was broken 2017-04-14 08:14:22 +05:30
Sam
3f4f0b32a9 FIX: path wizard showing with no style 2017-04-13 15:22:39 -04:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Robin Ward
71bac0c342 Add page title and charset to embedded HTML 2015-09-18 16:12:56 -04:00
Robin Ward
bd631e343a FEATURE: Can create stylesheets for embedded comments 2015-08-10 10:21:04 -04:00
Robin Ward
f2e17af130 Add staff and new user colours to embedded discourse. Also link
usernames to profiles.
2014-03-20 16:04:50 -04:00
Robin Ward
e8ee490778 Extract breaking up a string into a separate file, include it in
embedded view.
2014-03-20 14:34:51 -04:00
Robin Ward
375719edfb FIX: Links in the iframe should all be target=_blank 2014-03-20 10:57:36 -04:00
Robin Ward
c762e3c4b1 Support for scrolling to another post in the iframe; more complicated than you'd think! 2014-01-03 14:45:59 -05:00
Robin Ward
4f8aed295a FEATURE: Embeddable Discourse comments, now with simple-rss instead of feedzirra 2013-12-31 15:01:22 -05:00
Robin Ward
62db063e1e Revert "Support for Embeddable Comments via IFRAME" - it depends on Curl
which not every server has. Have to rethink this.

This reverts commit e3e4c62887.
2013-12-31 12:52:31 -05:00
Robin Ward
e3e4c62887 Support for Embeddable Comments via IFRAME 2013-12-31 12:26:24 -05:00