IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
57a3d4e0d2
discourse/app/controllers
History
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental) 
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
2020-06-03 13:19:57 +10:00
..
admin FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
users FIX: correctly remove authentication_data cookie on oauth login flow 2020-03-21 14:34:25 -07:00
about_controller.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
application_controller.rb FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
badges_controller.rb FEATURE: add noindex header to badges, groups, and /my pages (#9736) 2020-05-11 15:05:42 +10:00
bookmarks_controller.rb FEATURE: Optionally delete bookmark when reminder sent (#9637) 2020-05-07 13:37:39 +10:00
categories_controller.rb Revert "FEATURE: category setting for default list filter." 2020-05-30 20:53:53 +05:30
category_hashtags_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
directory_items_controller.rb FIX: move total rows count & load more URL inside meta. 2020-04-03 07:32:50 +05:30
draft_controller.rb FIX: Raise a 4xx error instead of a 5xx if draft data is invalid 2020-04-25 11:47:22 +03:00
drafts_controller.rb SECURITY: Respect topic permissions when loading draft metadata 2020-03-23 11:30:40 +00:00
email_controller.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
embed_controller.rb FEATURE: Create New Topic button on embed with params (#8280) 2019-11-01 14:19:10 -05:00
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb fix the build. 2019-12-24 15:56:44 +05:30
extra_locales_controller.rb FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
finish_installation_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
forums_controller.rb DEV: shutdown_ok parameter to /srv/status 2020-03-09 14:06:13 -07:00
groups_controller.rb FEATURE: Send a private message when a group membership is accepted (#9822) 2020-05-26 16:28:03 +03:00
highlight_js_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
inline_onebox_controller.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
invites_controller.rb PERF: Use more efficient query when checking for existence. 2020-05-29 15:47:05 +08:00
list_controller.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
metadata_controller.rb PERF: Reduce number of queries from 3 -> 1 when fetching web manifest. 2020-06-02 12:04:02 +08:00
notifications_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
permalinks_controller.rb FIX: Check for permalinks before showing the 404 page 2020-03-23 16:31:07 -07:00
post_action_users_controller.rb FIX: Do not raise an error if the post action type is nil (#9458) 2020-04-17 14:23:33 -03:00
post_actions_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb FIX: sending messages to groups with non-lowercase names 2020-05-27 14:52:08 -06:00
published_pages_controller.rb FEATURE: allows to to style published page with themes/plugins (#9570) 2020-04-28 18:24:24 +02:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_claimed_topics_controller.rb FIX: Make reviewable claiming work with deleted topics (#9040) 2020-02-25 15:49:23 +02:00
reviewables_controller.rb FIX: Only show the review page to users that can see it. Do not publish the reviewable count update message to everyone. (#9556) 2020-04-27 14:51:25 -03:00
robots_txt_controller.rb FEATURE: Allow customization of robots.txt (#7884) 2019-07-15 20:47:44 +03:00
safe_mode_controller.rb FEATURE: Always disable customizations on the /safe-mode route (#9052) 2020-02-28 10:53:11 +00:00
search_controller.rb FEATURE: unconditionally skip indexing on search controller 2020-02-28 09:21:31 +11:00
session_controller.rb FEATURE: tighten rate limiting rules for forgot password 2020-05-08 13:30:51 +10:00
similar_topics_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
static_controller.rb FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
svg_sprite_controller.rb DEV: Allow 3-digit HEX color code in single icon route 2020-05-14 16:37:45 -04:00
tag_groups_controller.rb DEV: Tag group improvements (#8252) 2019-10-30 16:57:13 +01:00
tags_controller.rb FEATURE: add noindex header to tags pages (#9748) 2020-05-12 10:44:46 -04:00
theme_javascripts_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
topics_controller.rb DEV: simplify detailed_404 logic 2020-05-28 10:54:02 -07:00
uploads_controller.rb UX: Allow secure media URLs to be cached for a short period of time 2020-05-18 15:00:41 +01:00
user_actions_controller.rb FEATURE: Quick access panels in user menu (#8073) 2019-09-09 11:03:57 -04:00
user_api_keys_controller.rb FEATURE: Hash user API keys in the database (#9344) 2020-04-07 16:42:52 +03:00
user_avatars_controller.rb FIX: Return blank avatar when downloading an avatar is not possible due to file size 2019-10-22 12:05:36 -03:00
user_badges_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
users_controller.rb DEV: Refactor away conditionals that we don't need. 2020-06-02 10:40:29 +08:00
users_email_controller.rb FIX: When admin changes another user's email auto-confirm the change (#9001) 2020-02-20 09:52:21 +10:00
webhooks_controller.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00