IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-29 04:03:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
57a3d4e0d2
discourse/config
History
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental) 
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
2020-06-03 13:19:57 +10:00
..
cloud/cloud66 DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
environments DEV: Add silencer for verbose query logs in development. 2020-06-02 12:15:31 +08:00
initializers DEV: Add REDIS_RAILS_FAILOVER env to test our new redis failover. 2020-06-02 17:24:14 +08:00
locales FIX: EmailValidator needs to validate format of email. 2020-06-03 10:34:37 +08:00
application.rb DEV: Add REDIS_RAILS_FAILOVER env to test our new redis failover. 2020-06-02 17:24:14 +08:00
boot.rb DEV: Remove logging when redis is terminated 2019-06-21 10:31:48 +01:00
cdn.yml.sample Initial release of Discourse 2013-02-05 14:16:51 -05:00
database.yml DEV: correct parallel specs rake tasks 2019-12-31 14:07:55 +11:00
deploy.rb.sample enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00
discourse_defaults.conf FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
discourse.config.sample enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00
discourse.pill.sample Improve bluepill sample config. 2014-01-31 16:09:35 -05:00
environment.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
logrotate.conf Replace Clockwork with Sidetiq 2013-08-14 21:39:40 +02:00
multisite.yml.production-sample DEV: Remove db_id from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf Address @Supermathie's concerns in PR1430 2013-09-30 16:28:22 -04:00
nginx.sample.conf FIX: Serve .ico files without nginx 404 for secure media uploads (#8826) 2020-01-31 12:45:02 +10:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
routes.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
sidekiq.yml FEATURE: introduce ultra_low priority queue 2019-01-17 14:53:19 +11:00
site_settings.yml FEATURE: notify admins about old credentials (#9918) 2020-06-01 13:49:27 +10:00
spring.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
thin.yml.sample Add sample Capistrano deployment files 2013-05-02 19:53:37 -07:00
unicorn_launcher FIX: Increase timeout when trying to reload unicorn. 2018-12-04 13:43:14 +08:00
unicorn_upstart.conf enough with the malloc limit, not needed 2016-05-25 21:09:07 +10:00
unicorn.conf.rb DEV: Avoid reaching for Redis#_client which is considered deprecated. 2020-06-02 11:46:55 +08:00