Polish localization missing key
↧
↧
User API keys specification
@sam wrote:
We are looking to introduce API keys that can be generated by end users.
This feature facilitates "application" access to Discourse instances without needing to involve moderators.
As it stands all API keys must be generated by admins, further more all generated API keys have full read/write access and no special per key caps.
Use cases:
Desktop applications that poll Discourse sites on behalf of end users to get notification counts across multiple sites.
Mobile applications that poll Discourse sites on behalf of end users and handles push notifications
Web applications that provide a dashboard for end users about various Discourse sites.
Custom integrations with 3rd party apps that consume Discourse as part of a general company app. Eg: integrate Discourse community notifications into hopscotch app.
The design:
Site Settings
- allow_readonly_user_api_keys: default on (allow users to generate read only api keys)
- allow_write_user_api_keys: default off (allow api keys with write access)
- max_user_api_calls_per_key_day: 3600
- max_user_api_keys: 10 (maximum number of keys that can be created)
- min_trust_level_for_api_keys: 1 (require this trust level for api key access)
- allowed_push_notification_targets:
https://api.discourse.org/push(list of sites that can be targets for push notifications)- allowed_api_token_redirect:
https://api.discourse.org/publish_tokenrequired for auth flow on iPhone appUX changes
User page changes
If any user api keys were granted we will display a new apps tab in the user page.
The apps tab will list:
- The name of the application eg: ("Discourse Notifier on Sam's iPhone")
- Last use date
- Level of access (read or read/write)
- A revoke button so you can easily revoke any keys
API Key authorization UI
Every key will have to be explicitly authorized by end users in a page that clearly explains what is going on, for example:
The application, Discourse Notifier, would like read access to Meta Discourse.
Push notification will be published toapi.discourse.org[Grant Access] [Cancel]
API key generation flow
API only requires a single GET request on the users end.
http://sitename.com/api_key/generateMethod:
GET
Params:
redirect_url: url to redirect back to with the generated token
push_url: url to push notifications to (required and valid only ifpushaccess level is requested)
client_id: a unique identifier for the client
access_level: comma delimited list with either:read,write,pushAfter
/api_key/generateis called with correct params 2 things may happen
- If user is not logged on, we will redirect to login (after login we will resume authorization)
- Once a user is logged on they will be presented with the authorization UI
After authorization is allowed system will redirect back to the redirect_url, this will only include one param which is the
api_keythat was generated.client_idis not echoed back for extra security.This is a draft and we are still fleshing out all details.
Consuming the API
Consuming the client API will be somewhat different that the current admin API.
Client must specify 2 headers:
Discourse-Api-Keyand
Discourse-Api-Client-IdOnce those headers are specified client can perform requests against the API just as they would normally.
Discourse-Api-Client-Idmust match the client id that requested the key, if it does not the request will be rejected.
Posts: 3
Participants: 2
↧
Site uses https but links only recognised with http
@jamesmarkcook wrote:
I've noticed that my new site uses https whereas my old site uses http. I don't remember specifying this anywhere and can't find an option other than force SSL. This is unchecked.
When people post site links into topics, the site links are being treated as though they're external links. When I switch those links to http they're recognised as internal links.
Does anyone know whereabouts I've misconfigured something?
Thanks for your help.
Posts: 3
Participants: 2
↧
Creation of Staged Users with blacklisted mail addresses
@rriemann wrote:
Hello,
I put a domain in email domains blacklist but Discourse still creates staged users for its mail addresses. Is this a bug? How can I prevent this?
Best,
Robert
Posts: 2
Participants: 2
↧
Unable to use Google Cloud Load Balancing for Discourse
@vinothkannans wrote:
I know currently Discourse team only recommending DigitalOcean officially. I just want to confirm few things with following issue.
I am able to install Discourse flawlessly in Google Compute Engine. Also am able to configure it with Google Cloud Load Balancing. But after that whenever I try to delete my topic or post or draft GCLR refusing to serve json DELETE method with body content. For more details you can see the issue below.
https://code.google.com/p/google-compute-engine/issues/detail?id=381
And their official reply to this issue is
The load balancer does not allow a DELETE request with a body. A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request. These kind of requests (with a payload) are rejected at the Google frontend service.
They are not ready to fix this problem and they labelled this issue as
WontFix. Now my question is why they are not supporting it? Is there any security problems behind it. Is it best practice to use like this.
Posts: 3
Participants: 2
↧
↧
[Suggestion] Don't show a category's own name when in a category that has sub-categories
@AstonJ wrote:
When browsing a category that has sub-categories, I don't think we need to show that categories name if you are browsing its page - it's not necessary as you know you are in that category. It also makes the page look cluttered - worse when you use the block style or when category names are longer.
Current:
Suggested:
Posts: 10
Participants: 6
↧
In-reply-to: Load more
@phisch wrote:
I want to propose a "load more"-indicator when expanding the "in-reply-to"-section as well as the "answers"-section.
Posts: 3
Participants: 3
↧
Tag answers with "Pro"/"Contra"
@phisch wrote:
I think a cool feature for discussing one single thesis is to tag one's answer with "Pro" or "Contra".
This could be enabled or disabled per Category.Is there a mechanism for filtering answers? If yes, filtering for different Opinions would be great.
Posts: 1
Participants: 1
↧
Ways Prevent Members Posting Sensitive / Confidential Information
@alexs wrote:
Are there any plugins / built in features that can be enabled to prevent users from posting sensitive / confidential information or for that information being displayed, once posted, in Discourse? For example, personal phone numbers or bank account number (information that has a standard format so 16 / 9 etc. numbers).
I have seen this post
but I'm looking for a solution that can be adopted while waiting for the feature to be implemented. I'm expecting members to post sensitive information in the meantime, without realising the implications.
Posts: 3
Participants: 2
↧
↧
Embedding Content on a site with 'X-Frame-Options' to 'SAMEORIGIN'
@tfoote wrote:
I've been following the instructions from the
admin/customize/embeddingmenu to setup embedding comments on a website.However my site is a Jekyll template hosted on GitHub Pages. There's a thread here with the same subject however the solution does not work around the main problem that I'm seeing:
Refused to display 'http://XXX/embed/comments?embed_url=http%3A%2F%2FXXX%2FYYY%2F' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.After searching I found that GitHub's policy is to block X-Frame-Options in this Stack Overflow thread They appear to have relaxed the restriction from
denytoSAMEORIGINin the intervening time, but the security implications make sense why they have the policy.Since embedding the remote content is blocked my workaround was to copy the embed.js from my discourse instance onto the static site as a local resource. And then modify the embed script as below:
<div id='discourse-comments'></div> <script type="text/javascript"> DiscourseEmbed = { discourseUrl: 'http://discourse.example.com/', discourseEmbedUrl: 'http://example.com/blog/entry-123.html' }; (function() { var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true; d.src = localSiteUrl + 'javascripts/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d); })(); </script>Replacing
d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';with
d.src = localSiteUrl/js/discourse-embed.js';This means that the iframe embedding comes from the same origin but is fragile as the embed code can no longer be auto updated when my discourse site is updated.
Two questions:
- Does anyone have a better suggested work around? Might there be a more minimal embeded javascript that I could use that would bring in a version from discourse that does not generate the iframe remotely?
- And secondly how fragile is this copying process, aka how often might it be expected that I need to update the embed.js going forward?
Posts: 1
Participants: 1
↧
Is docker hostname the same as the subdomain for email setup?
@Jacobpossibly wrote:
Hi im wondering if im supposed to use the discourse hostname i put in app.yml to setup my mailgun account.
is it the same or are they supposed to be different sub domains?I'm using cloudflare for dns and mailgun for email, ive enabled the cf template but cant seems to get the dns to verify or send any emails
can anyone give me a general outline of a good setup to use?
not sure to use mail.domain.com, email.domain.com, post.domain.com, discourse,domain.com etc...
Posts: 3
Participants: 2
↧
Unable to create Vagrant local installation
@vinothkannans wrote:
I followed the instruction below to install Discourse on my local windows system
http://blog.discourse.org/2013/04/discourse-as-your-first-rails-app/
I got below error after the command
bundle exec rake db:migrate
Could not find module pretty-text/pretty-textError raised on the line
== Seed from /vagrant/db/fixtures/500_lounge_category.rb
Posts: 1
Participants: 1
↧
Avatar Badges for Groups
@neil wrote:
A customization that people keep asking for is to show a little badge on user avatars based on group membership. This was first done on the Twitter Developers forums:
and has since sprung up here on Meta, on Turtle Rock in multiple forms, and other places.
![]()
![]()
Those are implemented with CSS which is fragile and often renders them where they shouldn't...
It's time to build this into Discourse!
Badge?
First, I don't know if "badge" is the best word for them because we already have Badges. Is there another term we could use?
Group settings
Since these avatar badges are shown based on a user's primary group, they can be defined in the group settings. I imagine something like this:
Some other additions:
- include these badges by default for the admins and moderators groups.
- ability to show these based on trust level?
Posts: 4
Participants: 3
↧
↧
Nginx Bad Gateway - hitmanforum
@ampburner wrote:
Hi,
Yesterday my Digital Ocean instance stopped working. I had not made any changes to configuration, nor had I updated recently. It just stopped working.
I logged on to the server to find that:
=> / is using 95.2% of 39.25GB => There is 1 zombie processAfter reading this thread https://meta.discourse.org/t/502-bad-gateway-nginx-issue/44391
I ran
./launcher cleanup Starting cleanup (bytes free 0) Finished Cleanup (bytes free 827856) ./launcher start appThen the instance came online again.
Is this simply an symptom of my droplet running out of disk space or are there other things that I should investigate?
What are my options - it seems to me that 40Gb ought to be enough to run a discourse install (roughly 2 years and counting).
Are there ways to archive old discussions, file uploads, or other temp files.
Please advise.
update:
followed @codinghorror's tips here
still lots of usage.
Ncdu:
root@discourse:~# cd /var/discourse root@discourse:/var/discourse# ncdu ncdu 1.10 ~ Use the arrow keys to navigate, press ? for help --- /var/discourse/shared/standalone -------------------------------------------------------- /.. 7.1GiB [##########] /backups 6.7GiB [######### ] /uploads 3.7GiB [##### ] /postgres_data 1.5GiB [## ] /log 798.6MiB [# ] /postgres_backup 376.0MiB [ ] /vendor_bundle 295.7MiB [ ] /postgres_dataX 217.3MiB [ ] /redis_data 37.0MiB [ ] /postgres_data_new 112.0KiB [ ] /postgres_run 28.0KiB [ ] /state Total disk usage: 20.7GiB Apparent size: 20.5GiB Items: 96163
Posts: 3
Participants: 2
↧
Multiple keys in poll/server.en need pluralization
@meglio wrote:
The following keys need pluralization:
- poll.edit_window_expired.cannot_change_polls
- poll.edit_window_expired.op_cannot_edit_options
- poll.edit_window_expired.staff_cannot_add_or_remove_options
Posts: 1
Participants: 1
↧
Why can't polls be removed after 5 minutes of being posted?
@Drew_Warwick wrote:
Polls can't be edited or removed after 5 minutes of being posted. I can understand not being able to edit them as a user because if you have a poll that reflects 90% of votes wanting to do A and only 10% wanting to do B, you can edit the titles of the options and fudge the results to appear as 90% for B and 10% for A. But removing a poll? That removes all the votes and you'd have to start from scratch if you added another poll.
I don't see how removing a poll could be abused. Am I missing something? Why can't polls be removed completely after 5 minutes of being posted?
Posts: 5
Participants: 2
↧
Emails are skipped, not being sent
@noamoss wrote:
Hi,
I just installed new Discourse (1.7.0 Beta 2 + 8)
For unknown reason I keep getting "[Sender] 501 Syntax error on the mail logs."Already checked the following:
- Host name was declared as domain, not using IP.
- separate separate services for posting (pop3) and delivering.
- I am using Hebrew locale, but same issue also when I tried to swtich to English.Notification email address was defined as noreply@discourse.my_subdomain, and did not work also when I tried info@discourse.mydomain.
Any idea?
Posts: 5
Participants: 2
↧
↧
How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?
@opalizoid wrote:
I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?The hosting is DigitalOcean.
I'm scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.
Posts: 2
Participants: 2
↧
Customizing header
@swarnava wrote:
is it possible to add link beside search icon? I know I can add link using header, but seems like i cant the option to add link just beside search icon!
Thanks
Posts: 2
Participants: 2
↧
Support RTL blocks for LTR-layout website and vice versa
@SafaAlfulaij wrote:
Users would like sometimes to write both RTL and LTR text in one single post.
Right now, the direction of everything in the website (including text editor and posted posts) depends on the layout of the language used. Arabic means RTL and English means LTR.
It would be helpful if one can choose that he wants these paragraphs to be opposite the direction of the website.
I tried:<div dir="rtl"> … </div>to force a direction change since HTML is supported, but that didn't do anything, even if it does on GitHub.
If the above works, then it will be enough as a first step
Posts: 5
Participants: 4
↧
More Pages to Explore .....
