github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-05 03:00:15 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,850 Commits 1 Branch 0 Tags
1ba46be7104e36613ad2d57b0c032f533fada359
Commit Graph

4850 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jordan Milne
1ba46be710 Force HTTPS: Check the value of the 'secure_session' cookie 2014-09-05 14:09:40 -07:00
Jordan Milne
6a51465e5e Put the 'security' tab behind a feature flag 2014-09-05 14:09:35 -07:00
Jordan Milne
1d148afbe1 Set c.user when logging in 
This fixes an issue with PostController.login where we didn't know
the user's HTTPS preferences at the point when they logged in
 2014-09-05 14:09:30 -07:00
Jordan Milne
b4df9a6781 Respect the https_forced property when setting cookies client-side 2014-09-05 14:08:46 -07:00
Jordan Milne
fc053abab5 Merge HTTPS prefs page with OTP page, require a password to toggle 
This way we can invalidate all sessions session cookies that may
have been sent in the clear, as well as ensure that people who
can't remember their password don't get bit by the "remember me"
flag not being tracked.
 2014-09-05 14:08:41 -07:00
Jordan Milne
9e20cc125a Allow forcing HTTPS upon employees 2014-09-05 14:08:35 -07:00
Jordan Milne
7a4fa77a23 Redirect through HSTS granting / revoking endpoint on base domain 
Since grants / revokes only happen on the base domain for simplicity,
we need to redirect through an endpoint on the base domain whenever
we perform an action that might change a user's HSTS eligibility.
 2014-09-05 14:08:30 -07:00
Jordan Milne
b70556a3ab Add support for forced HTTPS with HSTS grants 
Right now we only give HSTS grants when the user is on g.domain
so we can easily revoke the grant. We also track changes to the
forced HTTPS pref accross sessions and modify the user's session
cookies as needed.
 2014-09-05 14:08:25 -07:00
Brian Simpson
a5f61e9ed0 Don't break existing users of POST_report. 
Continue to support sending the Thing's fullname as the "id".
 2014-09-03 02:32:57 -04:00
Brian Simpson
85a9223dce Add report reasons for Links and Comments. 2014-09-03 02:32:50 -04:00
Matt Lee
d2404e4108 Make PromoteLinkNew subclass of PromoteLinkBase. 
Not needed at this point, but for consistency.
 2014-09-02 14:36:13 -07:00
Matt Lee
7346abd833 Update sponsored/roadblock page with new UI. 2014-09-02 14:36:12 -07:00
Matt Lee
74f845cc75 Update sponsored/report page with new UI. 2014-09-02 14:36:12 -07:00
Matt Lee
724f1a1f43 Update sponsored/inventory with new UI. 2014-09-02 14:36:12 -07:00
Matt Lee
7aa0e2b56e Make min/max constraints in timing_field optional. 2014-09-02 14:36:11 -07:00
Matt Lee
c1c653fac0 Allow setting default targeting type for targeting_field. 2014-09-02 14:36:11 -07:00
Matt Lee
0e9c5cd2f1 Remove dependency on fill_campaign_editor from sponsored.js methods. 2014-09-02 14:36:11 -07:00
Matt Lee
a045074435 Make PromoteLinkEdit inherit from PromoteLinkBase. 
Add methods for getting form data to PromoLinkBase.
 2014-09-02 14:36:11 -07:00
Matt Lee
788549415b Allow updated UI on pages other than promoted/edit_promo. 2014-09-02 14:36:11 -07:00
Brian Simpson
50d358de0b Support collections on promoted/inventory page. 2014-09-02 14:36:10 -07:00
Matt Lee
becce7f835 Collapse creative editor when opening campaign editor. 2014-09-02 14:36:10 -07:00
Matt Lee
a193428007 Always enable the new campaign button when closing the campaign editor. 2014-09-02 14:36:10 -07:00
Brian Simpson
9236d0ef49 default_thing_wrapper: Don't set rowstyle_cls, it will get overwritten. 
Builder also calls add_props, which completely overwrites the attribute.
 2014-09-02 01:56:25 -04:00
Brian Simpson
774c28ed7b Don't fire pixels or fetch trackers on requested ads. 2014-09-02 01:56:19 -04:00
Brian Simpson
5243f25f4a Allow all users to view a requested ad. 
Previously this was only allowed for sponsors or the owner of the ad.
 2014-09-02 01:56:11 -04:00
Brian Simpson
43f7c27d31 Fix location targeting for sponsors. 
Also return 403 responses for invalid location targets, rather than
setting location to None.
 2014-09-02 01:56:02 -04:00
Brian Simpson
f3b1eab25f Allow sponsors to location target collections at house priority. 2014-09-02 01:55:56 -04:00
Roger Ostrander
b0ffed3ddd Details, userpage: Preserve referers 2014-09-02 14:29:09 -04:00
Brian Simpson
dcb727930e Keep midcol spacing for deleted/removed comments. 2014-08-28 04:30:57 -04:00
Brian Simpson
ed1951823a Obey sort when fetching morechildren. 2014-08-28 04:30:57 -04:00
Brian Simpson
b497b4f962 GET_info: allow lists of things. 2014-08-28 04:30:57 -04:00
Brian Simpson
2b58de12aa api: Separate GET_info and GET_button_info. 2014-08-28 04:30:52 -04:00
Chad Birch
5361dd7d74 Add a simple admin tool for giving users creddits 2014-08-27 16:13:07 -06:00
Brian Simpson
0f5ea44692 Toolbar: make comment layout like the regular site. 2014-08-27 14:43:23 -04:00
Brian Simpson
0a02ac7465 Set domain_override for new promos. 2014-08-27 14:43:23 -04:00
Brian Simpson
5d5c17581a Remove the concept of trusted sponsor accounts. 2014-08-27 14:43:23 -04:00
Brian Simpson
57f1623d3f Link: Add domain_override to defaults. 2014-08-27 14:43:23 -04:00
Brian Simpson
6354355afc Add closing paren for domain override label. 2014-08-27 14:43:18 -04:00
Brian Simpson
8c4c2b70b5 inventory: Don't penalize if all targets have been allocated. 2014-08-26 22:35:15 -04:00
umbrae
9361596d68 Register hooks on app load rather than inline 2014-08-23 00:09:05 -07:00
umbrae
52f99bcaea PM new users a welcome message. 2014-08-23 00:08:51 -07:00
Keith Mitchell
29cab429de OAuth2: Manual token revocations 
Clients may now revoke tokens when they are finished. Though
not required, revocation allows clients to "dispose" of no
longer needed credentials.

This implements RFC 7009
 2014-08-22 18:13:12 -07:00
Keith Mitchell
cefef7d8d2 OAuth2: Don't call get_token with empty ID 2014-08-22 18:13:12 -07:00
Brian Simpson
35918c0843 Show collapsed comment when numchildren is clicked. 2014-08-21 23:36:12 -04:00
Brian Simpson
305f66b06e Fix hiding/showing of tagline for comments collapsed for a reason. 2014-08-21 23:36:05 -04:00
Jordan Milne
f064a08b66 Plug several leaks of (username, flair) pairs for deleted users 
Thanks to /u/rotorcowboy for the report!
 2014-08-21 13:55:43 -07:00
Gavin
70bcb4b39b CSS Filter: Add 'order' to CSS SAFE_PROPERTIES 
Allow the order property for sorting flex items
 2014-08-21 13:55:43 -07:00
ArrestedDevelopment
dc131319a6 CSS Filter: Add 'will-change' to SAFE_PROPERTIES 
In the browsers that support it, this property will allow for GPU-accelerated animations.
 2014-08-21 13:55:43 -07:00
ArrestedDevelopment
138e43e2b4 CSS Filter: Add 'cubic-bezier' to SAFE_FUNCTIONS 2014-08-21 13:55:43 -07:00
Brian Simpson
c588a8cda1 SitewideTraffic: Show top 250 subreddits. 2014-08-20 23:29:11 -04:00