Some parts of the key can change between `pre()` and `post()`, most
commonly due to an endpoint forcing a particular `c.extension` or
`c.render_style`.
In particular, endpoints that used `api/json_validate` were affected
when requested with no extension. They would never hit the page cache.
Now that we have protocol-relative media objects, there's no need to
maintain HTTP and HTTPS variants of subreddit stylesheets. Instead,
we'll start writing all new stylesheets with protocol-relative image
URLs. Old subreddits will continue to use their protocol-specific
stylesheets for now until new stylesheets are uploaded or existing ones
migrated.
Since we have an HTTPS-capable CDN in front of our S3 static domains
now, it's far faster for clients to use the CDN on HTTPS as well rather
than going straight to (high-latency) S3.
This patch makes it so that we continue to store URLs with explicit HTTP
schemes but instead of conditionally converting to HTTPS, we render
protocol-relative URLs. This should be safe for systems using the
filesystem media provider as we've installed an SSL cert there all
along.
Since the introduction of the media providers and the default
installation of the filesystem media provider, it's no longer necessary
for local / non-AWS installs to use dynamically served stylesheets.
This patch removes that option to reduce complexity in the stylesheet
flows.
Only 1 `autofocus` attribute is allowed per the spec. Having two
was causing it to randomly choose between the two username fields.
Since we handle this manually in the modal I've removed it there.
On /login we only want it on the login field.
Previously this was being done with can_reply, but that can make
archived comments, comments in subreddits the user is banned from, etc.
ungildable. Now that comment-saving is available to all users (and not
just ones with gold like it was at the time), can_save is a better
indicator to use.
This extra data does tell us how many timer samples were averaged out
before being reported to tallier, but in general it causes us confusion
and takes up space in packets and we've never really needed it.
Since this page is accessible to non-mods, it doesn't make much sense to title
it "edit moderators" - people who can't edit anything can see it.
Also, while I was messing around in here, I noticed the titles we put on these
pages are awfully generic. I didn't want to touch too many things, so we're
only adding a subreddit suffix to this page.
reddit uses Google Analytics[0] as a tool to track events on the reddit.com
website, which allows for gathering page load and user event data while
keeping users anonymized. However, with the high volume[1] of traffic
that reddit recieves, the data collection limit[2]-- even with a premium
account-- is often surpassed by a large volume.
Wikpedia states[3] "... sampling is concerned with the selection of a
subset of individuals from within a statistical population to estimate
characteristics of the whole population." We can, using this principle,
send a small portion of user events to Google Analytics collection
endpoints rather than sending the entire data set and achieve a
reasonable approximation of global user behavior without exceeding
reasonable data usage limits as defined by Google Analaytics.
In order to achieve this, the Google Analytics javascript library
provides a method to set a sampling rate[4], a percentage from 1-100.
By calling:
```
_gaq.push(['_setSampleRate', '80']);
```
One can set the sample rate to 80% of users. In reddit's case, I suggest
a default sampling rate of 50%. Here, I have added the `_setSampleRate`
properties to the `_gaq` object created within `utils.html`. It gets its
value from the config, which allows for easy value changes and avoids
using a 'magic value' set multiple places in the code.
[0] - https://www.reddit.com/help/privacypolicy#p_22
[1] - https://www.reddit.com/r/AskReddit/about/traffic
[2] - https://support.google.com/analytics/answer/1070983?hl=en
[3] - http://en.wikipedia.org/wiki/Sampling_(statistics)
[4] -
https://developers.google.com/analytics/devguides/collection/gajs/methods/gaJSApiBasicConfiguration#_gat.GA_Tracker_._setSampleRate
Port over some colors from the desktop site, add a bit of padding so things
aren't right on the borders of the screen, and remove the brick at the bottom
of the page, since it only makes sense with alt-text and mobile clients don't
tend to support hovering.
This is the only scss file we have, and we don't change it often, so it's not
really integrated into the asset-building pipeline. In the future, if we don't
get rid of it entirely, we'll probably convert it to less, but in the mean
time, let's make it slightly easier to work with.
I reverse-engineered these instructions, so they might not be exactly what
we've used previously.
In particular, I'm probably using a different version of the gems, which would
explain why the additional import was needed.
Allows proxy accounts to send the username of the user that the
gilding is being done on behalf of. This will still use a creddit
from the proxy account, but everything else related to the gilding will
be associated with the actual purchaser, to enable things like replying
to the gilding messages, update the gilder's trophy and /gilded page,
etc.
For some app pools that are selected based on the incoming request
source, such as whoalane, we may want to apply the ratelimit to ALL
kinds of requests to ensure that resources are being used fairly. This
adds a strict enforcement mode which can be enabled in the config. Oauth
will continue to be enforced per-client ID but all other requests will
get the sitewide ratelimit.
The CDN exemption should not take precedence over OAuth since OAuth may
be coming through a CDN but will always be configured to bypass CDN
caching.
The non-API exemption moves down as well for consistency though it will
have no direct effect here as all OAuth requests should be API.
Previously we were forcing the comment score collapse threshold to the
default for all users, regardless of what they had it set to. This
allows them to use the blank setting, since there's no method of using
that to determine the hidden scores.
The gold message is sent to the gildee with the gilder as the author,
but the username is hidden through the user of the display_author attr.
display_author and display_to fields have been added to keep track of
the labels to be displayed. If there is a display_to field, then it is
a reply to an anonymous message (one that started with a display_author).
A warning will be appended to messages that have display_to saying that
their identity will be revealed if they reply.
The intent is to further provide simple commands for common tasks in a
way consistent with staging and production as well.
reddit-start: start all reddit code
reddit-stop: stop all reddit code
reddit-restart: restart one or all reddit service(s)
reddit-flush: flush all memcached keys
Increase max connections for backend reddit in haproxy.cfg. We have not
nailed down the cause of these timeouts yet, but this definitely solves
it in a VM environment.
We'd like to have an easy way to push out changes to a subset of users before
going to everyone. Like with the previous change to add subreddit filtering,
toggling features by subdomain gives us that ability fairly cheaply.
(There is also a more sophisticated [betamode plugin], but it's designed for
more heavyweight needs and requires more setup for each test.)
[betamode plugin]: https://github.com/reddit/reddit-plugin-betamode
