We got a message from Google Webmaster Tools letting us know they'd like to
pretend to be a mobile device and crawl our mobile pages, but can't, because we
disallow it in our `robots.txt` rules. We have canonicalization set up to
point towards desktop pages, so we shouldn't be hurt by allowing this.
We should also at some point provide two-way annotations to let them go from
desktop -> mobile[0], but for now this should suffice.
[0]: https://developers.google.com/webmasters/mobile-sites/mobile-seo/configurations/separate-urls
This is a tiny little touch-up of the flair selector box that just adds a
little more space between things, because I was annoyed at looking at it. As
far as my choices for things:
* The `.flairselector h2` change was to make it consistent with the other
dividing lines in the box.
* The button margin was chosen to be consistent with the "add" button on
/about/moderators.
I decided not to mess with the wonky vertical alignment on the flair because
that gets changed by subreddits' customizations to flair display, so it's
probably not worth it to try and make it look better.
The goal of a login ratelimit system is to prevent brute force attacks
on passwords.
The current login ratelimit system is based on VDelay which uses
exponential backoff based on IP address after failed login attempts.
This is not ideal because of corporate proxies and LSN causing the
number of false positives to be very high resulting in users getting
the dreaded "you've been doing that too much".
This new system uses a factored out version of the core ratelimiting
system which uses fixed ratelimits per period (allowing some burstiness)
and is per-account. To help mitigate the effects of a denial of service
attack on a specific user, different ratelimit buckets are used
depending on whether or not the user has used the IP the login request
is coming from before.
As an escape hatch, successfully resetting an account's password adds
the current IP to that account's recent IPs allowing it into the safer
ratelimit bucket.
The ratelimit never applies if you are currently logged in as the user,
allowing account deletion to happen regardless of ongoing brute force /
denial of service attacks.
Currently, the subreddit selector when submitting a new link "/r/subreddit/submit" says "Popular Choices" and then lists the subreddits you are subscribed to.
I find this to be a big misnomer, as they are not popular choices at all, they are just a list of your subscribed subreddits. "Popular choices" implies that these are things other people have selected as well.
I know, it's super nitpicky, but I thought it might make more sense this way.
[Reported by][0] /u/josh64.
When the message RSS feeds were created, they erroneously had an extra timezone
appended to the `dc:date` element, which causes validation errors.
In most of the feeds we rely only upon `pubDate`; it's not clear to me why we
additionally use `dc:date` in the few places we do, but I suppose it doesn't
hurt anything. The other two places using it are `subreddit.xml`, which never
had the extra timezone, and `comment.xml`, in which it was removed three years
ago (reddit/reddit@5675398). This fixes the last incorrect instance.
Note: Although the reporter says they got an error in the W3C validator and the
format is clearly wrong, in my tests the validator passed the previous,
incorrect feed. *shrug*
[0]: http://redd.it/2r1plf
The styling for the compact register page got messed up with our changes to the
login/register flow. Eventually perhaps we'll restyle them, but for now leave
them be.
This is building on f752c15, which did the same for login.
[Reported by][0] /u/shamelessguy.
[0]: http://redd.it/2pwite
Switching to unitless variables for all font-size, line-height, padding and margin
styles requires assigning those variables a unit when using (e.g. @var * 1px). I
failed to do this in a couple spots, causing the selftext box to lose its padding and
look totally weird.
Also raises the left padding on lists. Numbers on ordered lists were falling outside
of the comment's container, and getting clipped off. This also looked totally weird.
This does _not_ bump the version number of react, it just uses the version
with addons bundled in. These are mostly utility features, but the main
reason is for the animations addon. Trying to add CSS transitions to elements
entering or exiting the DOM _without_ this addon would be a major pain.
Commit 8f1ab15 addressed an issue we were seeing where some subreddit had
huge font sizes with the new markdown styles applied. The solution was to
structure the styles such that <p> elements had a default font-size of 1em,
which worked well. Unfortunately, because of the way that the sidebar styles
are structured (and because I kind of forgot about them in that solution),
this caused the opposite problem for some subreddits' sidebars: tiny text.
This applies the same solution to the sidebar text, and does a little bit
of refactoring along the way.
This replaces most references to absolute numbers with variable references.
A scale of font sizes, line heights, and margins used are defined at the top
of the file, and pretty much everything references those (except for small
stuff like borders.). I thought this was slightly easier to reason about than
doing `font-size: @base + 2;` kind of stuff, but it might be a little
overboard.
Some subreddits use tables for special layout purposes, and the new default
background colors for rows often needs to be overridden. Since the effect is
pretty subtle anyways, its probably better to just remove it altogether.
If a subreddit wants to change the default text color (e.g. for a dark theme)
they'd need to override the color for the .md element and each header tag
(h1-h6) individually. This makes it so the header tags inherit from the .md
element to make this less painful.
This makes the fast cache key safe for the memcache ASCII protocol.
NOTE: This will need to be rolled out in a safe manner (usually a downtime) in order to avoid any data integrity issues.
This function is meant to allow all of our Relation code to use the same
key, making it easier to change. It also required a refactor of the
_fast_cache code a bit to operate on cache keys instead of tuples.
