Also stop extra-quoting them on the backend. Apparently, pylons already quotes cookies on the way out, leading to some cooke being doubly escaped. Correspondingly, aggressively decode loidcreated in JS to counteract any badly-formed cookies.
The thumbnail scraper is crashing on unusual og:image tags, when they
don't have a content= attribute. Example from the wild:
<meta property="og:image">
This just gets rid of the assumption that the attr will be there, so
that it can carry on finding a thumbnail as normal if an unusual tag is
encountered.
Lumen is making some changes to the way they check for authentication
tokens in API requests. Instead of updating this header, we're just
going to remove it since it was already unnecessary to be sending (since
our auth token is being sent in the JSON data).
This will let us see how often different number of comments are viewed
and how much time it takes to generate the order. This will help us decide
how to set precomputed_comment_sort_min_comments.
This reverts commit 1d99057d0bd6037d66ac2218fd80a9e58138ecd8.
There have been complaints of redirect loops etc. I'm going to debug
this further before recommitting.
Issue: newsletterbar was showing up on unintended pages (namely, our 404 error page, and Contact Us page). The newsletter prompt should only show up on Listings pages.
Fix: show_newsletterbar now defaults to False, and build_listing in the listingcontroller explicitly sets show_newsletterbar=True on render_cls instantiation. Because the new default for show_newsletterbar is False, I was able to remove the places where that bool was explicitly set (all in pages.py)
fixup: use self.show_newsletterbar over getattr
* add global `g.enable_loggedout_experiments`
* The new syntax available is `{"experiment": { "loggedout": true, ... }}`
* Unify the code path to get whether the experiment is enabled with the one to get the experiment variant.
* add additional test cases to `experiment_test.py` and organize `loid` mocking there.
* Fixup mocking in `feature_test.py`
*NOTE*: this is a first pass, and still won't work:
1. on cached pages if we turn the CDN back on
2. on the *first* page impression by a user before they get a loid (though this case is handled).
We've long wanted the ability to run A/B tests; they make it much easier to
test out potential behavior, and reduce the self-selection bias you get through
opt-in betas. This commit adds A/B-type experiment support to the feature
flagging system.
Currently, only server-side checks and tests on logged-out users are directly
supported. This is purely to scope down the feature enough to make it easier
to get a v1 out.
Normally, if a moderator leaves a top-level comment on a post and
distinguishes it, we send an orangered to the author of the post even if
they have "send replies to my inbox" disabled for that post. This is
done since a distinguished top-level comment is often used to give important
information to the author (such as why the post was removed).
However, since AutoMod distinguishes its comments "directly" by just
setting the attribute, this logic wasn't being checked for its comments,
and it hasn't been sending orangereds in cases where it should be. This
commit fixes that, and ensures that it'll always send one whenever it's
commenting on a post.
If a comment gets distinguished and hasn't already been sent to the
parent's author's inbox (due to them having replies disabled), we send a
notification. This is so that users see if a moderator leaves a comment
in reply to one of their posts (often as a reason for removing it).
However, when doing this, we were previously calling queries.new_comment
to send the notification. There are multiple other unnecessary updates
done by this, which can result in strange errors like the comment
showing up twice in the subreddit's comments listing.
This commit changes to just call queries.update_comment_notifications
directly, since that's the only step in new_comment that we actually
needed to be doing.
This moves the creation of a CachedQueryMutator inside
update_comment_notifications, to simplify the process of calling it
directly.
Related to that, the CachedQueryMutator inside new_comment is
now only created when it's needed in the (rare) spam-related cases,
since it no longer needs to create one to be able to call
update_comment_notifications.
If an image is more than 2x taller than wide, we crop it down to a 2x
ratio when generating the image previews. However, the calculation of
the different preview resolutions wasn't accounting for this maximum,
and was still using the original ratio. Because of this, for tall
images, the reported preview heights were incorrect.
The comment order will be computed and stored in permacache when
a comment is added or a comment is voted on. Then when the link's
comment listing is viewed it can be read from permacache.
get_comment_scores expects scores to exist for all comments present
in the CommentTree. To ensure this is true, write the scores before
writing the CommentTree.
Redirecting to the client's `redirect_uri` for any error was an
open redirect. Only redirecting as a result of user action ensures
we're checking errors and only sending a resource owner to a new
page if they've seen the authorize page and have taken some action.
Thanks to /u/avlidienbrunn for reporting!
The interactive debugger was previously generating HTTP URLs even when
on HTTPS. This is because it uses wsgi.url_scheme to determine which
scheme to use when generating URLs and because we're using the paste
server in development, this environment variable was not being set
appropriately. PasteDeploy's PrefixMiddleware will set the variable
correctly based on X-Forwarded-Scheme / X-Forwarded-Proto which we
were already sending from haproxy.
