Conversation
Add a server-rendered submit button to the public user preferences form so Firefox/Tor-style no-JS sessions can persist theme and activity badge preferences without client-side JavaScript. Validation: - npx playwright test --project=firefox-nojs tests/e2e/firefox-nojs-public.spec.ts - npx playwright test --project=chromium tests/e2e/posting-thread.spec.ts tests/e2e/password-boards.spec.ts tests/e2e/media.spec.ts - cargo fmt --all --check - cargo clippy --workspace --all-targets --all-features -- -D warnings -D clippy::all -D clippy::pedantic -D clippy::nursery -D clippy::cargo - cargo test --workspace --all-features
Compact inline report, self-action, and admin post controls so they align with post metadata rows across desktop and mobile. Bump RustChan metadata and docs to 1.2.2.
Add server-generated CAPTCHA images, validate submitted answers once per challenge, and wire the new fields through post submission. Update posting forms, route handling, admin/setup text, and frontend validation to remove the browser PoW solver.
Use an Arc<TorClient<_>> to hold the bootstrapped Tor client so the final handle can be shared and kept alive; update the keep-alive comment to state that dropping the final Tor client handle closes Tor circuits and kills the onion service. Also add an explicit Arc type annotation and adjust expression grouping for clarity.
…porting, adding server-rendered CSRF-protected controls when JavaScript is unavailable while preserving the existing JavaScript menu/modal experience.
Make CSRF and board-access cookies respect the actual transport of each request. Add OptionalConnectInfoPeer extractor (FromRequestParts) to surface ConnectInfo, introduce ensure_csrf_with_secure and ensure_csrf_for_request helpers that choose the Secure cookie flag using should_set_public_secure_cookie(headers, peer). Update many handlers to accept request headers and the optional peer and call ensure_csrf_for_request. Refactor board unlock flow to build the access cookie with the per-request secure flag and add tests asserting the Secure attribute follows the request. Also refactor thread edit error rendering to accept and forward the CSRF cookie secure setting.
Introduce RequestTransport and SecureCookieContext to carry peer and direct_https info from requests, add middleware to set RequestTransport in the router, and propagate SecureCookieContext through handlers instead of raw SocketAddr. Refactor should_set_secure_cookie to accept the context (and add should_set_secure_cookie_with_config), update admin CSRF cookie helpers to take a secure flag, and apply these changes across admin, board, thread handlers and cookies logic. Update tests to reflect the new transport/context behavior.
Improve multipart upload handling by distinguishing between an explicitly submitted filename and an empty/unselected file control. If a file part has a non-empty submitted filename but zero bytes, return BadRequest; if the file control is empty/unselected, ignore it and treat it as absent. Added tests covering named zero-byte uploads and empty unselected file controls. Also update upload finalize payload to omit primary_thumb_path when the thumb path is an empty string and add a test for that behavior.
Drop CHECKSUMS_FILE_NAME from the list checked in write_root_checksums so the routine no longer requires that file to be present. In the admin backups template, generate manual_part_options via split_zip_part_size_options(4), replace the hard-coded <option> elements with the generated {manual_part_options}, and pass the new variable into the format! call. This consolidates part-size option rendering and avoids duplicated hard-coded markup.
Make runtime setup more robust and tighten config/duplication behavior: - Ensure all expected runtime directories are created during migration. - Stop falling back to defaults on settings.toml parse errors; print a concise error and exit (exit code 78) to avoid leaking parse details or secrets. - Prevent reuse of dedup cache entries from other boards by requiring cached file/thumb paths to belong to the same board. Add helper functions for path checks and a unit test covering cross-board dedup avoidance.
Add ARIA labels to various form fields and textareas (thread, reply, edit, captcha, poll options, uploads, board password, search, report reason) and update tests to expect them. Improve modal keyboard behavior by tracking the active trigger when opening report/edit modals and restoring focus on close; ensure ESC closes the report modal. Update CSS to improve responsive word-wrapping, form focus styles, board-access password styling, and some layout/size tweaks; add theme-specific error banner colors. These changes enhance accessibility, keyboard navigation, and responsive layout.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.