Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: master
Commits on Aug 31, 2015
  1. @Deimos

    Update messaging labels to try to reduce confusion

    Deimos authored
    There has been a long-standing issue with users sending modmail when
    they're trying to make a new text post to the subreddit. From examining
    a number of examples of this happening, it appears that they tend to do
    this by going to a message page (inbox/unread) by clicking the envelope
    icon, then they click the "compose" tab, and type the name of the
    subreddit into the "to" box.
    
    This commit updates several labels to make it more clear that it's a
    private message that's going to be sent, not "posting a message
    publicly".
  2. @Deimos
Commits on Aug 27, 2015
  1. @bsimpson63

    Increment the modmail counter on messages sent by the subreddit.

    bsimpson63 authored
    72a2cc6 was only counting messages sent to the subreddit.
  2. @xiongchiamiov
  3. @xiongchiamiov
  4. @Deimos
  5. @Deimos
Commits on Aug 26, 2015
  1. @JordanMilne
  2. @JordanMilne

    Make `_wsf()` keep the original spacing by default

    JordanMilne authored
    The space compressor has a habit of changing the semantics of text,
    and we generally work around it by `text.replace(" ", " ")`.
    
    We know that the format string passed to `_wsf()` won't contain HTML,
    so we don't have to worry about mucking with spaces between attributes.
    Just automatically work around the space compressor by default.
  3. @JordanMilne

    Correct `num_reports` perm checks for Link JSON templates as well

    JordanMilne authored
    Thanks to a report by /u/wicro
  4. @MelissaCole

    Send events on muted user forbidden actions

    MelissaCole authored
    If a muted user attempts to message a subreddit, the details text is
    "muted". If a subreddit attempts to message a user that has been muted,
    the details text is "muted mod".
  5. @MelissaCole
  6. @MelissaCole

    Add muting capability for modmail

    MelissaCole authored
    Mods are able to mute a user from modmailing in for 24 hours.
    They can click 'mute user' on the modmail of the sender they
    want to mute or go to /about/muted to manage all of the muted
    users.
    
    If the user has interacted with the subreddit, they will be
    messaged about the muting. If a subreddit or user try to
    message each other when the user is muted, they will get an
    error message and it won't go through.
Commits on Aug 25, 2015
  1. @JordanMilne

    Add an HSTS pixel to pick up policies on the base domain

    JordanMilne authored
    That way when you're browsing on www.reddit.com, you'll always have
    an up-to-date policy for .reddit.com as well.
  2. @JordanMilne
  3. @JordanMilne
  4. @JordanMilne

    Add new loggedin HTTP cache policy

    JordanMilne authored
    This should fix the issues with Firefox forcing a reload when hitting
    the "back" or "forward" buttons in the browser.
  5. @JordanMilne

    Add loggedin cache poisoning detection using a canary cookie

    JordanMilne authored
    There've been a few instances in the past where we poisoned downstream
    caches with loggedin responses for several hours before realizing it was
    happening. Each time we only realized it once a user reported that they
    were being logged in as someone else.
    
    This PR attempts to make it easier to detect upticks in cache poisoning
    by adding a cache poisoning canary[0] cookie. The canary cookie is a
    random, non-identifying, persistent cookie that is included in every
    request and sent back with every loggedin HTML response. If the canary
    in the response is different from the one we would have sent, we know
    that cache poisoning occurred.
    
    If the client detects it has been served an improperly cached page,
    it tries to gather extra data about the page (such as some of the
    headers sent with response for the current page.) With those, we can
    often figure out _how_ the cache was poisoned (did CF cache it, did
    an intermediary proxy mess with the `Cache-Control` headers?) We can
    also sometimes find out what was served with the poisoned response,
    and if the victim is now likely able to perform actions as the poisoner.)
    
    We also keep track of what cache policy was used, so we can experiment
    with incremental rollout of new cache policies and see how they affect
    the incidence rate of poisoned caches.
    
    We keep track of the overall cache poisoning report rate in tallier,
    and send a more detailed report to event-collector so we can figure
    out what's causing all the poisonings and who was affected after the fact.
    
    [0]: https://en.wikipedia.org/wiki/Buffer_overflow_protection#Canaries
  6. @JordanMilne

    Add script to test HTTPS cert compatibility on the client side

    JordanMilne authored
    This gives us a way to test if a cert will likely cause problems
    when used in production, and see who it will cause issues for.
  7. @JordanMilne
  8. @JordanMilne

    Patch out problematic endpoints in the pylons error app

    JordanMilne authored
    This has since (July 2015) been fixed upstream, but it hasn't been
    packaged for many (any?) distros yet.
  9. @Deimos

    Revert "Traffic page: add notice for June 26-28 data loss"

    Deimos authored
    This reverts commit b48efd8f72f32b6698be2a96c29a5ecc18f1b5a4.
  10. @florenceyeun

    Increase line height for user page moderator box

    florenceyeun authored
    It was too squashed with the stamps.
  11. @florenceyeun
Commits on Aug 24, 2015
  1. @dwick
  2. @dwick
  3. @dwick
  4. @dwick

    Require sponsor emails before paying

    dwick authored
    Previously emails were required to access the system at all.
  5. @dwick
  6. @dwick
  7. @dwick

    Allow header to be optionally removed

    dwick authored
    Used on /advertising
  8. @kjoconnor
  9. @Deimos

    Password reset emails: attach to relevant account

    Deimos authored
    Emails are only getting associated with a specific account if they're
    queued up due to an action by a logged-in user. This is impossible with
    password-reset requests and the subsequent email for a successful
    change, but those should definitely be associated with the account that
    is being reset.
  10. @bsimpson63
  11. @florenceyeun
Something went wrong with that request. Please try again.