Fix leancloud counter security bug #137
Conversation
|
|
| leancloud_visitors: | ||
| enable: false | ||
| security: false |
ivan-nginx
Feb 12, 2018
Member
Add short readme for dependencies here.
Add short readme for dependencies here.
|
the link on the readme is not available now. |
|
Is it better to default to |
| leancloud_visitors: | ||
| enable: false | ||
| security: false |
wafer-li
Feb 14, 2018
Member
Why not default to true?
Why not default to true?
ivan-nginx
Feb 14, 2018
Member
Because need to install plugin separately.
Because need to install plugin separately.
wafer-li
Feb 15, 2018
Member
Yes, I mean just like the gitmint, default to true, and ask the user to install the plugin.
Security is important, isn't it?
Yes, I mean just like the gitmint, default to true, and ask the user to install the plugin.
Security is important, isn't it?
ivan-nginx
Feb 15, 2018
Member
Important, but LC can work without security plugin.
Important, but LC can work without security plugin.
| } | ||
| }); | ||
| {% if theme.leancloud_visitors.security %} | ||
| console.log('Counter not initialized!'); |
ivan-nginx
Feb 15, 2018
•
Member
Ok, i see what here is security option just add warning in console log. There is some my 5 cents on it:
- Replace
console.log with hexo.log.warn for better warning message.
security can be set to true by default. So, if user wan't to install security plugin, he can turn off security option. If he don't know about security (newbie in NexT) and just turn on LC option, he will seen this warning message with following instructions to install plugin.- Warning message should be informative. Instead of
Counter not initialized! something like ATTENTION! LeanCloud counter have security bug, for solve it see here: https://github.com/theme-next/hexo-leancloud-counter-security.
OR
We can just cut out security option and add in NexT config comments under leancloud options what there are some security issues and can be solved under the plugin link. For now option — it's just console warning, no more. Who know about this — will know, option will be useless, i think. 1 excess interation in swig. That's what i suggest.
Ok, i see what here is security option just add warning in console log. There is some my 5 cents on it:
- Replace
console.logwithhexo.log.warnfor better warning message. securitycan be set totrueby default. So, if user wan't to install security plugin, he can turn offsecurityoption. If he don't know about security (newbie in NexT) and just turn on LC option, he will seen this warning message with following instructions to install plugin.- Warning message should be informative. Instead of
Counter not initialized!something likeATTENTION! LeanCloud counter have security bug, for solve it see here: https://github.com/theme-next/hexo-leancloud-counter-security.
OR
We can just cut out security option and add in NexT config comments under leancloud options what there are some security issues and can be solved under the plugin link. For now option — it's just console warning, no more. Who know about this — will know, option will be useless, i think. 1 excess interation in swig. That's what i suggest.
LEAFERx
Feb 15, 2018
Author
Contributor
but this file is excuted in browser where there is no hexo.log.warn
but this file is excuted in browser where there is no hexo.log.warn
ivan-nginx
Feb 15, 2018
Member
Oh! So, why this warn needed if user will not see it?
Oh! So, why this warn needed if user will not see it?
LEAFERx
Feb 15, 2018
Author
Contributor
because if they turn on the security but not install the plugin and follow the instruction to config th e Leancloud background, the counter will not work at all
because if they turn on the security but not install the plugin and follow the instruction to config th e Leancloud background, the counter will not work at all
|
now the error msg on browser is like this: |
|
Yeah, it's good for now! Well done! |
|
so the config is default to true now. |
|
Em.. i think need to false. But other guys sugessted to true it. Need to make a decision about it.
Also, need to provide some badges for this repo. NPM link, version, compatability, etc. Post not found: https://leaferx.online/2018/02/11/lc-security/ |
|
badges added. |
|
Now that docs has been released. |
|
Question need discussion: what default value of security should be set |
|
Guys, can we please to deside this option? |
|
@wafer-li @tsanie @maple3142 @ivan-nginx |
|
@LEAFERx @tsanie @maple3142 @ivan-nginx What about making a vote? I still vote for default to |
|
@sli1989 @wafer-li @tsanie @maple3142 anybody of u can today translate from CN docs to EN docs? |
|
It's better for @LEAFERx to do it... |
stevenjoezhang
changed the title
fix leancloud counter security bug
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number(s): #25