Commit graph

94 commits

Author SHA1 Message Date
Phoenix Eliot
c24e81aebb Redirect with same protocol as request
Try using // instead of explicit protocol
2016-09-09 14:59:41 -07:00
Rob Blanckaert
af3e069828 Merge pull request #3872 from codecombat/filter-domains
Code Review: Filter domains for webdev iFrame
2016-09-08 17:46:00 -04:00
Rob Blanckaert
9619ff5a0a Try harder to find the ip address, and dont split the ipaddress if we didnt find it. 2016-09-07 13:46:45 -07:00
Phoenix Eliot
6cbc6452fc Actually do filter safe paths, but allow any other domain 2016-09-06 17:10:58 -07:00
Phoenix Eliot
b08c1af038 Simplify logic now that we're not redirecting safe paths 2016-09-06 16:24:40 -07:00
Phoenix Eliot
bdabee865c Filter domains for webdev iFrame
This serves the web-dev surface iFrame from another domain, such that user-created levels can't sniff cookies from a visitor to their page. It forces a redirect if a path is accesses through the wrong domain.

Use ENV variables for hostnames

Allow messages from all relevant domains

Use the right iFrame URL for different domains

Let the load balancer check /healthcheck

Add special handling for china server

Generalize subdomain handling
2016-09-06 16:17:38 -07:00
Scott Erickson
af9f7201d0 Finish new CreateAccountModal 2016-07-07 15:56:41 -07:00
Scott Erickson
0581ffde82 Clean server test logging 2016-06-17 10:35:22 -07:00
Scott Erickson
464c432ca6 Handle ua.Version not having a split function, log it 2016-05-16 10:42:13 -07:00
Scott Erickson
1489df3f23 Show messages that IE9 and IE10 are deprecated, fix and clean existing systems
* Trim index_old_browser.html (shown on /play/) to simple page
* Fix useragent middleware to attach where needed
* Show IE alert on all pages on application init
2016-05-04 15:05:55 -07:00
Rob Blanckaert
d56be14dbb Merge pull request #3550 from codecombat/region-refactor
Use host header to let any server serve any region
2016-04-13 15:17:47 -07:00
Rob
e635396b8a Use host header to let any server serve any region 2016-04-13 15:12:11 -07:00
Scott Erickson
f1f1c23fd4 Refactor /auth endpoints for #3469
* Take `/server/routes/auth` and move most of the logic to `/server/middleware/auth`, refactoring to use generators.
* List all `/auth/*` endpoints in `/server/routes/index.coffee`.
* Fill in testing gaps for `/auth/unsubscribe`.
* Add debug log when `sendwithus` is not operational, so it 'works' in development and testing.
* Use passport properly!
* Track Facebook and G+ logins in user activity as well as passport logins.
2016-04-12 12:07:11 -07:00
Scott Erickson
c20ed58f9f Have dev proxy return 502 when proxy fails, rather than calling next 2016-04-08 10:14:47 -07:00
Scott Erickson
8ff80fc92d Add npm 'proxy' script for developing client on prod server 2016-04-07 13:59:38 -07:00
Scott Erickson
29cd880480 Refactor handlers to /server/handlers 2016-04-07 09:40:53 -07:00
Matt Lott
3dd322986a Update Slack message destinations
Using ops and dev-feed more, reducing noise on general.
2016-03-21 05:36:44 -07:00
Matt Lott
5d71acba05 Replace HipChat with Slack 2016-03-18 17:05:21 -07:00
Nick Winter
e5dda556c6 Add Mandate configuration for session save delays 2016-03-14 16:39:05 -07:00
Scott Erickson
ebc98f988f Refactor CreateAccountModal out of AuthModal, add class code to signup 2016-03-10 10:52:11 -08:00
Scott Erickson
a2249f8df1 Add return-to-admin (turn off espionage mode) 2016-03-04 10:43:17 -08:00
Scott Erickson
7fb08f343a Refactor /db/article to use generators 2016-02-22 16:03:21 -08:00
Rob
0aa3418e44 Add PicoCTF backend support. 2016-02-16 16:44:35 -08:00
Nick Winter
b39883209c Remove a couple server logs 2015-12-16 16:39:44 -08:00
Scott Erickson
7c516c4d9f Move product information to the db 2015-12-14 11:10:50 -08:00
Rob
32861b025a Support sending performance information to stats. 2015-11-17 14:57:12 -08:00
Nick Winter
6773f1e876 Check all languages instead of just first for country servers 2015-11-03 09:42:17 -08:00
Scott Erickson
94d29d2e8a Move trailing slash removal to client Router, make client route "/play/" work for facebook 2015-10-21 16:55:48 -07:00
Nick Winter
f723fcbd39 Fix geolocation code 2015-10-12 13:12:34 -07:00
Nick Winter
5dde55c1f3 Add premium server recognition for Brazil 2015-10-09 08:05:34 -07:00
Nick Winter
cd0c252b14 Disabled some logging now that chinaVersion appears to be working. 2015-08-08 12:26:20 -07:00
Nick Winter
b8da7f547f More fixes for geoip stuff. 2015-08-08 11:28:39 -07:00
Nick Winter
fc0a6513f3 Fixing some bugs in the geoip and language detection stuff. 2015-07-31 14:32:32 -07:00
Nick Winter
e43addf55b Debugging chinaVersion inconsistencies. 2015-07-27 11:35:20 -07:00
Nick Winter
62e8ee624c Made chinaVersion detection fire only when the language is Chinese. 2015-03-23 17:00:29 -07:00
Nick Winter
b4ea78e5cb Implementing alternative pricing with Alipay in China to support dedicated China server. 2015-03-23 15:26:44 -07:00
Michael Schmatz
a16ae2b5bc Changed read prefs and enabled middleware 2015-03-21 21:49:32 -04:00
Michael Schmatz
c25d36ee76 Temporarily disable redirection middleware 2015-03-21 14:27:35 -04:00
Michael Schmatz
fcf52cfbf7 Added undefined checking to accepted language 2015-03-20 17:47:17 -04:00
Michael Schmatz
5a7666fca3 More read nearests and changed redirection 2015-03-20 16:33:03 -04:00
Michael Schmatz
cfa09a3239 Added redirection to Chinese servers based on location and language 2015-03-19 15:25:24 -04:00
Nick Winter
b4e9ee67f0 Added one-minute in-memory server caching for a bunch of common queries. 2015-02-26 17:20:27 -08:00
Nick Winter
63fa2f86d4 Tracking who is simulating matches so we can see patterns in ill-reported matches. Rejecting simulations from simulators with old versions of the Simulator code. 2015-02-11 20:24:12 -08:00
Scott Erickson
ba1ffe194c Deferring user creation until after the client app loads, to try and lower the massive number of anonymous users that are created. 2015-01-05 14:43:20 -08:00
Nick Winter
e4c6d07a4a Added keyboard shortcuts to move, resize, minor-rotate, and toggle collision for Thangs in the level editor. Fixed some issues with stretchy Thangs and collision shapes not updating. Fixed #1699. Fixed #57. Colored collision overlays according to collision categories. 2014-12-20 13:39:51 -08:00
Nick Winter
d801ed61ce Separating contact emails into premium subscriber support and basic general support. 2014-12-18 20:35:14 -08:00
Scott Erickson
32f0bc745f Disabling saving of lastIP user property for now. 2014-12-08 10:45:32 -08:00
Scott Erickson
f4e3416918 Set up an endpoint for fetching Stripe info. 2014-12-05 17:19:52 -08:00
Nick Winter
5aefd5ffa2 I think the server needs to gzip now, and possibly only a bug is keeping it working. 2014-12-04 16:33:17 -08:00
Scott Erickson
42c7fca055 Tweaked the error middleware to proxy and be silent about client errors. 2014-11-29 11:06:02 -08:00