1. 06 Sep, 2017 3 commits
  2. 05 Sep, 2017 4 commits
    • Robert Knight's avatar
      1.38.0 · 57ee8fa0
      Robert Knight authored
      57ee8fa0
    • Robert Knight's avatar
      Update Change Log · d93432cb
      Robert Knight authored
      d93432cb
    • Sean Hammond's avatar
      Merge pull request #523 from hypothesis/chrome-iframe-workaround · 92e49748
      Sean Hammond authored
      Work around Chrome bug causing sidebar to become invisible
      92e49748
    • Robert Knight's avatar
      Work around Chrome bug causing sidebar to become invisible · 325741fb
      Robert Knight authored
      Work around a Chrome bug [1] that can cause the sidebar to become
      invisible if:
      
       1. The sidebar app is loaded from a Chrome extension AND
       2. The current tab was opened by clicking a link inside the sidebar
          app in a different tab.
      
      When the issue occurs, the sidebar web app loads and runs normally but
      is just not visible on screen. This happens due to an internal issue in
      Chrome which can be avoided adding `rel="noopener"` to all "normal" [2]
      links in the client that open URLs in a new tab/window.
      
      Doing so enables Chrome to use a separate process for the Hypothesis
      client in the new tab in step (2) than the one used for the Hypothesis
      client in step (1). This change also prevents potential tab-jacking
      attacks in all browsers that support `rel="noopener"`.
      
      Fixes #516
      
      [1] https://bugs.chromium.org/p/chromium/issues/detail?id=753314
      [2] ie. Those which do not use JS to handle the link
      325741fb
  3. 04 Sep, 2017 3 commits
  4. 01 Sep, 2017 1 commit
    • Robert Knight's avatar
      Use the `group.member.delete` API route to leave a group · a3b0c454
      Robert Knight authored
      Replace use of the undocumented and cookie-authenticated
      `POST /groups/:id/leave` endpoint for leaving a group with the API
      token-authenticated and documented (in the API route directory) method
      for leaving a group.
      
      This enables leaving a group to work when cookie authentication is
      unavailable.
      a3b0c454
  5. 25 Aug, 2017 1 commit
    • Robert Knight's avatar
      Always use OAuth if cookie storage is blocked · db1e1924
      Robert Knight authored
      If third party cookies are blocked then OAuth is the only option for
      authentication. Third party cookies may be blocked either by
      privacy-enhancing extensions or browser settings, for example:
      
      In Safari:
       1. Go to Settings -> Privacy
       2. Set "Cookies and website data" to "Allow from current website only"
      
      In Chrome:
       1. Go to chrome://settings/content/cookies
       2. Enable "Block third-party cookies"
       3. Check that the h service domain is not listed under "Allow", which
          is something that the Hypothesis extensions do automatically.
      
      Once OAuth has been shipped for all users, this code can be deleted.
      db1e1924
  6. 21 Aug, 2017 9 commits
  7. 09 Aug, 2017 3 commits
  8. 07 Aug, 2017 4 commits
  9. 03 Aug, 2017 10 commits
  10. 02 Aug, 2017 2 commits