1. 22 Sep, 2017 2 commits
    • Robert Knight's avatar
      Avoid fetching annotations twice if user ID and focused group change at the same time · 9970a294
      Robert Knight authored
      The sidebar had two separate watchers checking for a change in the
      current user ID and focused group, each of which independently called
      `loadAnnotations`. Therefore if both changed at the same time,
      annotations could be loaded twice. This happens when logging out if a
      private group was selected prior to doing so, since the group switches
      to "Public" at the same time as the userid becomes `null`.
      
      This commit fixes the issue by consolidating the check for a change in
      group ID and a change in user ID into a single watcher. If either or
      both change, `loadAnnotations` will only be called once.
      9970a294
    • Robert Knight's avatar
      Make re-fetching of annotations when the logged-in user ID changes work with OAuth · 6775fda1
      Robert Knight authored
      Refetching of annotations when the logged-in user ID changes was
      previously triggered by a complete reload of the `<sidebar-content>`
      component via a `$route.reload()` call. This happened in response to a
      `USER_CHANGED` event except for the first time that the profile was
      fetched.
      
      When using OAuth this broke because the test for whether this was the
      first profile fetch or not was based on a change from null => non null
      CSRF token (see `isInitialLoad` initialization). When using OAuth
      however, there is no CSRF token.
      
      This commit reworks refetching of annotations to remove the route
      reloading and instead trigger it in the same way that it is triggered
      when frames connect or disconnect, by calling
      `SidebarContentController#loadAnnotations` when the logged-in userid
      changes.
      6775fda1
  2. 18 Sep, 2017 4 commits
  3. 15 Sep, 2017 3 commits
  4. 14 Sep, 2017 4 commits
  5. 11 Sep, 2017 12 commits
  6. 08 Sep, 2017 2 commits
    • Robert Knight's avatar
      Fix OAuth popup being blocked by pop-up blocker in Firefox and IE · 7be7735a
      Robert Knight authored
      When the user clicked the "Log in" link, the URL of the
      "oauth.authorize" endpoint was fetched via an async Promise-returning
      method before the `window.open` call was made. This meant that the
      `window.open` call did not happen in the turn of the event loop that was
      triggered by the user action and so Firefox & IE's popup blockers deemed
      the call to have happened outside the context of a user gesture and
      prevented the window being opened.
      
      Chrome, Safari & Edge have different heuristics and did not block the
      popup before.
      
      Fix the issue by opening the window directly when the user clicks on the
      "Log in" button, at a dummy URL ("about:blank"), and then changing the
      window's location once the authorization endpoint URL has been fetched.
      
      Fixes #534
      7be7735a
    • Robert Knight's avatar
      Remove unused refresh timer variable · 0adad3b1
      Robert Knight authored
      This was missed during 28bdb52f
      0adad3b1
  7. 07 Sep, 2017 3 commits
  8. 06 Sep, 2017 3 commits
  9. 05 Sep, 2017 4 commits
    • Robert Knight's avatar
      1.38.0 · 57ee8fa0
      Robert Knight authored
      57ee8fa0
    • Robert Knight's avatar
      Update Change Log · d93432cb
      Robert Knight authored
      d93432cb
    • Sean Hammond's avatar
      Merge pull request #523 from hypothesis/chrome-iframe-workaround · 92e49748
      Sean Hammond authored
      Work around Chrome bug causing sidebar to become invisible
      92e49748
    • Robert Knight's avatar
      Work around Chrome bug causing sidebar to become invisible · 325741fb
      Robert Knight authored
      Work around a Chrome bug [1] that can cause the sidebar to become
      invisible if:
      
       1. The sidebar app is loaded from a Chrome extension AND
       2. The current tab was opened by clicking a link inside the sidebar
          app in a different tab.
      
      When the issue occurs, the sidebar web app loads and runs normally but
      is just not visible on screen. This happens due to an internal issue in
      Chrome which can be avoided adding `rel="noopener"` to all "normal" [2]
      links in the client that open URLs in a new tab/window.
      
      Doing so enables Chrome to use a separate process for the Hypothesis
      client in the new tab in step (2) than the one used for the Hypothesis
      client in step (1). This change also prevents potential tab-jacking
      attacks in all browsers that support `rel="noopener"`.
      
      Fixes #516
      
      [1] https://bugs.chromium.org/p/chromium/issues/detail?id=753314
      [2] ie. Those which do not use JS to handle the link
      325741fb
  10. 04 Sep, 2017 3 commits