- 12 Sep, 2016 5 commits
-
-
Robert Knight authored
-
Nick Stenning authored
Extract virtualized thread list into its own component
-
Robert Knight authored
Annotation quotes now have a default color of `$grey-7`, so there is no need to have an additional selector for when the annotation card is hovered.
-
Robert Knight authored
* Extract thread list into its own component for better encapsulation and easier testing * Rename `annotation-card` to `thread-list__card` and move it to the component styling file for `thread-list`. Unfortunately a couple of visual effects still require it to be referenced in annotation.scss * Remove ng-show hack in thread list Remove the "ng-show" attribute which was added as a hack for reasons which are no longer applicable. See https://github.com/hypothesis/h/issues/2642#issuecomment-150629305 for original context. * Remove unused js-hover class and the code that supports it It turns out that this class is no longer referenced in code or applicable styling.
-
Robert Knight authored
Fix missing initialization of $orphan flag for new annotations and properly account for annotations that do not have IDs in ADD_ANNOTATIONS and UPDATE_ANCHOR_STATUS actions. - Fix ADD_ANNOTATIONS action replacing the first existing unsaved annotation when a second unsaved annotation is added - Fix UPDATE_ANCHOR_STATUS action not matching annotations without IDs (ie. new annotations) correctly. - Fix $orphan flag not being initialized for new annotations Fixes #94
-
- 09 Sep, 2016 2 commits
-
-
Nick Stenning authored
-
Nick Stenning authored
-
- 08 Sep, 2016 1 commit
-
-
Sean Hammond authored
Remove "assertion" GET param from token requests
-
- 07 Sep, 2016 2 commits
-
-
Nick Stenning authored
When fetching a JWT from the server, the client needs to supply the session CSRF token in order to prevent third-party pages from being able to fetch and use tokens without the user's permission. Previously, we supplied the CSRF token in an "assertion" GET parameter (partially in an attempt to make this look a bit like an OAuth token issuance API) but in Pyramid 1.7 this isn't allowed. (This is good: allowing the CSRF to be passed as a GET parameter makes it easier to construct a cross-domain attack which retrieves a token for the user). This commit moves the CSRF token into a request header, which works because there are only two legitimate situations in which this request is made: - from an embed iframe, which is on the same origin as the service - from a Chrome extension iframe, which is permitted to make cross-origin XHR requests to URLs specified in the manifest (in our case, `<all_urls>`). Note that we cannot rely on Angular's built-in CSRF support here, because it does not operate for cross-domain requests.
-
Nick Stenning authored
This reverts commit e0e23bde. This needs more thought, as the X-CSRF-Token header won't currently be set for cross-domain requests (such as those made by the extension sidebar).
-
- 06 Sep, 2016 7 commits
-
-
Robert Knight authored
Remove "assertion" GET param from token requests
-
Nick Stenning authored
When fetching a JWT from the server, the client needs to supply the session CSRF token in order to prevent third-party pages from being able to fetch and use tokens without the user's permission. Previously, it was necessary to supply this token in the "assertion" GET parameter -- in an attempt to make this look a bit like an OAuth token issuance API -- but in Pyramid 1.7 this isn't allowed, and it turns out not to be necessary, because Angular's CSRF support retrieves the token from an XSRF-TOKEN cookie set in earlier requests and sets the X-CSRF-Token request header automatically.
-
Nick Stenning authored
-
Nick Stenning authored
-
Nick Stenning authored
-
Robert Knight authored
When receiving annotation updates via the WebSocket, merge the updated annotation with the existing local annotation, preserving the local tag and anchoring status flags. This fixes a problem where Annotations would be shown as Orphans after an update was received via the WebSocket * When an annotation update is received, merge the current/new versions rather than removing the current version and replacing it with the new one. * Remove mutation of existing annotation in `loadAnnotations()`, since the reducer function is now responsible for merging changes and triggering UI updates
-
Robert Knight authored
Do not hide annotation thread when annotations are waiting to anchor.
-
- 05 Sep, 2016 1 commit
-
-
Sheetal Umesh Kumar authored
When an annotation is created or updated the sidebar briefly transitions into the `waitingToAnchor` state and hides the entire thread list, losing the user's scroll position as a result. Instead of hiding the entire thread, filter out the annotations which are waiting to anchor. https://trello.com/c/hQRpsUPj/444-avoid-hiding-thread-list-while-new-annotations-received-over-ws-are-being-anchored
-
- 02 Sep, 2016 5 commits
-
-
Robert Knight authored
Document the default values of client config keys
-
Nick Stenning authored
-
Robert Knight authored
Document the `showHighlights` config option
-
Nick Stenning authored
-
Robert Knight authored
On group change, reset tab selection to annotations if the selected t…
-
- 30 Aug, 2016 1 commit
-
-
Sheetal Umesh Kumar authored
-
- 23 Aug, 2016 2 commits
-
-
Robert Knight authored
This is not used by the client. The client does use the [Angular Bootstrap](http://angular-ui.github.io/bootstrap/) 3rd-party module for dropdown menus but that does not use the Bootstrap build's JS or CSS.
-
Nick Stenning authored
Remove unused CSS
-
- 19 Aug, 2016 4 commits
-
-
Sheetal Umesh Kumar authored
-
Robert Knight authored
This file is used only by the H service
-
Robert Knight authored
Remove unused CSS rules. These were found by using used-css-classes [1] and find-unused-css-classes [2]: used-css-classes h/templates/client/*.html > used-classes.txt find-unused-css-classes used-classes.txt build/styles/app.css > unused-css-classes And then manually checking classes in `unused-css-classes` to verify that the classes were not referenced in first or third-party code, since the tools only extract used class names from templates. [1] https://github.com/robertknight/used-css-classes [2] https://github.com/robertknight/find-unused-css-classes
-
Robert Knight authored
This caused a parsing exception in BeautifulSoup when gathering the set of used CSS classes with https://github.com/robertknight/used-css-classes
-
- 12 Aug, 2016 2 commits
-
-
Nick Stenning authored
- #!/bin/sh is in POSIX, no need for env - `set -eu` to explode if something fails or a var isn't defined - a simpler way of ensuring we're in the right place to run the releaser script. - "git push --follow-tags" will push pending commits and annotated tags attached to them in a single command
-
Robert Knight authored
Avoid an issue where trying to create a GH release immediately after pushing the tag often fails.
-
- 11 Aug, 2016 1 commit
-
-
Robert Knight authored
In browsers that support Shadow DOM (currently only Chrome, plus Firefox behind a feature flag), use it to isolate the adder from the host page's CSS. This fixes various problems where very generic CSS on the page could affect the adder's styling.
-
- 09 Aug, 2016 4 commits
-
-
Sheetal Umesh Kumar authored
-
Sheetal Umesh Kumar authored
-
Robert Knight authored
- Only mark annotations as orphans after a timeout in the sidebar, not in the stream where anchoring does not happen. - Do not filter annotations by type on the stream, where annotation tabs are not displayed.
-
Robert Knight authored
When the orphans feature flag is not set, do not indicate orphans in annotation cards by striking through their quotes. The feature flag is hoisted outside of the `isOrphan` call because I recall that `flagEnabled` was actually quite an expensive call in the past so we want to avoid invoking it during every digest cycle.
-
- 08 Aug, 2016 3 commits
-
-
Sheetal Umesh Kumar authored
-
Sheetal Umesh Kumar authored
-
Robert Knight authored
If an annotation is loaded and then quickly removed before the anchoring timeout expires, the call to `findByID()` will return null, causing an error when trying to check the `$orphan` flag in `isWaitingToAnchor`. Fix this by ignoring annotations which no longer exist when the timeout expires.
-