through some reason or another, people are somehow getting cookies that aren't prepended with a dot.
this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~
~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~
~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~
**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
* move Base definition to files.classes.__init__.py
* fix ImportError
* move userpage listing to users.py
* don't import the app from classes
* consts: set default values to avoid crashes
consts: warn if the secret key is the default config value
* card view: sneed (user db schema)
* cloudflare: use DEFAULT_CONFIG_VALUE
* const: set default values
* decouple media.py from __main__
* pass database to avoid imports
* import cleanup and import request not in const, but in the requests mega import
* move asset_submissions site check to __init__
* asset submissions feature flag
* flag
* g.is_tor
* don't import request where it's not needed
* i think this is fine
* mail: move to own routes and helper
* wrappers
* required wrappers move
* unfuck wrappers a bit
* move snappy quotes and marseys to stateful consts
* marsify
* :pepodrool:
* fix missing import
* import cache
* ...and settings.py
* and static.py
* static needs cache
* route
* lmao all of the jinja shit was in feeds.py amazing
* classes should only import what they need from flask
* import Response
* hdjbjdhbhjf
* ...
* dfdfdfdf
* make get a non-required import
* isort imports (mostly)
* but actually
* configs
* reload config on import
* fgfgfgfg
* config
* config
* initialize snappy and test
* cookie of doom debug
* edfjnkf
* xikscdfd
* debug config
* set session cookie domain, i think this fixes the can't login bug
* sdfbgnhvfdsghbnjfbdvvfghnn
* hrsfxgf
* dump the entire config on a request
* kyskyskyskyskyskyskyskyskys
* duifhdskfjdfd
* dfdfdfdfdfdfdfdfdfdfdfdf
* dfdfdfdf
* imoprt all of the consts beacuse fuck it
* ðŸ˜
* dfdfdfdfdfdfsdasdf
* print the entire session
* rffdfdfjkfksj
* fgbhffh
* not the secret keys
* minor bug fixes
* be helpful in the warning
* gfgfgfg
* move warning lower
* isort main imports (i hope this doesn't fuck something up)
* test
* session cookie domain redux
* dfdfdfd
* try only importing Flask
* formkeys fix
* y
* :pepodrool:
* route helper
* remove before flight
* dfdfdfdfdf
* isort classes
* isort helpers
* move check_for_alts to routehelpers and also sort imports and get rid of unused ones
* that previous commit but actkally
* readd the cache in a dozen places they were implicitly imported
* use g.is_tor instead of request.headers. bla bla bla
* upgrade streamers to their own route file
* get rid of unused imports in __main__
* fgfgf
* don't pull in the entire ORM where we don't need it
* features
* explicit imports for the get helper
* explicit imports for the get helper redux
* testing allroutes
* remove unused import
* decouple flask from classes
* syntax fix also remember these have side fx for some reason (why?)
* move side effects out of the class
* posts
* testing on devrama
* settings
* reloading
* settingssdsdsds
* streamer features
* site settings
* testing settings on devrama
* import
* fix modlog
* remove debug stuff
* revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6
* archiveorg to _archiveorg
* skhudkfkjfd
* fix cron for PCM
* fix bugs that snekky wants me to
* Fix call to realbody passing db, standardize kwarg
* test
* import check_for_alts from the right place
* cloudflare
* testing on devrama
* fix cron i think
* shadow properly
* tasks
* Remove print which will surely be annoying in prod.
* v and create new session
* use files.classes
* make errors import little and fix rare 500 in /allow_nsfw
* Revert "use files.classes"
This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6.
* pass v to media functions rather than using g
* fix
* dfdfdfdfd
* cleanup, py type checking is dumb so don't use it where it causes issues
* Fix some merge bugs, add DEFAULT_RATELIMIT to main.
* Fix imports on sqlalchemy expressions.
* `from random import random` is an error.
* Fix replies db param.
* errors: fix missing import
* fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text
* Fix signup formkey.
* fix 2 500s
* propagate db to submissions
* fix replies
* dfdfdfdf
* Fix verifiedcolor.
* is_manual
* can't use getters outside of an app context
* don't attempt to do gumroad on sites where it's not enabled
* don't attempt to do gumraod on sites's where it's unnecessary
* Revert "don't attempt to do gumroad on sites where it's not enabled"
This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3.
* fix 500
* validate media type
Co-authored-by: TLSM <duolsm@outlook.com>
* remove /logged_out/ routes
* update sitemap, remove users route, and update header
* cloudflare cookie
* only mess with the cookie whenever we desire auth
* sitemap: (small) improvements
sitemap: fix little bug i introduced
sitemap: fix login redirects for /id/ routes
* sitemap: remove duplicate entry
* contact is auth desired
* imports: don't import what we don't need and bind late to the db
* praying to god this works
* keep yourself safe
* oh i actually need to commit and push lol
* import Sub
* t
* refix cache purger
Touched a ton of files to finally standardize on having trailing
final newlines, as best practice recommends and so our devs stop
accidentally fighting each other over it.
This was performed automatically with the following:
git ls-files -z '*.py' | while IFS= read -rd '' f; \
do tail -c1 < "$f" | read -r _ || echo >> "$f"; done
git ls-files -z '*.css' | while IFS= read -rd '' f; \
do tail -c1 < "$f" | read -r _ || echo >> "$f"; done
* Create new subdirectory for chat-related stuff
* Gitignore
* Have new code show up on chat
* Have new code show up on chat
* Fix config issue
* More script stuff
* Create UserInput components
* More chat changes
* More updates to chat
* Add chat:watch script
* Move up state and pass down
* Match up existing functionality entirely
* Match up existing functionality entirely
* Send a message when hitting Enter
* feature based directories
* First crack at emoji drawer
* Leave everything in a fucked up state ugh
* Leave it in a better state
* Stop for the night
* Decouple by abstract chat functionality to provider
* Wait a minute...
* Small chat restructure
* Prepare for notifications
* Add root context
* Flash number of messages
* Read this and u die
* Add quote functionality
* Couple tweaks
* Shallowenize the features dir/
* Add activity list
* Ch-ch-ch-ch-ch-changes
* Enable moving drawer
* Hover style on activities
* UserList changes
* Add emoji processing logic
* Duhhhh
* Scroll to top when changing query
* Put the emoji in the drawer
* Improve emoji drawer
* Add emoji genres
* Do not show activities
* Add feature flag technology
* Fix issue where own messages were triggering notifications
* Adjust startup scripts
* Responsive part 1
* Styling changes for emoji genres
* More emoji drawer styling
* Add QuickEmojis
* Re-add classnames
* Set version
* Modify build script
* Modify build script
* Mild renaming
* Lots of styling changes
* Leggo.