Since we purge docs pages based on the version they are for, we need to
tag the 404 pages with version as well, when available. Without that,
any page that had been requested returning a 404 (such as somebody or
some tool polling for release notes on a version that hasn't been
released yet) would not get purged when new docs are loaded, which
results in the 404 staying around even after the actual docs are
updated.
* For 'current' docs, *also* set the xkey pgdocs_current. Otherwise when
a new major release is turned into current, the loader purge wouldn't
be able to replace it, only replace the devel version.
* Set the pgdocs_<version> key on the release notes pages under
/release/ (this is what triggered me to look at this)
* Set the pgdocs_all key for index pages such as /docs/ and /docs/release/. This
will be purged every time, making sure we have an up-to-date list of
versions.
* Set the key pgdocs_pdf for any pages that have PDF file information in
them, so we can purge the list when new PDFs are uploaded.
* Move links to current manuals to /docs/, decommission /docs/manuals/
* Add link to /docs/current/ with a large button
* Add links to /docs/devel/ at the bottom of the version table
* Remove translated manuals from left nav menu, since they are in the
right one
* Remove redundant wording around "comprehensive manual"
* Clean up some incorrect template tags
Discussion: https://www.postgresql.org/message-id/CABUevEymaWDL4JywHxBDBATUUPPrAf4_tGwin4CtGFdQ5tx5Hg@mail.gmail.com
Add template support for opengraph tags (which will enable things like
icons and preview on posts to twitter and facebook and other places) to
both base pages and documentation pages. Use this to actually add the
tags to docs pages (only v10+ will get text previews, but all should get
the titles and image) and news (only news from the project will get an
image, all get both title and text)
For example, while a link to "/docs/release/9.1.0/" would work,
going to "/docs/release/9.1/" would not; in this case, it would
show the release details for "9.0.1". While the probability of
someone modifying the links to see the different release notes
is low, we would still need to take action on what is an
incorrect link.
Instead of returning a 404, this transposes the major/minor
version to point at the canonical version number and render the
expected page. This is set up to work for the 6, 7, 8, 9 series.
Reported by: Nikolay Samokhvalov <samokhvalov@gmail.com>
News, docs and bugs are all sending from our own noreply addresses these
days, so they should not be flagged as usergenerated (flagging as
usergenerated will revent dkim signing, amongst other things)
The web documentation used to suffer from a problem that if a
documentation page were renamed in a newer version, any references
pointing to said documentation would be lost. For example, the feature
known as "Default Roles" was renamed to "Privileged Roles" but caused
a change in the URL.
This patch introduces the ability to create a "DocPageRedirect" by
specifying the previous name of the documentation page (e.g.
"default-roles.html") and the new name (e.g. "privileged-roles.html")
such that the continuity is preserved between versions.
When a new PostgreSQL branch is created, any "devel" notes for that branch
become immediately unavailable, which would make any shared devel links around
that dead.
This adjusts this logic such that any release notes for a release, beta or
otherwise, is now available by redirect the user to the release notes' permanent
home.
Reported By: Andres Freund <andres@anarazel.de>, who also mostly authored the
patch over email.
PostgreSQL 12 adds SVG images in the documentation, so the website
should be able to display them.
The images themselves were already loaded by the docsloader, but the
regexps in the URL would block them from being seen. Fix this by
creating a separate function for the SVGs, since we also don't want to
render them inside teh templates.
This new view must also be tagged with @allow_frames, since the browser
considers the <object> tag used to be a subframe. Without this, they
would be blocked from viewing even on our own site.
Prior to this, if you referenced a version of the release notes that was outside
of the current development build (e.g. 9.6) the URL would 404.
Reported by Andres Freund.
An upcoming change in PostgreSQL keeps only release notes in their
current versions. So e.g., PostgreSQL 11 only has the release notes
for 11.0, 11.1, 11.2 etc.
Thus, for PostgreSQL 9.4 on up, any URLs such as /docs/10/release-9-6-8.html
would return a 404. Additonal, URLs with /current/ and /devel/ would break
as well.
This patch prevents these 404s from occuring by redirecting users accessing
release notes in the 9.4 and above documentation to the older versions
of the release notes by redirecting them to the notes in the specific
version. So in the above example, a user would be redirect to
/docs/9.6/release-9-6-8.html
As we do not have documentation on the website past 7.2, any release
notes from an older version are redirected to the release notes tree
in 7.2
This creates a consolidated area to reference all of the notes from
previous releases of PostgreSQL, as current releases only keep the
the notes for that specific major release of PostgreSQL.
This is the same as b2ed494655 did for bug
reports.
This changes the regexps for all the doc comment suggestions forms to be
a little bit more specific than before.
Normally not reachable with "current", only with explicit version,
but as proven by some live crashes, there is some way to. So make
sure we look up the current version instead of crashing.
The following security policy headers are set:
X-XSS-Protection: 1; mode=block -- always set
X-Frame-Options: DENY is set for all pages except for the documentation
pages, primarily because pgadmin4 loads them in an iframe which would
break.
Content-Security-Policy: <x>-src
Is set to allow the default of self only, then allowing scripts for
google analytics and fonts for google fonts. Images are allowed from everywhere.
frame-ancestors 'none' is set by the same rules as X-Frame-Options
This also adds a decorator for @script_sources to have a single view
allow extra sources, and this is used for recaptcha. A generic decorator
is also made for other types of exclusions, though we don't have any at
this point.
If the setting SECURITY_POLICY_REPORT_ONLY is set to True then the policy
will be report-only and not enforced (for testing), otherwise enforcing
mode is enabled.
The setting SECURITY_POLICY_REPORT_URI sets where to send security
policy reports, if any.
This creates a permanent redirect for any doc URL that references the
"static" path (i.e. all doc URLs), which allows a format similar to:
/docs/current/index.html
This is in response to not having "interactive" as an available option,
which should lead to shorter, less confusing URLs.
This patch brings the web-based documentation to match the current styles
on the main postgresql.org website. The CSS supports the generated markup
from the main PostgreSQL documentation and supports the new/old class
that are visible in the documentation (e.g. uppercase classes pre-v10).
Authors: Sarah Conway, Jonathan Katz
It was already storing the version as a field, the inheriting from the
actual model was never used. Remove it, since newer django tries to
access a table based on the class name..
render_to_response does not work on newer django, so it needs to be
replaced. And using a speicfic context actually overcomplicates things,
it's easier to just use a wrapper function. For those cases where we
don't need NavContext, just use render() (the new shortcut function from
django), which also removes the need to use RequestContext.
Don't say version 0.0 in the emails that are sent out. That's what we
call it internally, but the URL should have /devel/ in it. Fix this both
in the template, and then if it comes through in the form again in case
the user picked up a link elsewhere that is incorrect.
Sending from the submitters address runs afoul to DMARC and other
restrictions. Instead, send the email from a defined noreply address.
Instead, add the original submitter to both the Cc and the Reply-To
header, to make sure they receive followups.
Patch by Stephen, minor changes by Magnus
This allows us to say that "app-pgreceivexlog.html" is actually the same
as "app-pgreceivewal.html" on a different version.
Turns out the templates would already render this correctly if we could
just find the map, so it's a simple case of adding an additional join
(that the django orm can't figure out, but we can do it in manual sql).
Adds a non-django managed unique index to make sure that it's not
possible to add the same alias twice in different "directions".
Violating this will cause a django excpetion in the admin interface
since it doesn't know about it, but as this is a very uncommon operation
and admin only, we don't care about that.
Finally, we don't bother issuing varnish purges for changes here, the
admin is expected to handle those manually. These changes are supposed
to happen very seldom, and the contents are purged automatically when
the docs are loaded anyway.
This one will validate that the url is under /accounts/, which is
the only part we are going to be excluding from caching once we
move the website to https-only.
Per discussion from a long time ago, interactive docs aren't really
working out. The majority of submissions are either support questions
(which then get rejected because they cannot be answered in this
context) or pointing out docs incorrectnesses (which should be submitted
as a docs bug instead, so they can actually be fixed in the main
documentation).
Old references to /interactive/ will get redirected to /static/
automatically, and we expect to keep doing that for a long time (since
there are many links to them around the net).
