Feedback from devs that were confronted with the "is not an allowed host"
message shows, that the message is not very actionable. It's not clear why something
that is clearly a legitimate and existing host would be considered "not allowed".
The new error message clearly points at the SSRF policy as the source. Making the
problem more search engine friendly and hopefully allowing admins to better understand
what they have to fix.
Refactors the custom `:list`/`:list_item` selectors onto CAS's
`add_role_selector` and drops the now-native `Capybara::Node::Simple#role`
hack. `:list_item` resolves the listitem role, so specs matching
non-listitem `<li>` are updated (`have_row` for the custom field table,
presentation dividers via CSS).
CAS 0.16 also resolves role selectors by computed role and accessible
name, which our CSS-styled tables and Primer menus do not expose through
plain markup. Affected feature specs switch to robust locators:
Capybara's `:table_row`, the FullCalendar `data-date`, and the action
menu's real accessible name ("Edit status").
The `:columnheader` `colindex` filter lost its off-by-one offset and now
uses the true 1-based `th` position. Also fixes Webhooks `RowComponent`
spec capitalization.
- according to https://community.openproject.org/wp/73855 the escaping
must only happen in the representer
- the escaping in the constructor of the storage file ancestors was
missed, so it was removed now
Some wordings around health checks was highly repetitive across
a few places. To reduce the amount of duplicated translations, they
have been moved to a common location.
The downside is, that now sidepanel components and full width components
will have to work from the same translations. This is not an issue so far,
because the translations were the same anyways.
Instead of using a plus icon, which is associated
with adding something new, we are using the reload icon
which is associated with repeating something you did before.
It's like OpenProject::Cache, but it encrypts cached
values at rest. Callers that store confidential things in the cache
have been updated to use it, reducing the risk to expose secrets
to an attacker that obtained access to the contents of OpenProject's cache.
Don't allow to point two project storages to the same project_folder_id
if one of them is automatically managed. This ensures that ownership is
always consistently applied according to one project only.
OpenProject Actions CI