Monday, April 20, 2015

Changelog for 2015-04-20

Clan Forums & Discussions

Private Clan Forums and Discussions (currently for Clan Applications and Payouts) have been added. Clan Forums are a customizable forum for each clan with support for subforums (everything is a "subforum" technically), per-a-forum permissions, and a few other features. You can access the clan forums from the new Forums link on the Clan Home side navigation bar, though they are "Some Assembly Required" in terms of creating subforums to suit the needs of your clan (basic forums guide available here).

Discussions are an extension of Clan Forums which embed automatically generated and linked forum threads onto the pages they related to, making it easy to have discussions. Clan Applications have two discussion threads, one in which the applicant can also participate, and one which is clan only; Payouts have a single discussion thread.

"All Members" Group

I've added an "All Members" group to all clans; this group applies to all members in the clan and thus is useful for granting permissions to everyone in the clan.

Permissions Granted

Along with the Forums came a new set of permissions; the "All Members" group has been used to give all members basic forum access, though it doesn't really give them access to anything due to each "subforum" having its own permissions. Additionally, the existing "Admin" and "Commander" groups (if present) were granted Forum Admin if they already had the "Groups > Edit" permission (which they should).

Content Security Policy

Short version: It's enabled now on every page, sans those under "Tools" and, if you're not the member of a participating clan (or not signed in), on the main page. If you want it enabled on every page, there's an option available in your settings.

Long version: I talked about enabling Content Security Policy (CSP) in a previous post. That was a month ago and I did run into a somewhat "significant problem"; user's browsers, mine included.

More precisely it's the mix of browsers and add-ons; it's my understanding, technically speaking, browsers should exclude any user add-ons (and thus anything those add-ons do or add to the page) from the current website's CSP. That doesn't happen so CPS logging gets filled with entries that aren't caused by a problem with the site itself. Even with filtering it's unmanageable. Add to this the fact a single page load can fire off several CPS logs (which isn't good for server performance at peaking times), and I was forced to rethink my approach.

Thus the current solution. I'm reasonable sure the site functions correctly with CSP enabled, so CSP is now enabled (without logging) on almost every page. CSP is specifically turned off for the "Tools" pages because I consider the likelihood of someone reporting an error, caused by CSP or otherwise, much lower for those pages. I would much rather keep logging enabled (because, even with all of the random crap, if something on the site breaks it would most likely be very noticeable), but the overhead is currently too high.

Other Changes

  • Switched Clan Applications to a tabbed navigation approach (instead of expanders).
  • Changed how Clan Application questions are displayed; the former approach sacrificed far too much readability in an attempt to save space in far too many cases, at least from my personal observations. As always, feedback is welcome.
  • Added "All Members" options for Clan Role Setting mappings.
  • Removed Payout "Note" and Clan Application "Private Notes" fields (use Discussions; existing notes were moved to posts in the relevant discussions).
  • Fully enabled support for EU clans.

Fixes

  • Fixed answers to questions for Clan Applications being escaped before being saved. Note any existing values will still display incorrectly, this fix only applies for new entries.

No comments:

Post a Comment