set app.domain and announce.url on renderer index
if false, app.domain and announce.url used these config settings value
if true, app.domain and announce.url used req.app.get('domain') || req.headers.host
if web server used proxyPass setting, this should set to false
normal user cannot view the vip/oper forum topics in 'global topics'
normal user can not view forum by url link enter, system well nav to forums home
#40#20
* Cropping remove, nicer UI
* Fix MIME-type checking, add image upload tests
* Change image config settings to uploads.profile.image to build a more
rational structure for configuring other types of uploads
This commit introduces handlebars template system and completely replacing Swig and the Consolidate project to handle multiple template systems.
Fixes#1286
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
* update error handler module to handle file upload errors
Fixes#1415
* fix(user): fix changeProfilePicture
* use promises to simplify callbacks
* use fs.unlink to delete old picture once the profile is updated
* log file errors to console
* update error handler module to handle file upload errors
Fixes#1415
The new WiredTiger engine is introduced in MongoDB 3.2.
It changes the output errmsg format for violation of unique index.
This commit adds support for the new format.
Fixes#1245
Removes the validator.escape on the profileImageUrl field in core server
controller.
The escaping was causing the profileImageUrl field to be an invalid path
for the image. We don't need to worry about xss vulnerabilities on this
field because no user input is provided; the name & path are generated
by the application logic.
Fixes#1127
Emails are made unique. When user attempts to sign in through a provider in which his email is one that is already registered, user is redirected to the signin page with an error passed as a query string parameter.
- `/{api|modules|lib}/*` returns error page when path doesn’t exist
(from Express).
- `/*` always returns index (from Express), but if `$state` doesn’t
exist, Angular redirects to `/not-found` (no 404 status in that case
though!)
- If `Accept: application/json` header is present without `Accept:
text/html`, return error as json. Hence looking at non existing /api/*
paths with browser would show html error, but querying them with script
would return json.
- Slightly prettier 404 error
Test:
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept: application/json"
```
=> json error.
```bash
curl http://localhost:3000/api/notfound -4 -H "Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0
.8"
```
=> html error (imitates Chrome’s Accept header).
Starting point was @dotch’s PL: https://github.com/meanjs/mean/pull/503
And `req.accepts()` idea came from http://stackoverflow.com/a/9802006
