Fix leancloud counter security bug #137
Conversation
|
😂 |
_config.yml
Outdated
| leancloud_visitors: | ||
| enable: false | ||
| security: false |
There was a problem hiding this comment.
Add short readme for dependencies here.
|
the link on the readme is not available now. |
_config.yml
Outdated
| leancloud_visitors: | ||
| enable: false | ||
| security: false |
There was a problem hiding this comment.
Because need to install plugin separately.
There was a problem hiding this comment.
Yes, I mean just like the gitmint, default to true, and ask the user to install the plugin.
Security is important, isn't it?
There was a problem hiding this comment.
Important, but LC can work without security plugin.
| } | ||
| }); | ||
| {% if theme.leancloud_visitors.security %} | ||
| console.log('Counter not initialized!'); |
There was a problem hiding this comment.
Ok, i see what here is security option just add warning in console log. There is some my 5 cents on it:
- Replace
console.logwithhexo.log.warnfor better warning message. securitycan be set totrueby default. So, if user wan't to install security plugin, he can turn offsecurityoption. If he don't know about security (newbie in NexT) and just turn on LC option, he will seen this warning message with following instructions to install plugin.- Warning message should be informative. Instead of
Counter not initialized!something likeATTENTION! LeanCloud counter have security bug, for solve it see here: https://github.com/theme-next/hexo-leancloud-counter-security.
OR
We can just cut out security option and add in NexT config comments under leancloud options what there are some security issues and can be solved under the plugin link. For now option — it's just console warning, no more. Who know about this — will know, option will be useless, i think. 1 excess interation in swig. That's what i suggest.
There was a problem hiding this comment.
but this file is excuted in browser where there is no hexo.log.warn
There was a problem hiding this comment.
Oh! So, why this warn needed if user will not see it?
There was a problem hiding this comment.
because if they turn on the security but not install the plugin and follow the instruction to config th e Leancloud background, the counter will not work at all
|
now the error msg on browser is like this: |
|
Yeah, it's good for now! Well done! 👍 |
|
so the config is default to true now. |
|
Em.. i think need to false. But other guys sugessted to true it. Need to make a decision about it.
Also, need to provide some badges for this repo. NPM link, version, compatability, etc. Post not found: https://leaferx.online/2018/02/11/lc-security/ |
|
badges added. |
|
Now that docs has been released. |
|
Question need discussion: what default value of security should be set |
|
Guys, can we please to deside this option? |
|
@wafer-li @tsanie @maple3142 @ivan-nginx |
|
@LEAFERx @tsanie @maple3142 @ivan-nginx What about making a vote? I still vote for default to |
|
@sli1989 @wafer-li @tsanie @maple3142 anybody of u can today translate from CN docs to EN docs? |
|
It's better for @LEAFERx to do it...😅 |
stevenjoezhang
changed the title
fix leancloud counter security bug
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number(s): #25