Documentation for Kicksecure Discourse Devs

From Kicksecure
< Dev
Jump to navigation Jump to search

One noteworthy software that is in use apart from the MediaWiki software for the Whonix and Kicksecure communities is Discourse. We have 2 forums https://forums.whonix.orgarchive.org and https://forums.kicksecure.comarchive.org . Both have themes installed and custom HTML/CSS

General Setup[edit]

  • Generally the Discourse (software) community doesn't seem too active. A lot of code is outdated. This also applies to the themes
  • Several themes have bee checked for Whonix and Kicksecure, 2 were chosen, installed and activated
  • For both themes there is a dark mode, but it seems to be only available globally
    • There is a component for switching to dark mode, but it is reported as broken.
    • Kicksecure: Theme "graceful"
      • Hyperlinks are very readable - dark mode is available
      • Logo placement looks good
    • Whonix: Theme is "air theme" - dark mode is available

Customization[edit]

  • There are some customizations for Discourse, namely with HTML and CSS. Mostly we use the "header" component in Admin > Customize (for custom HTML and CSS)
  • We also customize our themes there
    • For example the "Air Theme" in the Whonix forums is customized so that the category overview page is readable on mobile

Discourse without Javascript[edit]

  1. Discourse heavily relies on Javascript. But it works without JS too.
  2. A lot of things in Discourse are done with Javascript including some content reorganization
    1. Without JS they give you a "broad hint": "Powered by Discourse, best viewed with JavaScript enabled"
    2. This discussion also implies it's Javascript first: https://discourse.pijul.org/t/make-the-forum-usable-without-javascript/186archive.org
    3. However this doesn't mean it's not usable without JS - it is (which you can't say for many web apps)
  3. Unfortunately some themes have problems without Javascript and also some components
  4. So dev rule number 1: Always check how the page looks and works without Javascript - especially if you're working with third party components and themes
  5. In case of the Whonix forum the "Air Theme" does not work properly without Javascript. The background overlapped the foreground
    1. The solution we applied was to add a noscript tag to the "header" component in Admin - sub section body
    2. In this noscript tag we have a script tag in which we declare that the blue background is not displayed without JS
    3. It is also important that we use the body subsection and NOT the footer subsection because the footer subsection is included via Javascript while the body section renders directly to the end of the body without Javascript
  6. Dev rule number 2: Always check which admin components to use.
  7. For example in the "header" component in Admin > Customize (for custom HTML and CSS)
    1. In the "body" (sub section tab "body") we have the noscript-tag which will be applied only if Javascript is DEACTIVATED.
    2. This has to be in the body section because for example the footer (sub section tab "footer") is NOT rendered without Javascript. But "body" is.
    3. Reversely we have the same content for the footer content AGAIN in the footer section, because this will be rendered if Javascript is active. And it will be rendered without "content jumping" because it will be rendered alongside the main content

mixed content[edit]

Did you upload / modify something related to http://forums.whonix.org/uploads/default/optimized/2X/2/222b7257d0600f2bc69cf77e6bc273aa0074ed4e_2_512x512.pngarchive.org ?

Mixed Content: The page at 'https://forums.whonix.org/c/news/21' was loaded over HTTPS, but requested an insecure element 'http://forums.whonix.org/uploads/default/optimized/2X/2/222b7257d0600f2bc69cf77e6bc273aa0074ed4e_2_512x512.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Mixed content warning fixable?

But should not be hardcoded to https either to avoid breaking the onion.

DEV

  • research with "discourse Mixed Content: The page at"
  • Answers suggest: This might be a discourse problem with installation and configuration
  • The file is not listed in source code and not used in the dom
  • It seems to be just pulled by javascript (internal discourse framework) but never used
  • The problem also appears on every site of the forum not just the selected thread
  • I tried re-uploading every branding picture but it didn't help
  • Suggestion: more research but I skipped for now because it took too long

Whonix discourse forums[edit]

Many issues.

non-JS version broken

other issues on mobile

todo: revert to upstream default [DONE]

DEV

  • The forum has been reverted to upstream default, but in a way to backup the changes (changed were commented out)
  • Detailed steps
    • Admin > Customize > Themes : Theme default was set to "Default" theme and "Air theme" was set to be not available for users anymore
    • Admin > Customize > Themes > Default > CSS : All settings were commented out
    • Admin > Customize > Themes > components > header : All settings were commented out

Upstream Bug Reports[edit]

Footnotes[edit]

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!