ef143978e7
closes https://linear.app/tryghost/issue/ENG-721 ref https://linear.app/tryghost/issue/ENG-708 Comments-UI loads `/ghost/admin-frame/` in an iframe to check if a Staff User is authenticated in order to show moderation options. That iframe request loads a HTML page which in turn contains a script that fires off an API request that attempts to fetch the logged-in user details, resulting in a 403 "error" showing up when not authenticated. In the vast majority of cases there will be no staff user authenticated so lots of extra requests and "errors" are seen unnecessarily. - adjusted the `/ghost/auth-frame/` endpoint to check if the request contains an Admin session cookie - if it does, continue as before with rendering the HTML page so the script is loaded - if it doesn't, return an empty 204 response avoiding the script request and subsequent 403-generating API request - eliminates the 403 error being generated for all typical visitor traffic, the error should only be seen when an Admin was previously logged in but their cookie is no longer valid (either from logging out, or going past the 6month validity period) |
||
|---|---|---|
| .. | ||
| src | ||
| test | ||
| .env | ||
| .eslintrc.js | ||
| .yarnrc | ||
| LICENSE | ||
| package.json | ||
| playwright.config.ts | ||
| postcss.config.cjs | ||
| README.md | ||
| tailwind.config.js | ||
| tsconfig.json | ||
| tsconfig.node.json | ||
| vite.config.ts | ||
Comments UI
Comments widget that is embedded at the bottom of posts in Ghost.
Development
Pre-requisites
- Run
yarnin Ghost monorepo root
Running via Ghost yarn dev in root folder
You can automatically start the comments dev server when developing Ghost by running Ghost (in root folder) via yarn dev --all or yarn dev --comments. This will host the comments JavaScript files, and makes sure that Ghost uses these locally hosted assets instead of the ones from the CDN.
Copyright & License
Copyright (c) 2013-2023 Ghost Foundation - Released under the MIT license.