Robert Knight
Robert Knight
To add context, this is a warning that appears in the logs when performing an action in Hypothesis that encrypts a password. Steps to reproduce in development: 1. Go to...
Upstream issue: https://foss.heptapod.net/python-libs/passlib/-/issues/190. See also https://foss.heptapod.net/python-libs/passlib/-/issues/187 for general updates on passlib.
Today we include the old `analytics.js` script on all pages on h as part of the [base.html](https://github.com/hypothesis/h/blob/053b2c7200e66f6e76604551cf33fcb705cb7770/h/templates/layouts/base.html.jinja2#L51) template. This needs to be migrated to the modern Google Analytics script. See...
This is now done. If you go to a URL like https://hypothes.is/search you'll see this in the HTML:
If I understand the proposal correctly, I'm in favor of making `request.authority` reflect the logged-in user or client ID associated with the request. One caveat to be aware of when...
> I'm not getting any (grep) hits for authority in the h.tasks directory—is there anywhere else I should be looking for this? It could be an issue for any code...
Indeed - well except for things like the DB or Elasticsearch connection which don't vary depending on the user.
> I was going to suggest getting rid of request.authority altogether and always accessing it as a deployment setting (request.registry.settings["h.authority"]) Looking at how often this property is accessed in app...
I suggest to redefine this issue more narrowly as: Enforce that schema migrations in `h/migrations` don't import from `h.models`, because the migrations will have been written against a schema that...
I will note that on a purely technical level, the export feature is only exporting data that has _already been downloaded_ to the user's browser for display. A moderately savvy...