@pitaj said in Replace "X-XSS-Protection 0" with "X-XSS-Protection "1; mode=block":
proxy_hide_header X-XSS-Protection
This solved the issue. Thank you.
A few questions
Whats this auto.0 and is it stable?
Is it safe to use v1.x.x and is it more stable than master?
@Jenkler don't know why it is called auto.0, however it seems to be a big patch:
https://github.com/NodeBB/NodeBB/commit/ffc9da97e39f9ae81db8de28efeffdb4311f4fb6
Tried to update it on my dev. This is not good, why do we get this pre-release version in branch v1.x.x @psychobunny ?
You are running NodeBB v1.0.1-auto.0.
This is a pre-release version of NodeBB. Unintended bugs may occur. .
It would be nice to have a branch called v1.x.x-stable or something
@Jenkler warnging, skip this upgrade!
It is having the WebSocket bug, which has been on master until this morning. Upgrading might fail!
The ./nodebb upgrade worked and it seems fine (I hope), I guess its impossible to downgrade?
The big question here is why NodeBB encurrage to update to *-auto.0
@Jenkler ./nodebb upgrade will work fine. However the instance will crash with the following error:
TypeError: websockets.getOnlineAnonCount is not a function
It has been fixed here:
https://github.com/NodeBB/NodeBB/issues/4356
@Jenkler The -auto.# versions are automatically generated by Misty, our automated release manager. Once the bugs have been worked out of the system, they'll be run weekly. Once v1.0.1 is released, there will be no recommendations to upgrade to prerelease versions.
They're meant to be prerelease versions, so there's no need to upgrade to it if you don't want to.
Edit: Technically, I should have waited to release v1.0.1 before starting with the automated releases, but I got excited after I built the bot
@julian Is it stable if we do weekly build? 1.x.x branch should be considered more stable than master right?
Prior to v1.0.0 (and I suppose up until yesterday, really), "stable" was "check out v1.x.x branch". This changed as Misty will now release automated builds weekly to that same branch, so now "stable" is "check out the v1.0.0 tag".
I've modified the documentation to reflect this, and the command is essentially unchanged:
git clone -b v1.0.0 https://github.com/NodeBB/NodeBB.git nodebb
@julian said:
git clone -b v1.0.0 https://github.com/NodeBB/NodeBB.git nodebb
How does that work, i have looked. There is no branch called v1.0.0
-b is only for branch right?
I get this
commit fb4f1e1315bed7b425756ad25a396c42b2ba3891
Author: Julian Lam [email protected]
Date: Mon Feb 29 11:37:19 2016 -0500
But what about the important bug patches?like
commit 8f8fcc84168d424c7bdbf16ad4afae2cca36991c
Author: BarıÅ~_ Soner UÅ~_aklı [email protected]
Date: Sat Mar 5 11:46:11 2016 +0200
backport upgradescript fix for global moderators
--branch <name>, -b <name>
Instead of pointing the newly created HEAD to the branch pointed to by the cloned repository’s HEAD, point to <name> branch instead. In a non-bare repository, this is the branch that will be checked out. --branch can also take tags and detaches the HEAD at that commit in the resulting repository.
Notice the last sentence
But if I checkout a tag I dont get important bug patches.
@Jenkler "backported" changes behaviour has also changed.
Prior to yesterday, we'd backport changes by cherry-picking them into v1.x.x branch.
From now on, every time a change is important enough that it would've been backported, we will manually release a new patch version (which is how it is supposed to be done).
These are good questions -- I will distill them all into a blog post today or tomorrow.
Remember, before we didn't get to play with major version numbers... it was always 0.x.x. Now we have the option to bump up:
Ok, so -b is for tags ans branches.
I think unofficially, patch versions should not contain upgrade scripts, and so they should be backwards compatible. That said autogenerated builds don't distinguish between them, so it would be difficult to say.
Best advice is to only move forwards, never backwards.
Given some of the opinions in this topic, I'm modifying Misty's behaviour to publish to a weekly release branch instead of the traditionally stable v1.x.x
Sounds good Thanks
@rod I have updated my prod to v1.0.0 tag at the moment. Seems to work fine