ef143978e7
closes https://linear.app/tryghost/issue/ENG-721 ref https://linear.app/tryghost/issue/ENG-708 Comments-UI loads `/ghost/admin-frame/` in an iframe to check if a Staff User is authenticated in order to show moderation options. That iframe request loads a HTML page which in turn contains a script that fires off an API request that attempts to fetch the logged-in user details, resulting in a 403 "error" showing up when not authenticated. In the vast majority of cases there will be no staff user authenticated so lots of extra requests and "errors" are seen unnecessarily. - adjusted the `/ghost/auth-frame/` endpoint to check if the request contains an Admin session cookie - if it does, continue as before with rendering the HTML page so the script is loaded - if it doesn't, return an empty 204 response avoiding the script request and subsequent 403-generating API request - eliminates the 403 error being generated for all typical visitor traffic, the error should only be seen when an Admin was previously logged in but their cookie is no longer valid (either from logging out, or going past the 6month validity period) |
||
|---|---|---|
| .github | ||
| .vscode | ||
| apps | ||
| ghost | ||
| .editorconfig | ||
| .envrc | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| flake.lock | ||
| flake.nix | ||
| LICENSE | ||
| nx.json | ||
| package.json | ||
| PRIVACY.md | ||
| README.md | ||
| SECURITY.md | ||
| yarn.lock | ||
Ghost.org •
Forum •
Docs •
Contributing •
Twitter
Love open source? We're hiring DevOps engineers to work on Ghost full-time.
The easiest way to get a production instance deployed is with our official Ghost(Pro) managed service. It takes about 2 minutes to launch a new site with worldwide CDN, backups, security and maintenance all done for you.
For most people this ends up being the best value option because of how much time it saves — and 100% of revenue goes to the Ghost Foundation; funding the maintenance and further development of the project itself. So you’ll be supporting open source software and getting a great service!
Quickstart install
If you want to run your own instance of Ghost, in most cases the best way is to use our CLI tool
npm install ghost-cli -g
Then, if installing locally add the local flag to get up and running in under a minute - Local install docs
ghost install local
or on a server run the full install, including automatic SSL setup using LetsEncrypt - Production install docs
ghost install
Check out our official documentation for more information about our recommended hosting stack & properly upgrading Ghost, plus everything you need to develop your own Ghost themes or work with our API.
Contributors & advanced developers
For anyone wishing to contribute to Ghost or to hack/customize core files we recommend following our full development setup guides: Contributor guide • Developer setup
Ghost sponsors
We'd like to extend big thanks to our sponsors and partners who make Ghost possible. If you're interested in sponsoring Ghost and supporting the project, please check out our profile on GitHub sponsors ❤️
Getting help
You can find answers to a huge variety of questions, along with a large community of helpful developers over on the Ghost forum - replies are generally very quick. Ghost(Pro) customers also have access to 24/7 email support.
To stay up to date with all the latest news and product updates, make sure you subscribe to our blog — or you can always follow us on Twitter, if you prefer your updates bite-sized and facetious. 🎷🐢
Copyright & license
Copyright (c) 2013-2023 Ghost Foundation - Released under the MIT license. Ghost and the Ghost Logo are trademarks of Ghost Foundation Ltd. Please see our trademark policy for info on acceptable usage.