HTML files in /templates/docs/ are not Django templates,
they contain HTML content to be used verbatim in
hc.front.views.serve_doc view.
Some of these files contain "{{ ... }}" syntax. When
we run "./manage.py compress", django-compressor trips
up on this syntax because it treats them as Django templates.
The fix is to change file extension for these files
from .html to something else (I picked .html-fragment)
so django-compressor would ignore them.
The bug: the Log page would sometimes show a number of "zombie"
notifications at the very end: notifications that should not be
shown to the user, but have not yet been garbage-collected.
The fix: when preparing the created__gte filter value for the
notification query, make sure the filter value is not lower than the
timestamp of the oldest visible ping.
The "auto-login" cookie is a part of a work-around for
some email clients automatically clicking links in emails:
- when sending an one-time sign-in link, server also sends the
"auto-login" cookie to the client
- when end user clicks on the sign-in link, the server checks
if client's request contains the "auto-login" cookie
- if the "auto-login" cookie is present, log the user in
- if the "auto-login" cookie is absent, serve a HTTP POST form
with a submit button. The user must click the button to log in.
This commit fixes attributes on the "auto-login" cookie:
- it sets SameSite=Lax
- it sets Secure=true if SESSION_COOKIE_SECURE=True
The code in Check.ping() updates a Check object, then
creates a Ping object. There's a possible race condition
where the "sendalerts" command sees# the updated Check object
before the Ping object is created. This is especially likely
when offloading ping bodies to S3, because Ping gets created
*after* the upload completes, which can take some time.
To avoid this, put both operations inside a transaction,
but keep the S3 upload *outside* the transaction--uploads
can hang, and we want to avoid long transactions.
