This reverts commit 0f9bc44925.
The original commit was not backwards compatible with use cases that
users were relying on, such as emotes being sorted in insertion order by
default.
I will develop a new patch which fixes the performance issue in a
backwards compatible way.
Fixes a bug where sockets would be rejected if they connected directly
with the 'websocket' transport instead of doing an AJAX connection with
websocket upgrade (e.g. if `transports: ['websocket']` is passed to the
socket.io-client constructor).
See https://github.com/socketio/socket.io/blob/master/docs/API.md#sockethandshake
- Upgrade videojs-contrib-hls to latest version
- Update VideoJSPlayer to support "auto" quality tag to delegate to
the HLS plugin for automatic quality selection
- mediaquery change:
9f5122e031
Tampermonkey automatically requests www/js/cytube-google-drive.meta.js
to check for updates. Changed the userscript generator to write an
additional .meta.js file so that works instead of 404ing.
Previously, the user's session cookie was being checked against the
database for all non-static requests. However, this is not really
needed and wastes resources (and is slow).
For most page views (e.g. index, channel page), just parsing the value
of the cookie is sufficient:
* The cookies are already HMAC signed, so tampering with them ought to
be for all reasonable purposes, impossible.
* Assuming the worst case, all a nefarious user could manage to do is
change the text of the "Welcome, {user}" and cause a (non-functional)
ACP link to appear clientside, both of which are already possible by
using the Inspect Element tool.
For authenticated pages (currently, the ACP, and anything under
/account/), the full database check is still performed (for now).
