- Use plain client data json everywhere
- Expose AAGUID and backed_up on Credentials
- Make attestation verifiers configurable
- Auto-suggest names for passkeys and show icons
Gate Turbo.offline.start() behind Current.user so the service worker
is only registered for authenticated users. This avoids errors on
unauthenticated pages where /service-worker.js requires auth.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify the clear-offline-cache controller to use the new
Turbo.offline.clearCache() API instead of messaging the service
worker directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rename logout controller to clear-offline-cache and attach it to the
magic link verification form so the service worker cache is cleared
when a different user signs in.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When the service worker is registered for the first time, resources loaded
before it becomes active won't go through the service worker. These resources
may be served from the browser's HTTP cache on subsequent requests, bypassing
the service worker cache entirely.
The new `preload` option accepts a regex pattern. On first visit (when no
controller exists), it waits for the service worker to take control, then
sends a message with URLs from `performance.getEntriesByType("resource")`
that match the pattern. The service worker fetches and caches these resources.
Adds a logout Stimulus controller that sends a message to the service
worker to clear all cached content when the user logs out. This ensures
that cached data from one user isn't accessible after logout.
The implementation:
- Adds logout_controller.js that posts { action: "clearCache" } to the
service worker via postMessage
- Updates logout buttons to use the controller on form submission
Also fixes data-turbo placement: moved from button to form element where
it actually takes effect for disabling Turbo Drive form submissions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* main: (56 commits)
Update app/views/cards/container/_closure_buttons.html.erb
Update app/views/columns/show/_add_card_button.html.erb
Update app/views/events/index/_add_card_button.html.erb
Just return the object
Rename is-main-action to display-as-primary-action
Remove debug line
Rename show-label to display-title
Include path in web push payload for backwards compatibility
Add base_url to native push notification payload
Use internal account ID as `account_id` and add `account_slug`
Make APNS and FCM env vars available
Fix devices_path route helper in native devices partial
Fix tests for renamed fixtures and new stacked notifications
Add creator_familiar_name to push notification payload
Add creator initials and avatar color to push notification payload
Add avatar_url so we always get an avatar even when the user hasn't set one
Document --push flag for testing native push notifications
Don't read APNS_TEAM_ID from 1Password
Simplify push.yml to only use B64 encryption keys
Rename apns-dev to push-dev and unify 1Password credentials
...
Revert "Add bridged share button to board and card permas"
This reverts commit 069e165b43.
Revert "Move helper to bridge helper file"
This reverts commit 1ee37f046c.
We had client-side notification stacking in the tray since launch, but now we want to stack notifications in the notifications page, in API responses and in email bundles.
The CSS change in 39575a0 added `display: flex` to the lightbox dialog
unconditionally, which overrode the browser's default `display: none`
for closed dialogs. This made the invisible lightbox overlay intercept
all clicks on the page.
Move flexbox properties to the `&[open]` selector so they only apply
when the dialog is actually open.
Also fix typo: `innerHtml` → `innerHTML` (capital H).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* main: (26 commits)
Add a new Pins section to docs/API.md covering pin/unpin and the pinned cards list response.
Align board name start so it doesn't get too big
Clean up card/events header layout
Sync email to Stripe when user changes email address (#2432)
Fix IDOR in webhook activation endpoint (#2431)
Add card reactions to API docs and reactions_url to card JSON (#2427)
Remove unnecessary claude plan
Allow boosts on cards (#2411)
Revert "Fix notification click URL by using correct data property"
Add migration to remove draft cards from search index
Guard search indexing with searchable? check
Forbid comments on draft cards
prefactor: update search to use published cards
Fix notification click URL by using correct data property
Wait for service worker to be active before subscribing
Fix stuck state when permission granted but no subscription
Extract Card::Commentable
Include arm64 build in Docker workflow
Remove unnecessary `await` in push handler
Correctly initialise WebPush connection (#2417)
...
The push subscription requires an active service worker. When
registering a new service worker, we now wait for it to become
active using navigator.serviceWorker.ready before attempting
to subscribe to push notifications.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When you had already granted notification permission but hadn't
completed the subscription flow (no service worker or no push
subscription), the UI showed neither the subscribe button nor the
enabled state, leaving you stuck with no way to subscribe, and wrong
instructions to fix it.
Instead, let's just show the button to allow you to subscribe.