New features in 2.2.0.beta6
This release includes a number of security related improvements.
Content Security Policy (CSP)
Discourse now ships with a CSP Level 2 policy. This policy helps mitigate Cross Site Scripting (XSS) attacks to keep your site safe. For all the details, including how to turn it on, and what it may break, see
New dashboard tab: security
We’ve added a third tab to the admin dashboard: security. This tab shows all security related reports in one place, including the suspicious logins report, and the new staff logins report.
Invalidate admin accounts if not seen for a year
To help minimize the risk of an unused admin account being compromised, admins who have not been seen for 365 days will now have their accounts deactivated, and social logins revoked. To regain access they’ll need to validate their email again, and reconnect social accounts. The length of time before deactivation can be configured via site settings.
Warn before overwriting draft
Ever start editing a post in one tab, leave it open, start editing in another tab, and then find that you overwrote your first edits? I know I have. To help avoid this, Discourse now warns you when edits may overwrite an existing draft.
Lazily load images
Back in June, one of our designers, @Johani, created a theme component to enable lazy loading for images. This helps make load times faster, as well as sending less data at one time. The theme worked so well one of our engineers adapted it to ship as part of Discourse core. Now images are only loaded when they are on screen, not when they are 7 posts below.
Full height swipe enabled menus on mobile
First discussed way back in 2015, full height slide out menus are now enabled! Both the user menu (notifications) and the hamburger menu now occupy the full height of the mobile browser when opened, and can be swiped away when no longer needed. On Android, swipe-in is also supported. (Swipe-in is not supported on iOS as horizontal swipes from the edges of the screen are reserved by the OS for forward/back).
Share to Discourse (Android)
Discourse PWA on Android now supports receiving the native OS “share” feature. For all the details and requirements, see:
Remove category column from topic lists
To help streamline the topic list, we’ve removed the dedicated category column and instead display the category below topic tiles, just like tags. Want more details on the change? Check out The topic list doesn't need a category column.