From 832a730e36a8c209fb64a2fbfbe52d228d9f4009 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Mon, 19 May 2014 08:46:09 +1000
Subject: [PATCH] BUGFIX: re-enable CDN js debugging in a robust way

May be disabled if needed via site setting
---
 app/controllers/static_controller.rb | 13 +++++++++++++
 app/helpers/application_helper.rb    | 14 +++++++-------
 config/locales/server.en.yml         |  1 +
 config/nginx.sample.conf             |  4 +---
 config/routes.rb                     |  2 ++
 config/site_settings.yml             |  2 ++
 6 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index f6816a35f29..4d6ddde96f2 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -57,4 +57,17 @@ class StaticController < ApplicationController
       end
     )
   end
+
+  skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
+  def cdn_asset
+    path = params[:path].gsub(/[^a-zA-Z0-9_\-\.]/, "")
+    path = (Rails.root + "public/assets/" + path).to_s
+    expires_in 1.year, public: true
+    response.headers["Access-Control-Allow-Origin"] = params[:origin]
+    opts = {
+      disposition: nil
+    }
+    opts[:type] = "application/x-javascript" if path =~ /\.js$/
+    send_file(path, opts)
+  end
 end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 86231a8b035..fabe1f77af2 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -12,14 +12,14 @@ module ApplicationHelper
   include ConfigurableUrls
 
   def script(*args)
-    # This crazy stuff is needed to get window.onerror working under a CDN
-    # NGINX change is also required and baked into sample config
-    # @sam: disabling this until we update our CDN configuration
-    #if GlobalSetting.cdn_url
-    #  javascript_include_tag(*args, "crossorigin" => "anonymous")
-    #else
+    if SiteSetting.enable_cdn_js_debugging && GlobalSetting.cdn_url
+      tags = javascript_include_tag(*args, "crossorigin" => "anonymous")
+      tags.gsub!("/assets/", "/cdn_asset/#{Discourse.current_hostname.gsub(".","_")}/")
+      tags.gsub!(".js\"", ".js?origin=#{CGI.escape request.base_url}\"")
+      tags.html_safe
+    else
       javascript_include_tag(*args)
-    #end
+    end
   end
 
   def discourse_csrf_tags
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index f1c74c0ecee..b725ea74df2 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -895,6 +895,7 @@ en:
     embed_blacklist_selector: "css selector for elements that are removed from embeds"
     tos_accept_required: "If enabled, users will need to check a box on the signup form to confirm that they accept the terms of service. Edit 'Signup Form: Terms of Service Message' in the Content tab to change the message."
     notify_about_flags_after: "If there are flags that haven't been handled after this many hours, send an email to the contact_email. Set to 0 to disable."
+    enable_cdn_js_debugging: "Allow /logs to display proper errors by adding crossorigin permissions on all js includes"
 
   notification_types:
     mentioned: "%{display_username} mentioned you in %{link}"
diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf
index 4e4161978a6..cce128e7be0 100644
--- a/config/nginx.sample.conf
+++ b/config/nginx.sample.conf
@@ -28,7 +28,7 @@ server {
   listen 80;
   gzip on;
   gzip_min_length 1000;
-  gzip_types application/json text/css application/x-javascript;
+  gzip_types application/json text/css application/x-javascript application/javascript;
 
   server_name enter.your.web.hostname.here;
   server_tokens off;
@@ -63,8 +63,6 @@ server {
       expires 1y;
       add_header ETag "";
       add_header Cache-Control public;
-      # enables window.onerror
-      add_header Access-Control-Allow-Origin *;
       break;
     }
 
diff --git a/config/routes.rb b/config/routes.rb
index d14e6f6f49b..98e05414221 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -365,6 +365,8 @@ Discourse::Application.routes.draw do
   post "draft" => "draft#update"
   delete "draft" => "draft#destroy"
 
+  get "cdn_asset/:site/*path" => "static#cdn_asset", format: false
+
   get "robots.txt" => "robots_txt#index"
 
   Discourse.filters.each do |filter|
diff --git a/config/site_settings.yml b/config/site_settings.yml
index d85439503ce..c4f3f8a3242 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -537,3 +537,5 @@ uncategorized:
   public_user_custom_fields:
     list: true
     default: ''
+
+  enable_cdn_js_debugging: true