diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 60297e499a0..8ec435424fe 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -281,6 +281,13 @@ class ApplicationController < ActionController::Base post_ids end + def no_cookies + # do your best to ensure response has no cookies + # longer term we may want to push this into middleware + headers.delete 'Set-Cookie' + request.session_options[:skip] = true + end + private def preload_anonymous_data diff --git a/app/controllers/highlight_js_controller.rb b/app/controllers/highlight_js_controller.rb index d9d9c45474a..b815a49f626 100644 --- a/app/controllers/highlight_js_controller.rb +++ b/app/controllers/highlight_js_controller.rb @@ -2,6 +2,9 @@ class HighlightJsController < ApplicationController skip_before_filter :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show] def show + + no_cookies + RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do current_version = HighlightJs.version(SiteSetting.highlighted_languages) diff --git a/app/controllers/site_customizations_controller.rb b/app/controllers/site_customizations_controller.rb index 505e4aed2b2..e457d7d7850 100644 --- a/app/controllers/site_customizations_controller.rb +++ b/app/controllers/site_customizations_controller.rb @@ -2,6 +2,9 @@ class SiteCustomizationsController < ApplicationController skip_before_filter :preload_json, :check_xhr, :redirect_to_login_if_required def show + + no_cookies + cache_time = request.env["HTTP_IF_MODIFIED_SINCE"] cache_time = Time.rfc2822(cache_time) rescue nil if cache_time stylesheet_time = diff --git a/app/controllers/stylesheets_controller.rb b/app/controllers/stylesheets_controller.rb index f346f953db0..eac320b5fda 100644 --- a/app/controllers/stylesheets_controller.rb +++ b/app/controllers/stylesheets_controller.rb @@ -3,6 +3,8 @@ class StylesheetsController < ApplicationController def show + no_cookies + target,digest = params[:name].split("_") cache_time = request.env["HTTP_IF_MODIFIED_SINCE"] diff --git a/app/controllers/user_avatars_controller.rb b/app/controllers/user_avatars_controller.rb index f3a03cf006e..7aacfa08ece 100644 --- a/app/controllers/user_avatars_controller.rb +++ b/app/controllers/user_avatars_controller.rb @@ -24,6 +24,8 @@ class UserAvatarsController < ApplicationController params.require(:version) params.require(:size) + no_cookies + return render_dot if params[:version] != LetterAvatar.version image = LetterAvatar.generate(params[:username].to_s, params[:size].to_i) @@ -35,6 +37,9 @@ class UserAvatarsController < ApplicationController end def show + + no_cookies + # we need multisite support to keep a single origin pull for CDNs RailsMultisite::ConnectionManagement.with_hostname(params[:hostname]) do show_in_site(RailsMultisite::ConnectionManagement.current_hostname)