Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
40,835 Commits 181 Branches 498 Tags 917 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Vinoth Kannan a5923ad603
DEV: apply allow origin response header for CDN requests. (#11893) 
Currently, it creates a CORS error while accessing those static files.
 2021-01-29 07:44:49 +05:30
Vinoth Kannan af4938baf1
Revert "DEV: enable cors to all cdn get requests from workbox. (#10684)" (#11076) 
This reverts commit e3de45359f.

We need to improve out strategy by adding a cache breaker with this change ... some assets on CDNs and clients may have incorrect CORS headers which can cause stuff to break.
 2020-10-30 16:05:35 +11:00
Vinoth Kannan e3de45359f
DEV: enable cors to all cdn get requests from workbox. (#10685) 
Now all external requests from the service worker will be in CORS mode without credentials.
 2020-10-28 23:36:19 +05:30
David Taylor 19814c5e81
FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
 2020-03-19 19:54:42 +00:00
Sam e7001f879a SECURITY: enforce hostname to match discourse hostname 
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
 2018-11-15 15:23:06 +11:00