discourse

Commit Graph

Author	SHA1	Message	Date
David Taylor	19814c5e81	FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180 ) - Define the CSP based on the requested domain / scheme (respecting force_https) - Update EnforceHostname middleware to allow secondary domains, add specs - Add URL scheme to anon cache key so that CSP headers are cached correctly	2020-03-19 19:54:42 +00:00
Sam	e7001f879a	SECURITY: enforce hostname to match discourse hostname This ensures that the hostname rails uses for various helpers always matches the Discourse hostname	2018-11-15 15:23:06 +11:00

Author

SHA1

Message

Date

David Taylor

19814c5e81

FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180 )

- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly

2020-03-19 19:54:42 +00:00

Sam

e7001f879a

SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

2018-11-15 15:23:06 +11:00

2 Commits