discourse/config
David Taylor ecf7a4f0c6
FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661)
We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors.

This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header).

The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent.
2023-12-01 12:57:11 +00:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
environments PERF: Strict loading for SidebarSection queries (#21717) 2023-05-25 09:10:32 +08:00
initializers FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
locales Fix typos (#24656) 2023-11-30 22:13:28 +01:00
application.rb DEV: Remove dependence on dartsass-sprockets (#23665) 2023-09-26 16:25:07 +01:00
boot.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml DEV: Remove db_timeout setting (#22912) 2023-08-01 14:17:43 -05:00
deploy.rb.sample
dev_defaults.yml DEV: Convert `admin-incoming-email` modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse.config.sample
discourse.pill.sample
discourse_defaults.conf DEV: Introduce `DISCOURSE_ASSET_URL_SALT` (#24596) 2023-11-28 11:28:40 +00:00
environment.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json
puma.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
routes.rb FIX: Make category-drop work with lazy_load_categories (#24187) 2023-11-28 17:58:47 +02:00
sidekiq.yml
site_settings.yml DEV: Convert email_in_min_trust to groups (#24515) 2023-11-22 18:03:28 -07:00
spring.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn.conf.rb DEV: Revert syntax-tree line change in unicorn.conf.rb listen (#19874) 2023-01-16 13:17:23 +10:00
unicorn_launcher
unicorn_upstart.conf