ecf7a4f0c6
We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors. This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header). The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent. |
||
---|---|---|
.. | ||
cloud/cloud66 | ||
environments | ||
initializers | ||
locales | ||
application.rb | ||
boot.rb | ||
cdn.yml.sample | ||
database.yml | ||
deploy.rb.sample | ||
dev_defaults.yml | ||
discourse.config.sample | ||
discourse.pill.sample | ||
discourse_defaults.conf | ||
environment.rb | ||
logrotate.conf | ||
multisite.yml.production-sample | ||
nginx.global.conf | ||
nginx.sample.conf | ||
projections.json | ||
puma.rb | ||
routes.rb | ||
sidekiq.yml | ||
site_settings.yml | ||
spring.rb | ||
thin.yml.sample | ||
unicorn.conf.rb | ||
unicorn_launcher | ||
unicorn_upstart.conf |