Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
David Taylor ecf7a4f0c6
FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 
We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors.

This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header).

The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent.
 		2023-12-01 12:57:11 +00:00
..
fabricators DEV: Housekeeping for CleanUpUploads job (#24361) 2023-11-20 09:50:09 +10:00
fixtures FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
helpers DEV: Simplify ember-cli proxy strategy (#24242) 2023-11-10 11:16:06 +00:00
import_export DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
initializers DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
integration DEV: Convert approve_unless_trust_level to groups (#24357) 2023-11-21 11:31:42 -07:00
integrity DEV: Modernise highlightjs loading (#24197) 2023-11-10 20:39:48 +00:00
jobs DEV: Housekeeping for CleanUpUploads job (#24361) 2023-11-20 09:50:09 +10:00
lib FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
mailers FIX: Add higher read & open timeouts for group SMTP emails (#24593) 2023-11-28 15:32:59 +10:00
migrations DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
models FIX: Flaky spec due to incorrect Rack response body (#24640) 2023-11-30 10:49:55 +08:00
multisite DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
requests FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
script/import_scripts DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
serializers FEATURE: increase tag description limit to 1000 (#24561) 2023-11-28 08:45:40 +11:00
services DEV: update syntax tree to latest (#24623) 2023-11-29 16:38:07 +11:00
support DEV: Pass the user who requested the summary to the strategy. (#24489) 2023-11-21 13:27:27 -03:00
system DEV: Port `discourse-table-builder` theme component to core (#24441) 2023-11-30 10:54:29 -08:00
tasks DEV: Remove the transpilation message (#23998) 2023-10-19 01:00:15 +02:00
views FIX: Use subfolder-safe url for category in html view (#24595) 2023-11-28 19:08:14 +08:00
rails_helper.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to `spec/*` 2023-01-09 11:49:28 +00:00