Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/fixtures
History
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188) 
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
 		2019-10-14 15:40:33 +11:00
..
csv FIX: remove post upload record creation inside 'find_missing_uploads' method. 2019-07-19 01:44:08 +05:30
db DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
emails FIX: Don't create staged users when processing forwarded email fails 2019-05-09 23:47:47 +02:00
encodings FIX: Try detecting encoding of RSS feed 2018-08-01 10:41:20 +02:00
feed FIX: Try respecting charset in HTTP header of RSS feed 2018-08-01 10:41:20 +02:00
i18n FIX: Use correct locale when translating without cache 2019-06-05 14:19:56 +02:00
images FEATURE: Automatically generate optimized site metadata icons (#7372) 2019-05-01 14:44:45 +01:00
json Replacing default brown category color 2018-08-24 14:18:14 -04:00
md DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
mmdb UX: Use user locale for locations. (#6527) 2018-10-25 10:54:01 +00:00
multisite Introduce multisite tests for better coverage. 2017-08-08 12:58:22 +09:00
pdf FEATURE: Add attachments to outgoing emails 2019-07-25 15:57:45 +02:00
plugins DEV: introduce new API to look up dynamic site setting 2019-05-07 11:00:30 +10:00
scss DEV: Run prettier. (#6420) 2018-09-21 11:02:23 +00:00
site_settings FIX: fails loud if default setting is not set 2017-08-15 12:07:25 +02:00
theme_settings FEATURE: Allow string theme settings to display with multiple lines 2019-02-05 14:14:53 +00:00
themes FIX: Allow themes to upload and serve js files (#8188) 2019-10-14 15:40:33 +11:00
woff2 FEATURE: support uploads for themes 2017-05-10 15:47:11 -04:00