discourse/lib/middleware
David Taylor 19814c5e81
FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180)
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
2020-03-19 19:54:42 +00:00
..
anonymous_cache.rb FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
discourse_public_exceptions.rb FIX: avoid superflous logging when mime type is bad 2020-01-02 12:34:38 +11:00
enforce_hostname.rb FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
missing_avatars.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
omniauth_bypass_middleware.rb FIX: Convert omniauth authenticator names to symbols before comparing 2019-08-14 12:57:11 +01:00
request_tracker.rb DEV: allow handling crawler reqs with no user agent 2019-12-09 18:40:10 +11:00
turbo_dev.rb