Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Krzysztof Kotlarek 99086edf85
FIX: Allow themes to upload and serve js files (#8188) 
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error:
`Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.`

The reason is that content type is `application/javascript` and in Rails 5 guard looked like that:
https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280
However, in Rails 6 `application` was added to regex:
https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284

This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8
 		2019-10-14 15:40:33 +11:00
..
components DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00
fabricators FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099) 2019-10-01 19:08:41 -07:00
fixtures FIX: Allow themes to upload and serve js files (#8188) 2019-10-14 15:40:33 +11:00
helpers FIX: Fallback to gzip compression if brotli isn't supported (#7895) 2019-07-16 11:05:37 -03:00
import_export DEV: clean up dependencies in spec 2019-10-02 14:50:54 +10:00
integration DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
integrity DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
jobs DEV: stop hardcoding ids in specs 2019-10-08 09:37:07 +11:00
lib DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00
mailers DEV: Upgrade Discourse to Rails 6 (#8083) 2019-09-12 10:41:50 +10:00
models FIX: Accurate sub_total calculation for reviewable_scores (#8184) 2019-10-11 11:07:19 -05:00
multisite DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
requests FIX: Allow themes to upload and serve js files (#8188) 2019-10-14 15:40:33 +11:00
serializers DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
services DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
support FIX: DistributedMutex (#7953) 2019-08-01 09:12:05 +01:00
tasks FEATURE: option to skip posts with ignored missing uploads 2019-05-09 05:11:15 +05:30
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00