Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/config
History
Alan Guo Xiang Tan 5724b7bccd
DEV: Add hidden `cross_origin_opener_policy_header` site setting (#23346) 
Why this change?

As part of our ongoing efforts to security harden the Discourse
application, we are adding the `cross_origin_opener_policy_header` site setting
which allows the `Cross-Origin-Opener-Policy` response header to be set on requests
that preloads the Discourse application. In more technical terms, only
GET requests that are not json or xhr will have the response header set.

The `cross_origin_opener_policy_header` site setting is hidden for now
for testing purposes and will either be released as a public site
setting or be remove if we decide to be opinionated and ship a default
for the `Cross-Origin-Opener-Policy` response header.
 		2023-08-31 08:50:06 -04:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
environments PERF: Strict loading for SidebarSection queries (#21717) 2023-05-25 09:10:32 +08:00
initializers DEV: Seperate concerns of tracking GC stat from `MethodProfiler` (#22921) 2023-08-02 10:46:37 +08:00
locales FIX: Confusing vague upload error (#23347) 2023-08-31 18:02:00 +10:00
application.rb SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
boot.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml DEV: Remove db_timeout setting (#22912) 2023-08-01 14:17:43 -05:00
deploy.rb.sample
dev_defaults.yml DEV: Convert `admin-incoming-email` modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse.config.sample
discourse.pill.sample
discourse_defaults.conf DEV: Remove db_timeout setting (#22912) 2023-08-01 14:17:43 -05:00
environment.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample DEV: Remove `db_id` from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
routes.rb DEV: Add endpoint for dismissing outdated translations (#22509) 2023-07-19 23:06:13 +08:00
sidekiq.yml FEATURE: introduce ultra_low priority queue 2019-01-17 14:53:19 +11:00
site_settings.yml DEV: Add hidden `cross_origin_opener_policy_header` site setting (#23346) 2023-08-31 08:50:06 -04:00
spring.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn.conf.rb DEV: Revert syntax-tree line change in unicorn.conf.rb listen (#19874) 2023-01-16 13:17:23 +10:00
unicorn_launcher FIX: Increase timeout when trying to reload unicorn. 2018-12-04 13:43:14 +08:00
unicorn_upstart.conf