Alan Guo Xiang Tan 5724b7bccd DEV: Add hidden cross_origin_opener_policy_header site setting (#23346) ... Why this change? As part of our ongoing efforts to security harden the Discourse application, we are adding the `cross_origin_opener_policy_header` site setting which allows the `Cross-Origin-Opener-Policy` response header to be set on requests that preloads the Discourse application. In more technical terms, only GET requests that are not json or xhr will have the response header set. The `cross_origin_opener_policy_header` site setting is hidden for now for testing purposes and will either be released as a public site setting or be remove if we decide to be opinionated and ship a default for the `Cross-Origin-Opener-Policy` response header.		2023-08-31 08:50:06 -04:00
..
assets	FIX: Add missing props to move-to-topic (#23349)	2023-08-31 14:18:57 +02:00
controllers	DEV: Add hidden cross_origin_opener_policy_header site setting (#23346)	2023-08-31 08:50:06 -04:00
helpers	DEV: Improve strategy for identifying ember-cli JS chunks (#23336)	2023-08-30 18:47:06 +01:00
jobs	DEV: there is no need anymore to wrap export methods into enumerators (#22567)	2023-08-17 22:09:58 +04:00
mailers	FIX: Order tags shown in email subject by topics count and name (#22586)	2023-07-13 15:39:58 +08:00
models	FEATURE: support to initial values for form templates through /new-topic (#23313)	2023-08-29 18:41:33 -03:00
serializers	DEV: Remove reviewable action custom_modal and use new action-based modal API (#23258)	2023-08-29 14:36:20 +10:00
services	DEV: Add rake command to help detect dead settings (#23300)	2023-08-29 09:42:52 -06:00
views	PERF: Avoid calling the same translation twice when rendering lists view (#22976)	2023-08-04 13:38:41 +08:00