github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-30 09:53:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add Cache-Control header to CORS (#6490)

Browse Source
This commit is contained in:
Davide Porrovecchio 2018-10-16 01:46:55 +02:00 committed by Sam
parent fc94732f88
commit 005e1f5373
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/008-rack-cors.rb
View File

@ -39,7 +39,7 @@ class Discourse::Cors
end end
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0] headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
headers['Access-Control-Allow-Headers'] = 'Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id' headers['Access-Control-Allow-Headers'] = 'Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id'
headers['Access-Control-Allow-Credentials'] = 'true' headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE' headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
end end

2
spec/components/hijack_spec.rb
View File

@ -107,7 +107,7 @@ describe Hijack do
expected = { expected = {
"Access-Control-Allow-Origin" => "www.rainbows.com", "Access-Control-Allow-Origin" => "www.rainbows.com",
"Access-Control-Allow-Headers" => "Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id", "Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id",
"Access-Control-Allow-Credentials" => "true", "Access-Control-Allow-Credentials" => "true",
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE" "Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
} }