mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 08:03:40 +08:00
Add Cache-Control header to CORS (#6490)
This commit is contained in:
parent
fc94732f88
commit
005e1f5373
|
@ -39,7 +39,7 @@ class Discourse::Cors
|
|||
end
|
||||
|
||||
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
|
||||
headers['Access-Control-Allow-Headers'] = 'Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id'
|
||||
headers['Access-Control-Allow-Headers'] = 'Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id'
|
||||
headers['Access-Control-Allow-Credentials'] = 'true'
|
||||
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
|
||||
end
|
||||
|
|
|
@ -107,7 +107,7 @@ describe Hijack do
|
|||
|
||||
expected = {
|
||||
"Access-Control-Allow-Origin" => "www.rainbows.com",
|
||||
"Access-Control-Allow-Headers" => "Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id",
|
||||
"Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id",
|
||||
"Access-Control-Allow-Credentials" => "true",
|
||||
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user