mirror of
https://github.com/discourse/discourse.git
synced 2024-12-05 08:30:12 +08:00
SECURITY: extra CORS headers should be set on correct host
This commit is contained in:
parent
6f25421a06
commit
297b899c68
|
@ -10,14 +10,14 @@ end
|
|||
def setup_message_bus_env(env)
|
||||
return if env["__mb"]
|
||||
|
||||
extra_headers = {
|
||||
"Access-Control-Allow-Origin" => Discourse.base_url_no_prefix,
|
||||
"Access-Control-Allow-Methods" => "GET, POST",
|
||||
"Access-Control-Allow-Headers" => "X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Visible"
|
||||
}
|
||||
|
||||
host = RailsMultisite::ConnectionManagement.host(env)
|
||||
RailsMultisite::ConnectionManagement.with_hostname(host) do
|
||||
extra_headers = {
|
||||
"Access-Control-Allow-Origin" => Discourse.base_url_no_prefix,
|
||||
"Access-Control-Allow-Methods" => "GET, POST",
|
||||
"Access-Control-Allow-Headers" => "X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Visible"
|
||||
}
|
||||
|
||||
user = nil
|
||||
begin
|
||||
user = CurrentUser.lookup_from_env(env)
|
||||
|
|
Loading…
Reference in New Issue
Block a user