github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-05 04:13:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Remove ember-cli specific response from application routes (stable) (#15154)

Browse Source 
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

For the stable branch, we are disabling the use of Ember CLI against production sites. A new implementation has been added to the tests-passed/beta branches
This commit is contained in:
David Taylor 2021-12-01 16:02:45 +00:00 committed by GitHub
parent cdaf7f4bb3
commit 982f23e1f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/helpers/application_helper.rb
View File

@ -596,7 +596,7 @@ module ApplicationHelper
end
def hijack_if_ember_cli!
if request.headers["HTTP_X_DISCOURSE_EMBER_CLI"] == "true"
if !Rails.env.production? && request.headers["HTTP_X_DISCOURSE_EMBER_CLI"] == "true"
raise ApplicationController::EmberCLIHijacked.new
end
end