mirror of
https://github.com/discourse/discourse.git
synced 2024-12-05 11:03:41 +08:00
SECURITY: Remove ember-cli specific response from application routes (stable) (#15154)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label. For the stable branch, we are disabling the use of Ember CLI against production sites. A new implementation has been added to the tests-passed/beta branches
This commit is contained in:
parent
cdaf7f4bb3
commit
982f23e1f2
|
@ -596,7 +596,7 @@ module ApplicationHelper
|
|||
end
|
||||
|
||||
def hijack_if_ember_cli!
|
||||
if request.headers["HTTP_X_DISCOURSE_EMBER_CLI"] == "true"
|
||||
if !Rails.env.production? && request.headers["HTTP_X_DISCOURSE_EMBER_CLI"] == "true"
|
||||
raise ApplicationController::EmberCLIHijacked.new
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user