discourse

github-mirror/discourse

Fork 0

mirror of https://github.com/discourse/discourse.git synced 2024-11-25 09:42:07 +08:00

Commit Graph

Author	SHA1	Message	Date
David Taylor	ecf7a4f0c6	FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661 ) We add `Access-Control-Allow-Origin: ` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors. This commit updates the logic to give the `` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header). The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent.	2023-12-01 12:57:11 +00:00

Author

SHA1

Message

Date

David Taylor

ecf7a4f0c6

FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661 )

We add `Access-Control-Allow-Origin: *` to all asset requests which are requested via a configured CDN. This is particularly important now that we're using browser-native `import()` to load the highlightjs bundle. Unfortunately, user-configurable 'cors_origins' site setting was overriding the wldcard value on CDN assets and causing CORS errors.

This commit updates the logic to give the `*` value precedence, and adds a spec for the situation. It also invalidates the cache of hljs assets (because CDNs will have cached the bad Access-Control-Allow-Origin header).

The rack-cors middleware is also slightly tweaked so that it is always inserted. This makes things easier to test and more consistent.

2023-12-01 12:57:11 +00:00

1 Commits