mirror of
https://github.com/discourse/discourse.git
synced 2024-12-03 10:26:17 +08:00
1fa7a87f86
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label. Previously the Rails application would serve JSON data in place of HTML whenever Ember CLI requested an `application.html.erb`-rendered page. This commit removes that logic, and instead parses the HTML out of the standard response. This means that Rails doesn't need to customize its response for Ember CLI.
134 lines
4.7 KiB
Plaintext
134 lines
4.7 KiB
Plaintext
<!DOCTYPE html>
|
|
<html lang="<%= html_lang %>" class="<%= html_classes %>">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title><%= content_for?(:title) ? yield(:title) : SiteSetting.title %></title>
|
|
<meta name="description" content="<%= @description_meta || SiteSetting.site_description %>">
|
|
<meta name="discourse_theme_id" content="<%= theme_id %>">
|
|
<meta name="discourse_current_homepage" content="<%= current_homepage %>">
|
|
<%= render partial: "layouts/head" %>
|
|
<%= discourse_csrf_tags %>
|
|
|
|
<%= render partial: "common/discourse_stylesheet" %>
|
|
|
|
<%- if SiteSetting.enable_escaped_fragments? %>
|
|
<meta name="fragment" content="!">
|
|
<%- end %>
|
|
|
|
<%- if shared_session_key %>
|
|
<meta name="shared_session_key" content="<%= shared_session_key %>">
|
|
<%- end %>
|
|
|
|
<%= build_plugin_html 'server:before-script-load' %>
|
|
|
|
<link rel="preload" href="<%= script_asset_path "start-discourse" %>" as="script">
|
|
<link rel="preload" href="<%= script_asset_path "browser-update" %>" as="script">
|
|
<%= preload_script 'browser-detect' %>
|
|
|
|
<%= preload_script "locales/#{I18n.locale}" %>
|
|
<%- if ExtraLocalesController.client_overrides_exist? %>
|
|
<%= preload_script_url ExtraLocalesController.url('overrides') %>
|
|
<%- end %>
|
|
<%= preload_script "vendor" %>
|
|
<%= preload_script "application" %>
|
|
<%- Discourse.find_plugin_js_assets(include_official: allow_plugins?, include_unofficial: allow_third_party_plugins?, request: request).each do |file| %>
|
|
<%= preload_script file %>
|
|
<%- end %>
|
|
<%- if staff? %>
|
|
<%= preload_script_url ExtraLocalesController.url('admin') %>
|
|
<%= preload_script "admin" %>
|
|
<%- end %>
|
|
|
|
<%- unless customization_disabled? %>
|
|
<%= theme_translations_lookup %>
|
|
<%= theme_js_lookup %>
|
|
<%= theme_lookup("head_tag") %>
|
|
<%- end %>
|
|
|
|
<%= render_google_tag_manager_head_code %>
|
|
<%= render_google_universal_analytics_code %>
|
|
<link id="manifest-link" rel="manifest" href=<%= manifest_url %> crossorigin="use-credentials">
|
|
|
|
<%- if include_ios_native_app_banner? %>
|
|
<meta name="apple-itunes-app" content="app-id=<%= SiteSetting.ios_app_id %><%= ios_app_argument %>">
|
|
<%- end %>
|
|
|
|
|
|
<%= yield :head %>
|
|
|
|
<%= build_plugin_html 'server:before-head-close' %>
|
|
|
|
<%= tag.meta id: 'data-discourse-setup', data: client_side_setup_data %>
|
|
|
|
<meta name="discourse/config/environment" content="<%=u discourse_config_environment %>" />
|
|
<%- if authentication_data %>
|
|
<meta id="data-authentication" data-authentication-data="<%= authentication_data %>">
|
|
<%- end %>
|
|
</head>
|
|
|
|
<body class="<%= body_classes %>">
|
|
<%- if allow_plugins? %>
|
|
<%= build_plugin_html 'server:after-body-open' %>
|
|
<%- end -%>
|
|
|
|
<%= render_google_tag_manager_body_code %>
|
|
<noscript data-path="<%= request.env['PATH_INFO'] %>">
|
|
<%= render partial: 'header' %>
|
|
<div id="main-outlet" class="wrap" role="main">
|
|
<!-- preload-content: -->
|
|
<%= yield %>
|
|
<!-- :preload-content -->
|
|
<footer class="noscript-footer-nav">
|
|
<nav itemscope itemtype='http://schema.org/SiteNavigationElement'>
|
|
<a href='<%= path "/" %>'><%= t 'home_title' %></a>
|
|
<%= link_to t('js.filters.categories.title'), path("/categories") %>
|
|
<%= link_to t('guidelines_topic.title'), path("/guidelines") %>
|
|
<%= link_to t('tos_topic.title'), path("/tos") %>
|
|
<%= link_to t('privacy_topic.title'), path("/privacy") %>
|
|
</nav>
|
|
</footer>
|
|
</div>
|
|
|
|
<footer id='noscript-footer'>
|
|
<p><%= t 'powered_by_html' %></p>
|
|
</footer>
|
|
</noscript>
|
|
|
|
<%- unless customization_disabled? %>
|
|
<%= theme_lookup("header") %>
|
|
<%- end %>
|
|
|
|
<%- if allow_plugins? %>
|
|
<%= build_plugin_html 'server:header' %>
|
|
<%- end %>
|
|
|
|
<section id='main'>
|
|
</section>
|
|
|
|
<% unless current_user %>
|
|
<form id='hidden-login-form' method="post" action="<%=main_app.login_path%>" style="display: none;">
|
|
<input name="username" type="text" id="signin_username">
|
|
<input name="password" type="password" id="signin_password">
|
|
<input name="redirect" type="hidden">
|
|
<input type="submit" id="signin-button" value="<%= t 'log_in' %>">
|
|
</form>
|
|
<% end %>
|
|
|
|
<div class="hidden" id="data-preloaded" data-preloaded="<%= preloaded_json %>"></div>
|
|
|
|
<script src="<%= script_asset_path "start-discourse" %>"></script>
|
|
|
|
<%= yield :data %>
|
|
|
|
<script src="<%= script_asset_path "browser-update" %>"></script>
|
|
|
|
<%- unless customization_disabled? %>
|
|
<%= theme_lookup("body_tag") %>
|
|
<%- end %>
|
|
|
|
<%- if allow_plugins? %>
|
|
<%= build_plugin_html 'server:before-body-close' %>
|
|
<%- end %>
|
|
</body>
|
|
</html>
|