mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 20:20:43 +08:00
99086edf85
If you set `config.public_file_server.enabled = false` when you try to get uploaded js file you will get an error: `Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.` The reason is that content type is `application/javascript` and in Rails 5 guard looked like that: https://github.com/rails/rails/blob/5-2-stable/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L278-L280 However, in Rails 6 `application` was added to regex: https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/request_forgery_protection.rb#L282-L284 This pull request is related to https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/8 |
||
|---|---|---|
| .. | ||
| csv | ||
| db | ||
| emails | ||
| encodings | ||
| feed | ||
| i18n | ||
| images | ||
| json | ||
| md | ||
| mmdb | ||
| multisite | ||
| plugins | ||
| scss | ||
| site_settings | ||
| theme_settings | ||
| themes | ||
| woff2 | ||