discourse/config/initializers/099-anon-cache.rb
Blake Erickson 06ab681498
SECURITY: Don't reuse CSP nonce between requests (#22553)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-07-11 15:23:04 -06:00

17 lines
554 B
Ruby

# frozen_string_literal: true
require "middleware/anonymous_cache"
enabled =
if Rails.configuration.respond_to?(:enable_anon_caching)
Rails.configuration.enable_anon_caching
else
Rails.env.production? || Rails.env.test?
end
if !ENV["DISCOURSE_DISABLE_ANON_CACHE"] && enabled
# in an ideal world this is position 0, but mobile detection uses ... session and request and params
Rails.configuration.middleware.insert_after Middleware::GtmScriptNonceInjector,
Middleware::AnonymousCache
end