discourse/config
Alan Guo Xiang Tan 5d7d607b5f DEV: Add hidden cross_origin_opener_policy_header site setting (#23346)
Why this change?

As part of our ongoing efforts to security harden the Discourse
application, we are adding the `cross_origin_opener_policy_header` site setting
which allows the `Cross-Origin-Opener-Policy` response header to be set on requests
that preloads the Discourse application. In more technical terms, only
GET requests that are not json or xhr will have the response header set.

The `cross_origin_opener_policy_header` site setting is hidden for now
for testing purposes and will either be released as a public site
setting or be remove if we decide to be opinionated and ship a default
for the `Cross-Origin-Opener-Policy` response header.
2023-10-11 14:51:28 -07:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
environments PERF: Strict loading for SidebarSection queries (#21717) 2023-05-25 09:10:32 +08:00
initializers SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
locales Update translations (#23874) 2023-10-11 11:18:08 +02:00
application.rb SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
boot.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml Revert "DEV: Improve multisite db scripts in dev (#17337)" (#17801) 2022-08-04 16:15:06 -05:00
deploy.rb.sample
dev_defaults.yml DEV: Convert admin-incoming-email modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse_defaults.conf PERF: Set default global regex timeout to 2 seconds (#20933) 2023-04-03 10:43:28 +01:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample DEV: Remove db_id from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json
puma.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
routes.rb DEV: Add endpoint for dismissing outdated translations (#22509) 2023-07-19 23:06:13 +08:00
sidekiq.yml
site_settings.yml DEV: Add hidden cross_origin_opener_policy_header site setting (#23346) 2023-10-11 14:51:28 -07:00
spring.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb DEV: Revert syntax-tree line change in unicorn.conf.rb listen (#19874) 2023-01-16 13:17:23 +10:00