discourse/lib/middleware/enforce_hostname.rb
Vinoth Kannan a5923ad603
DEV: apply allow origin response header for CDN requests. (#11893)
Currently, it creates a CORS error while accessing those static files.
2021-01-29 07:44:49 +05:30

27 lines
874 B
Ruby

# frozen_string_literal: true
module Middleware
class EnforceHostname
def initialize(app, settings = nil)
@app = app
end
def call(env)
# enforces hostname to match the hostname of our connection
# this middleware lives after rails multisite so at this point
# Discourse.current_hostname MUST be canonical, enforce it so
# all Rails helpers are guarenteed to use it unconditionally and
# never generate incorrect links
env[Rack::Request::HTTP_X_FORWARDED_HOST] = nil
allowed_hostnames = RailsMultisite::ConnectionManagement.current_db_hostnames
requested_hostname = env[Rack::HTTP_HOST]
env[Discourse::REQUESTED_HOSTNAME] = requested_hostname
env[Rack::HTTP_HOST] = allowed_hostnames.find { |h| h == requested_hostname } || Discourse.current_hostname
@app.call(env)
end
end
end