discourse/config/initializers
Alan Guo Xiang Tan b64a58071d
DEV: Ensure that BlockRequestsMiddleware cookie is always set (#25826)
Why this change?

This reverts 725561cf4b as it did not
address the root cause of the problem even though it fixed the failing tests we were seeing 
when running `bundle exec rspec --tag ~type:multisite --order random:776 spec/system/admin_customize_form_templates_spec.rb spec/system/admin_sidebar_navigation_spec.rb spec/system/admin_site_setting_search_spec.rb spec/system/composer/dont_feed_the_trolls_popup_spec.rb spec/system/composer/review_media_unless_trust_level_spec.rb spec/system/create_account_spec.rb spec/system/editing_sidebar_tags_navigation_spec.rb spec/system/email_change_spec.rb spec/system/emojis/emoji_deny_list_spec.rb spec/system/group_activity_spec.rb spec/system/hashtag_autocomplete_spec.rb spec/system/network_disconnected_spec.rb spec/system/post_menu_spec.rb spec/system/post_small_action_spec.rb spec/system/tags_intersection_spec.rb spec/system/topic_list_focus_spec.rb spec/system/topic_page_spec.rb spec/system/user_page/user_profile_info_panel_spec.rb spec/system/viewing_group_members_spec.rb spec/system/viewing_navigation_menu_preferences_spec.rb`.

The root cause here is that `before_action`s added to a controller is
order dependent. As such, some requests were not setting the cookie
because the `before_action` callback was not even hit as a prior
`before_action` callbacks has raised an error such as the `check_xhr`
`before_action` callback.

To resolve the problem, we need to add the `prepend: true` option in
our monkey patch of `ApplicationController` to ensure that the
`before_action` callback which we have added is always run first.

This change also makes a couple of changes:

1. Improve the response body when a request is blocked by the `BlockRequestsMiddleware` middleware
   so that it makes debugging easier.

2. Only set the cookies for non-xhr HTML format requests. Setting it for
   other formats is kind of pointless.
2024-02-23 07:51:51 +08:00
..
001-redis.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
002-freedom_patches.rb FIX: deprecation warning - initialization autoloaded the constant (#12400) 2021-03-16 09:47:57 +11:00
002-rails_failover.rb FEATURE: Introduce pg_force_readonly_mode GlobalSetting (#19612) 2023-01-19 13:59:11 +00:00
004-message_bus.rb DEV: Patch capybara to ignore client-triggered errors (#19972) 2023-01-24 11:07:29 +00:00
005-site_settings.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
006-ensure_login_hint.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
006-mini_profiler.rb FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
008-rack-cors.rb FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
009-omniauth.rb DEV: Drop legacy OpenID 2.0 support (#8894) 2020-02-07 17:32:35 +00:00
012-web_hook_events.rb FEATURE: Add webhooks for user suspend and unsuspend (#23684) 2023-09-28 10:51:05 +02:00
013-excon_defaults.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
014-track-setting-changes.rb PERF: Cache ToS and Privacy Policy paths (#21860) 2023-06-07 21:31:20 +03:00
099-anon-cache.rb FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
099-drain_pool.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-i18n.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-logster.rb FIX: Logster backlink config in production (#25685) 2024-02-15 13:48:36 +11:00
100-oj.rb DEV: default Oj to compat mode 2020-01-16 07:52:28 +11:00
100-onebox_options.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-push-notifications.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-quiet_logger.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-regex-timeout.rb DEV: Introduce regex_timeout_seconds global setting (#20774) 2023-03-22 12:01:35 +00:00
100-secret_token.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
100-session_store.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-sidekiq.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-silence_logger.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-strong_parameters.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
100-verify_config.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
100-wrap_parameters.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
101-lograge.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
102-truncate-logs.rb SECURITY: Add a default limit as to when logs should be truncated 2023-10-16 10:34:38 -04:00
200-first_middlewares.rb DEV: Ensure that BlockRequestsMiddleware cookie is always set (#25826) 2024-02-23 07:51:51 +08:00
300-perf.rb FEATURE: add hook after all initializers 2019-08-26 10:49:26 +10:00
400-deprecations.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
000-development_reload_warnings.rb DEV: Further refine development reload for plugin files (#22141) 2023-06-16 16:15:15 +08:00
000-mini_sql.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
000-post_migration.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
000-trace_pg_connections.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
000-zeitwerk.rb DEV: chat streaming (#25736) 2024-02-20 09:49:19 +01:00
assets.rb DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
filter_parameter_logging.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
new_framework_defaults_7_0.rb Revert "DEV: Migrate existing cookies to Rails 7 format" 2023-01-12 12:07:49 +01:00