github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-24 03:24:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/config/initializers/008-rack-cors.rb
Vinoth Kannan af4938baf1
Revert "DEV: enable cors to all cdn get requests from workbox. (#10684)" (#11076) 
This reverts commit e3de45359f9bc7a71d9b8045a7e369fd0cf8f433.

We need to improve out strategy by adding a cache breaker with this change ... some assets on CDNs and clients may have incorrect CORS headers which can cause stuff to break.
2020-10-30 16:05:35 +11:00

54 lines
1.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
class Discourse::Cors
ORIGINS_ENV = "Discourse_Cors_Origins"
def initialize(app, options = nil)
@app = app
if GlobalSetting.enable_cors && GlobalSetting.cors_origin.present?
@global_origins = GlobalSetting.cors_origin.split(',').map { |x| x.strip.chomp('/') }
end
end
def call(env)
cors_origins = @global_origins || []
cors_origins += SiteSetting.cors_origins.split('|') if SiteSetting.cors_origins.present?
cors_origins = cors_origins.presence
if env['REQUEST_METHOD'] == ('OPTIONS') && env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
return [200, Discourse::Cors.apply_headers(cors_origins, env, {}), []]
end
env[Discourse::Cors::ORIGINS_ENV] = cors_origins if cors_origins
status, headers, body = @app.call(env)
headers ||= {}
Discourse::Cors.apply_headers(cors_origins, env, headers) if cors_origins
[status, headers, body]
end
def self.apply_headers(cors_origins, env, headers)
origin = nil
if cors_origins
if origin = env['HTTP_ORIGIN']
origin = nil unless cors_origins.include?(origin)
end
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
headers['Access-Control-Allow-Headers'] = 'Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
end
headers
end
end
if GlobalSetting.enable_cors
Rails.configuration.middleware.insert_before ActionDispatch::Flash, Discourse::Cors
end
Reference in New Issue View Git Blame Copy Permalink