Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 10:50:21 +08:00
Code Packages Activity Actions 9

DEV: enable cors to all cdn get requests from workbox. (#10685)

Browse source 
Now all external requests from the service worker will be in CORS mode without credentials.
This commit is contained in:
Vinoth Kannan 2020-10-28 23:36:19 +05:30 committed by GitHub
parent f70042860b
commit e3de45359f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 391 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
app/controllers/application_controller.rb
View file

@ -42,6 +42,7 @@ class ApplicationController < ActionController::Base
before_action :preload_json
before_action :add_noindex_header, if: -> { is_feed_request? || !SiteSetting.allow_index_in_robots_txt }
before_action :check_xhr
before_action :block_cdn_requests
after_action :add_readonly_header
after_action :perform_refresh_session
after_action :dont_cache_page
@ -672,6 +673,19 @@ class ApplicationController < ActionController::Base
raise ApplicationController::RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
end
def block_cdn_requests
raise Discourse::NotFound if Discourse.is_cdn_request?(request.env, request.method)
end
def apply_cdn_headers
Discourse.apply_cdn_headers(response.headers) if Discourse.is_cdn_request?(request.env, request.method)
end
def self.cdn_action(args = {})
skip_before_action :block_cdn_requests, args
before_action :apply_cdn_headers, args
end
def self.requires_login(arg = {})
@requires_login_arg = arg
end