Exact

Exact Union RegExp

David Taylor 27227c9ece DEV: Simplify CORS logic for public asset routes (#33106) ... Previously we would check the request for a matching CDN hostname before applying the `Access-Control-Allow-Origin` header. That logic requires the CDN to include its public-facing hostname in the `Host` header, which is not always the case. Since we are only running this `apply_cdn_headers` before_action on publicly-accessible asset routes, we can simplify things so that the `Access-Control-Allow-Origin: *` header is always included. That will make CDN config requirements much more relaxed. At the moment, this is primarily relevant to the HighlightJsController routes, which are loaded using native JS `type=module`. But in the near future, we plan to expand our use of `type=module` to more critical JS assets like translations and themes. Also drops the `Access-Control-Allow-Methods` header from these responses. That isn't needed for `GET` and `HEAD` requests.		2025-06-09 08:58:27 +01:00
..
anonymous_cache.rb	DEV: Add new key for anon cache for localization (#32640)	2025-05-08 14:30:03 +08:00
csp_script_nonce_injector.rb	DEV: Memoize CSP nonce placeholder on response (#25724)	2024-02-16 12:15:55 +00:00
default_headers.rb	DEV: ensure Rails application default headers are present in responses (#31619)	2025-03-05 13:19:09 +08:00
discourse_public_exceptions.rb	DEV: Fix Lint/ShadowingOuterLocalVariable (#32036)	2025-03-27 13:50:24 +01:00
enforce_hostname.rb	DEV: Simplify CORS logic for public asset routes (#33106)	2025-06-09 08:58:27 +01:00
missing_avatars.rb	DEV: Prefer \A and \z over ^ and $ in regexes (#19936)	2023-01-20 12:52:49 -06:00
omniauth_bypass_middleware.rb	DEV: Update to OmniAuth 2.0 (#25707)	2025-02-11 11:18:07 +00:00
processing_request.rb	FIX: Set sane default for Net::HTTP when processing a request (#28141)	2024-08-06 07:12:42 +08:00
request_tracker.rb	FIX: Incorrect topic per-minute invitation rate limit (#31252)	2025-02-10 13:12:16 +10:00