Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-02 09:31:40 +08:00
Code Packages Activity Actions
discourse/spec/integrity
History
Exact
Kelv 0d90f6e3c3
FIX: cross origin opener policy should apply to public error responses (#31559) 
In some error paths, headers that were set earlier can get overwritten
(e.g. `Cross-Origin-Opener-Policy`) by middleware such as
ActionDispatch::ShowExceptions.

This PR sets the `Cross-Origin-Opener-Policy` header to the value of the
SiteSetting `cross_origin_opener_policy_header` if it's missing and if
the response is for HTML.

In future, this DefaultHeaders middleware can be used to set other
default headers that relate to security or other purposes.

### Testing
<img width="631" alt="test"
src="https://github.com/user-attachments/assets/05106a40-2bc7-435d-91a2-4dd2a098f349"
/>
2025-03-03 17:04:24 +08:00
..
coding_style_spec.rb Enable Embroider/Webpack code spliting for Wizard (#24919) 2023-12-20 13:15:06 +00:00
common_mark_spec.rb DEV: Modernise highlightjs loading (#24197) 2023-11-10 20:39:48 +00:00
having_multiple_tagged_loggers_spec.rb DEV: Add spec to ensure app works with multiple tagged loggers 2024-08-13 18:10:03 +02:00
i18n_spec.rb DEV: Fix the I18n integrity spec 2024-07-10 11:39:13 +02:00
js_constants_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
middleware_order_spec.rb FIX: cross origin opener policy should apply to public error responses (#31559) 2025-03-03 17:04:24 +08:00
oj_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
onceoff_integrity_spec.rb PERF: Avoid using ObjectSpace.each_object in Jobs::Onceoff.enqueue_all (#28072) 2024-07-25 13:30:56 +08:00
site_setting_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00