github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 20:41:11 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180)

Browse Source 
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
This commit is contained in:
David Taylor
2020-03-19 19:54:42 +00:00
committed by GitHub
parent e9a3639b10
commit 19814c5e81
10 changed files with 122 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/middleware/anonymous_cache.rb
View File

@ -107,7 +107,7 @@ module Middleware
def cache_key
return @cache_key if defined?(@cache_key)
@cache_key = +"ANON_CACHE_#{@env["HTTP_ACCEPT"]}_#{@env["HTTP_HOST"]}#{@env["REQUEST_URI"]}"
@cache_key = +"ANON_CACHE_#{@env["HTTP_ACCEPT"]}_#{@env[Rack::RACK_URL_SCHEME]}_#{@env["HTTP_HOST"]}#{@env["REQUEST_URI"]}"
@cache_key << AnonymousCache.build_cache_key(self)
@cache_key
end