mirror of
https://github.com/discourse/discourse.git
synced 2025-05-30 15:28:37 +08:00
FEATURE: Use group based setting for unsafe-none COOP (#27783)
Followup 3ff7ce78e782c7d28c8b5a1a3f40a1de897d89a1 Basing this setting on referrer was too brittle -- the referrer header can easily be ommitted or changed. Instead, for the small amount of use cases that this site setting serves, we can use a group-based setting instead, changing it to `cross_origin_opener_unsafe_none_groups` instead.
This commit is contained in:
Martin Brennan
@ -0,0 +1,14 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class RemoveCrossOriginUnsafeNoneReferrersSetting < ActiveRecord::Migration[7.1]
|
||||
def up
|
||||
execute <<~SQL
|
||||
DELETE FROM site_settings
|
||||
WHERE name = 'cross_origin_opener_unsafe_none_referrers'
|
||||
SQL
|
||||
end
|
||||
|
||||
def down
|
||||
raise ActiveRecord::IrreversibleMigration
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user