BUGFIX: re-enable CDN js debugging in a robust way

May be disabled if needed via site setting

app/controllers/static_controller.rb

@@ -57,4 +57,17 @@ class StaticController < ApplicationController
       end
     )
   end
+
+  skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
+  def cdn_asset
+    path = params[:path].gsub(/[^a-zA-Z0-9_\-\.]/, "")
+    path = (Rails.root + "public/assets/" + path).to_s
+    expires_in 1.year, public: true
+    response.headers["Access-Control-Allow-Origin"] = params[:origin]
+    opts = {
+      disposition: nil
+    }
+    opts[:type] = "application/x-javascript" if path =~ /\.js$/
+    send_file(path, opts)
+  end
 end