github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-04-22 01:22:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/spec/integrity
History
Kelv 0d90f6e3c3
FIX: cross origin opener policy should apply to public error responses (#31559) 
In some error paths, headers that were set earlier can get overwritten
(e.g. `Cross-Origin-Opener-Policy`) by middleware such as
ActionDispatch::ShowExceptions.

This PR sets the `Cross-Origin-Opener-Policy` header to the value of the
SiteSetting `cross_origin_opener_policy_header` if it's missing and if
the response is for HTML.

In future, this DefaultHeaders middleware can be used to set other
default headers that relate to security or other purposes.

### Testing
<img width="631" alt="test"
src="https://github.com/user-attachments/assets/05106a40-2bc7-435d-91a2-4dd2a098f349"
/>
2025-03-03 17:04:24 +08:00
..
coding_style_spec.rb
Enable Embroider/Webpack code spliting for Wizard (#24919)
2023-12-20 13:15:06 +00:00
common_mark_spec.rb
DEV: Modernise highlightjs loading (#24197)
2023-11-10 20:39:48 +00:00
having_multiple_tagged_loggers_spec.rb
DEV: Add spec to ensure app works with multiple tagged loggers
2024-08-13 18:10:03 +02:00
i18n_spec.rb
DEV: Fix the I18n integrity spec
2024-07-10 11:39:13 +02:00
js_constants_spec.rb
middleware_order_spec.rb
FIX: cross origin opener policy should apply to public error responses (#31559)
2025-03-03 17:04:24 +08:00
oj_spec.rb
onceoff_integrity_spec.rb
PERF: Avoid using ObjectSpace.each_object in Jobs::Onceoff.enqueue_all (#28072)
2024-07-25 13:30:56 +08:00
site_setting_spec.rb