DEV: apply allow origin response header for CDN requests. (#11893)

Currently, it creates a CORS error while accessing those static files.

app/controllers/application_controller.rb

@@ -680,6 +680,10 @@ class ApplicationController < ActionController::Base
     raise ApplicationController::RenderEmpty.new unless ((request.format && request.format.json?) || request.xhr?)
   end
 
+  def apply_cdn_headers
+    Discourse.apply_cdn_headers(response.headers) if Discourse.is_cdn_request?(request.env, request.method)
+  end
+
   def self.requires_login(arg = {})
     @requires_login_arg = arg
   end

app/controllers/highlight_js_controller.rb

@@ -3,6 +3,8 @@
 class HighlightJsController < ApplicationController
   skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show]
 
+  before_action :apply_cdn_headers, only: [:show]
+
   def show
 
     no_cookies

app/controllers/static_controller.rb

@@ -7,6 +7,8 @@ class StaticController < ApplicationController
   skip_before_action :preload_json, only: [:brotli_asset, :cdn_asset, :enter, :favicon, :service_worker_asset]
   skip_before_action :handle_theme, only: [:brotli_asset, :cdn_asset, :enter, :favicon, :service_worker_asset]
 
+  before_action :apply_cdn_headers, only: [:brotli_asset, :cdn_asset, :enter, :favicon, :service_worker_asset]
+
   PAGES_WITH_EMAIL_PARAM = ['login', 'password_reset', 'signup']
   MODAL_PAGES = ['password_reset', 'signup']
 

app/controllers/stylesheets_controller.rb

@@ -3,6 +3,8 @@
 class StylesheetsController < ApplicationController
   skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_source_map, :color_scheme]
 
+  before_action :apply_cdn_headers, only: [:show, :show_source_map, :color_scheme]
+
   def show_source_map
     show_resource(source_map: true)
   end

app/controllers/svg_sprite_controller.rb

@@ -3,6 +3,8 @@
 class SvgSpriteController < ApplicationController
   skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :search, :svg_icon]
 
+  before_action :apply_cdn_headers, only: [:show, :search, :svg_icon]
+
   requires_login except: [:show, :svg_icon]
 
   def show

app/controllers/theme_javascripts_controller.rb

@@ -11,7 +11,7 @@ class ThemeJavascriptsController < ApplicationController
     only: [:show]
   )
 
-  before_action :is_asset_path, :no_cookies, only: [:show]
+  before_action :is_asset_path, :no_cookies, :apply_cdn_headers, only: [:show]
 
   def show
     raise Discourse::NotFound unless last_modified.present?

app/controllers/uploads_controller.rb

@@ -8,7 +8,7 @@ class UploadsController < ApplicationController
   skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required, only: [:show, :show_short, :show_secure]
   protect_from_forgery except: :show
 
-  before_action :is_asset_path, only: [:show, :show_short, :show_secure]
+  before_action :is_asset_path, :apply_cdn_headers, only: [:show, :show_short, :show_secure]
 
   SECURE_REDIRECT_GRACE_SECONDS = 5
 

app/controllers/user_avatars_controller.rb

@@ -4,6 +4,8 @@ class UserAvatarsController < ApplicationController
 
   skip_before_action :preload_json, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter, :show_proxy_letter]
 
+  before_action :apply_cdn_headers, only: [:show, :show_letter, :show_proxy_letter]
+
   def refresh_gravatar
     user = User.find_by(username_lower: params[:username].downcase)
     guardian.ensure_can_edit!(user)