IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Support embeddable_host values that contain a HTTP/HTTPs protocol

Browse Source
This commit is contained in:
Robin Ward
2014-02-12 15:55:44 -05:00
parent 6ceb4f2656
commit a963dd9081
5 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/embed_controller.rb
View File

@@ -48,8 +48,8 @@ class EmbedController < ApplicationController
def ensure_embeddable
if !(Rails.env.development? && current_user.try(:admin?))
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.normalized_embeddable_host.blank?
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.normalized_embeddable_host
end
response.headers['X-Frame-Options'] = "ALLOWALL"