codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-23 23:58:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

In development mode, relax restrictions on embedding.

Browse source
This commit is contained in:
Robin Ward 2014-01-02 11:32:50 -05:00
parent abf910d210
commit 1478f08e4f
2 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/embed_controller.rb
View file

@ -22,8 +22,11 @@ class EmbedController < ApplicationController
private
def ensure_embeddable
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host
if !(Rails.env.development? && current_user.try(:admin?))
raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
raise Discourse::InvalidAccess.new('invalid referer host') if uri.host != SiteSetting.embeddable_host
end
response.headers['X-Frame-Options'] = "ALLOWALL"
rescue URI::InvalidURIError

2
app/views/embed/best.html.erb
View file

@ -23,7 +23,7 @@
<footer>
<%= link_to(I18n.t('embed.continue'), @topic_view.topic.url, class: 'button', target: '_blank') %>
<%= link_to(image_tag(SiteSetting.logo_url, class: 'logo'), Discourse.base_url) %>
<%= link_to(image_tag(SiteSetting.logo_url, class: 'logo'), Discourse.base_url, target: '_blank') %>
</footer>
<% end %>