Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-04-15 03:01:37 -05:00
Code Issues Activity

Added headers if making a preview site request (#19668)

Browse source 
no issue

- to test if we can access Private Sites in Admin when set as a private
site.
- the issue is, we have CORS issues that doesn't allow a cookie to be
passed via Admin when the site uses a custom domain.
- generally does not affect self hosters.
This commit is contained in:
Ronald Langeveld 2024-02-07 13:37:59 +02:00 committed by GitHub
parent 695bf69c6a
commit d3e16bb885
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ghost/core/core/frontend/services/theme-engine/middleware/update-local-template-options.js
View file

@ -15,6 +15,13 @@ function updateLocalTemplateOptions(req, res, next) {
// @TODO: it would be nicer if this was proper middleware somehow...
const previewData = preview.handle(req, Object.keys(customThemeSettingsCache.getAll()));
// @WIP to check if we can access private sites via cookies in Settings.. but abit hacky
if (req && req.headers && req.headers['x-ghost-preview']) {
res.setHeader('Access-Control-Allow-Origin', siteData.url); // Specify the allowed origin or handle dynamically
res.setHeader('Access-Control-Allow-Methods', 'GET, POST'); // Include POST in the allowed methods
res.setHeader('Access-Control-Allow-Credentials', 'true'); // Allow credentials including cookies
}
// strip custom off of preview data so it doesn't get merged into @site
const customData = previewData.custom;
delete previewData.custom;