FIX: Allow themes to upload and serve js files (PR #8188)

If you set config.public_file_server.enabled = false when you try to get uploaded js file you will get an error: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

The reason is that content type is application/javascript and in Rails 5 guard looked like that:

However, in Rails 6 application was added to regex:

This pull request is related to Uploaded .js file for theme causes a rejection? - support - Discourse Meta

GitHub

You’ve signed the CLA, lis2. Thank you! This pull request is ready for review.

This looks safe to me, but can we have an explicit test cover this? piggy back if you want.

Feel free to merge once done.

This pull request has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/uploaded-js-file-for-theme-causes-a-rejection/129753/12