FIX: no longer allow protocol-less CDN

FIX: no longer allow protocol-less CDN

DISCOURSE_CDN_URL starting with // can lead to problems. Avoid allowing people to enter it.

diff --git a/templates/web.template.yml b/templates/web.template.yml
index 395ddcb..ceb701c 100644
--- a/templates/web.template.yml
+++ b/templates/web.template.yml
@@ -27,6 +27,7 @@ run:
   - exec: thpoff echo "thpoff is installed!"
   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
+  - exec: /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..2] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end'
   - exec: chown -R discourse /home/discourse
   # TODO: move to base image (anacron can not be fired up using rc.d)
   - exec: rm -f /etc/cron.d/anacron

GitHub sha: 49bc616a

1 Like

This commit has been mentioned on Discourse Meta. There might be relevant details there: