From 49bc616a963994715b02f792776acf1388314086 Mon Sep 17 00:00:00 2001
From: Sam Saffron <sam.saffron@gmail.com>
Date: Wed, 3 Apr 2019 17:01:48 +1100
Subject: [PATCH] FIX: no longer allow protocol-less CDN

DISCOURSE_CDN_URL starting with `//` can lead to problems. Avoid allowing
people to enter it.
---
 templates/web.template.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/web.template.yml b/templates/web.template.yml
index 395ddcb..ceb701c 100644
--- a/templates/web.template.yml
+++ b/templates/web.template.yml
@@ -27,6 +27,7 @@ run:
   - exec: thpoff echo "thpoff is installed!"
   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
+  - exec: /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..2] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end'
   - exec: chown -R discourse /home/discourse
   # TODO: move to base image (anacron can not be fired up using rc.d)
   - exec: rm -f /etc/cron.d/anacron
-- 
2.25.1