Fix CSP when PAPERCLIP_ROOT_URL is set to a different host

lolsob-rspec
Thibaut Girka 2019-05-04 10:40:32 +02:00 committed by ThibG
parent 5d24d50987
commit 06bcab6e99
1 changed files with 8 additions and 0 deletions

View File

@ -15,8 +15,16 @@ if Rails.env.production?
else else
attachments_host = nil attachments_host = nil
end end
data_hosts << attachments_host unless attachments_host.nil? data_hosts << attachments_host unless attachments_host.nil?
if ENV['PAPERCLIP_ROOT_URL']
url = Addressable::URI.parse(assets_host) + ENV['PAPERCLIP_ROOT_URL']
data_hosts << "https://#{url.host}"
end
data_hosts.uniq!
Rails.application.config.content_security_policy do |p| Rails.application.config.content_security_policy do |p|
p.base_uri :none p.base_uri :none
p.default_src :none p.default_src :none