mirrors/nyastodon
1
0
Fork 0
mirror of https://git.bsd.gay/fef/nyastodon.git synced 2024-12-27 08:23:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add PAPERCLIP_ROOT_URL to Content-Security-Policy when used

Browse source 
(backports https://github.com/mastodon/mastodon/pull/28561)
This commit is contained in:
Claire 2024-01-02 17:36:10 +01:00 committed by Jeremy Kescher
parent b18cd3f4bd
commit b3d871d3a4
No known key found for this signature in database
GPG key ID: 80A419A7A613DFA4
2 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/lib/content_security_policy.rb
View file

@ -10,7 +10,7 @@ class ContentSecurityPolicy
end
def media_hosts
[assets_host, cdn_host_value].concat(extra_data_hosts).compact
[assets_host, cdn_host_value, paperclip_root_url].concat(extra_data_hosts).compact
end
private
@ -27,6 +27,15 @@ class ContentSecurityPolicy
s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host
end
def paperclip_root_url
root_url = ENV.fetch('PAPERCLIP_ROOT_URL', nil)
return if root_url.blank?
(Addressable::URI.parse(assets_host) + root_url).tap do |uri|
uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
end.to_s
end
def url_from_base_host
host_to_url(base_host)
end

12
spec/lib/content_security_policy_spec.rb
View file

@ -125,5 +125,17 @@ describe ContentSecurityPolicy do
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
end
end
context 'when PAPERCLIP_ROOT_URL is configured' do
around do |example|
ClimateControl.modify PAPERCLIP_ROOT_URL: 'https://paperclip-host.example' do
example.run
end
end
it 'uses the provided URL in the content security policy' do
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://paperclip-host.example')
end
end
end
end