Add PAPERCLIP_ROOT_URL
to Content-Security-Policy when used (#28561)
This commit is contained in:
parent
964a0ecf37
commit
5f4643b895
2 changed files with 22 additions and 1 deletions
|
@ -10,7 +10,7 @@ class ContentSecurityPolicy
|
||||||
end
|
end
|
||||||
|
|
||||||
def media_hosts
|
def media_hosts
|
||||||
[assets_host, cdn_host_value].compact
|
[assets_host, cdn_host_value, paperclip_root_url].compact
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
@ -23,6 +23,15 @@ class ContentSecurityPolicy
|
||||||
s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host
|
s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def paperclip_root_url
|
||||||
|
root_url = ENV.fetch('PAPERCLIP_ROOT_URL', nil)
|
||||||
|
return if root_url.blank?
|
||||||
|
|
||||||
|
(Addressable::URI.parse(assets_host) + root_url).tap do |uri|
|
||||||
|
uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
|
||||||
|
end.to_s
|
||||||
|
end
|
||||||
|
|
||||||
def url_from_base_host
|
def url_from_base_host
|
||||||
host_to_url(base_host)
|
host_to_url(base_host)
|
||||||
end
|
end
|
||||||
|
|
|
@ -125,5 +125,17 @@ describe ContentSecurityPolicy do
|
||||||
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
|
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when PAPERCLIP_ROOT_URL is configured' do
|
||||||
|
around do |example|
|
||||||
|
ClimateControl.modify PAPERCLIP_ROOT_URL: 'https://paperclip-host.example' do
|
||||||
|
example.run
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'uses the provided URL in the content security policy' do
|
||||||
|
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://paperclip-host.example')
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue