]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8fdff27)
Fix media host not being included in connect-src for OCR (#11577)
authorEugen Rochko <eugen@zeonfederated.com>
Thu, 15 Aug 2019 23:54:36 +0000 (01:54 +0200)
committerGitHub <noreply@github.com>
Thu, 15 Aug 2019 23:54:36 +0000 (01:54 +0200)
config/initializers/content_security_policy.rb patch | blob | history

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 56e99793327ad2f26a70c1f5b97e6608f5aa985f..2dbc15a8da65da7090547035ef5884e9133cbdd5 100644 (file)
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -2,9 +2,19 @@
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 
-base_host     = Rails.configuration.x.web_domain
+def host_to_url(str)
+  "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}" unless str.blank?
+end
+
+base_host = Rails.configuration.x.web_domain
+
 assets_host   = Rails.configuration.action_controller.asset_host
-assets_host ||= "http#{Rails.configuration.x.use_https ? 's' : ''}://#{base_host}"
+assets_host ||= host_to_url(base_host)
+
+media_host   = host_to_url(ENV['S3_ALIAS_HOST'])
+media_host ||= host_to_url(ENV['S3_CLOUDFRONT_HOST'])
+media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true'
+media_host ||= assets_host
 
 Rails.application.config.content_security_policy do |p|
   p.base_uri        :none
@@ -20,10 +30,10 @@ Rails.application.config.content_security_policy do |p|
   if Rails.env.development?
     webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }
 
-    p.connect_src :self, :data, :blob, assets_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
+    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls
     p.script_src  :self, :blob, :unsafe_inline, :unsafe_eval, assets_host
   else
-    p.connect_src :self, :data, :blob, assets_host, Rails.configuration.x.streaming_api_base_url
+    p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url
     p.script_src  :self, :blob, assets_host
   end
 end
source code fur Kibicat Mastodon