2018-10-23 01:22:23 +08:00
|
|
|
# frozen_string_literal: true
|
2019-10-02 12:01:53 +08:00
|
|
|
require "content_security_policy/builder"
|
|
|
|
|
require "content_security_policy/extension"
|
2018-10-23 01:22:23 +08:00
|
|
|
|
|
|
|
|
class ContentSecurityPolicy
|
2018-11-30 22:51:45 +08:00
|
|
|
class << self
|
2023-07-28 19:53:44 +08:00
|
|
|
def policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/")
|
|
|
|
|
new.build(theme_id, base_url: base_url, path_info: path_info)
|
2018-10-23 01:22:23 +08:00
|
|
|
end
|
2024-03-06 21:01:32 +08:00
|
|
|
|
|
|
|
|
def nonce_placeholder(response_headers)
|
|
|
|
|
response_headers[
|
|
|
|
|
::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER
|
|
|
|
|
] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]"
|
|
|
|
|
end
|
2018-10-23 01:22:23 +08:00
|
|
|
end
|
|
|
|
|
|
2023-07-28 19:53:44 +08:00
|
|
|
def build(theme_id, base_url:, path_info: "/")
|
|
|
|
|
builder = Builder.new(base_url: base_url)
|
2018-10-23 01:22:23 +08:00
|
|
|
|
2021-06-15 14:57:17 +08:00
|
|
|
Extension.theme_extensions(theme_id).each { |extension| builder << extension }
|
2018-11-30 22:51:45 +08:00
|
|
|
Extension.plugin_extensions.each { |extension| builder << extension }
|
|
|
|
|
builder << Extension.site_setting_extension
|
2018-10-23 01:22:23 +08:00
|
|
|
|
2018-11-30 22:51:45 +08:00
|
|
|
builder.build
|
2018-11-16 01:14:16 +08:00
|
|
|
end
|
2018-10-23 01:22:23 +08:00
|
|
|
end
|
2018-11-30 22:51:45 +08:00
|
|
|
|
|
|
|
|
CSP = ContentSecurityPolicy
|
