# frozen_string_literal: true require "content_security_policy/builder" require "content_security_policy/extension" class ContentSecurityPolicy class << self def policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/") new.build(theme_id, base_url: base_url, path_info: path_info) end def nonce_placeholder(response_headers) response_headers[ ::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER ] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]" end end def build(theme_id, base_url:, path_info: "/") builder = Builder.new(base_url: base_url) Extension.theme_extensions(theme_id).each { |extension| builder << extension } Extension.plugin_extensions.each { |extension| builder << extension } builder << Extension.site_setting_extension builder.build end end CSP = ContentSecurityPolicy