discourse/spec/lib
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
..
backup_restore FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-15 09:43:31 +08:00
content_security_policy FEATURE: allow plugins and themes to extend the default CSP (#6704) 2018-11-30 09:51:45 -05:00
browser_detection_spec.rb FIX: Fix browser detection for Microsoft Edge. (#6516) 2018-10-22 23:15:41 +11:00
content_security_policy_spec.rb FEATURE: allow plugins and themes to extend the default CSP (#6704) 2018-11-30 09:51:45 -05:00
db_helper_spec.rb Revert "Swtich to regexp for DbHelper.remap." 2018-11-08 14:20:09 +08:00
encodings_spec.rb Use rchardet instead of charlock_holmes gem 2018-08-01 10:41:20 +02:00
mini_sql_multisite_connection_spec.rb Rubocop fix 2018-07-24 10:49:20 +01:00
upload_creator_spec.rb FEATURE: do not switch to JPEG unless you meet 75k byte savings 2018-11-21 11:01:08 +11:00
upload_recovery_spec.rb FIX: Don't update user_profile URLs unless upload is persisted. 2018-10-01 14:21:39 +08:00