mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 23:35:44 +08:00
488fba3c5f
* FEATURE: allow plugins and themes to extend the default CSP For plugins: ``` extend_content_security_policy( script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'], style_src: ['https://domain.com/style.css'] ) ``` For themes and components: ``` extend_content_security_policy: type: list default: "script_src:https://domain.com/|style_src:https://domain.com" ``` * clear CSP base url before each test we have a test that stubs `Rails.env.development?` to true * Only allow extending directives that core includes, for now
69 lines
1.7 KiB
Ruby
69 lines
1.7 KiB
Ruby
class ThemeSetting < ActiveRecord::Base
|
|
belongs_to :theme
|
|
|
|
validates_presence_of :name, :theme
|
|
validates :data_type, numericality: { only_integer: true }
|
|
validates :name, length: { maximum: 255 }
|
|
|
|
after_save do
|
|
theme.clear_cached_settings!
|
|
theme.remove_from_cache!
|
|
theme.theme_fields.update_all(value_baked: nil)
|
|
SvgSprite.expire_cache if self.name.to_s.include?("_icon")
|
|
CSP::Extension.clear_theme_extensions_cache! if name.to_s == CSP::Extension::THEME_SETTING
|
|
end
|
|
|
|
def self.types
|
|
@types ||= Enum.new(integer: 0, float: 1, string: 2, bool: 3, list: 4, enum: 5)
|
|
end
|
|
|
|
def self.acceptable_value_for_type?(value, type)
|
|
case type
|
|
when self.types[:integer]
|
|
value.is_a?(Integer)
|
|
when self.types[:float]
|
|
value.is_a?(Integer) || value.is_a?(Float)
|
|
when self.types[:bool]
|
|
value.is_a?(TrueClass) || value.is_a?(FalseClass)
|
|
when self.types[:list]
|
|
value.is_a?(String)
|
|
else
|
|
true
|
|
end
|
|
end
|
|
|
|
def self.value_in_range?(value, range, type)
|
|
if type == self.types[:integer] || type == self.types[:float]
|
|
range.include? value
|
|
elsif type == self.types[:string]
|
|
range.include? value.to_s.length
|
|
end
|
|
end
|
|
|
|
def self.guess_type(value)
|
|
case value
|
|
when Integer
|
|
types[:integer]
|
|
when Float
|
|
types[:float]
|
|
when String
|
|
types[:string]
|
|
when TrueClass, FalseClass
|
|
types[:bool]
|
|
end
|
|
end
|
|
end
|
|
|
|
# == Schema Information
|
|
#
|
|
# Table name: theme_settings
|
|
#
|
|
# id :bigint(8) not null, primary key
|
|
# name :string(255) not null
|
|
# data_type :integer not null
|
|
# value :text
|
|
# theme_id :integer not null
|
|
# created_at :datetime not null
|
|
# updated_at :datetime not null
|
|
#
|