github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 13:41:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
53dab8cf1e
discourse/lib/content_security_policy.rb
David Taylor 19814c5e81
FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 
- Define the CSP based on the requested domain / scheme (respecting force_https)
- Update EnforceHostname middleware to allow secondary domains, add specs
- Add URL scheme to anon cache key so that CSP headers are cached correctly
2020-03-19 19:54:42 +00:00

25 lines
743 B
Ruby
Raw Blame History

# frozen_string_literal: true
require 'content_security_policy/builder'
require 'content_security_policy/extension'
class ContentSecurityPolicy
class << self
def policy(theme_ids = [], base_url: Discourse.base_url, path_info: "/")
new.build(theme_ids, base_url: base_url, path_info: path_info)
end
end
def build(theme_ids, base_url:, path_info: "/")
builder = Builder.new(base_url: base_url)
Extension.theme_extensions(theme_ids).each { |extension| builder << extension }
Extension.plugin_extensions.each { |extension| builder << extension }
builder << Extension.site_setting_extension
builder << Extension.path_specific_extension(path_info)
builder.build
end
end
CSP = ContentSecurityPolicy
Reference in New Issue View Git Blame Copy Permalink