discourse/plugin.rb at 9ba8bfb1aaa46e97874c2d262d561a27750ae1ee - discourse - 龙芯开发者社区代码库

github-mirror/discourse

mirror of https://github.com/discourse/discourse.git synced 2024-12-03 10:53:38 +08:00

Kyle Zhao 488fba3c5f

FEATURE: allow plugins and themes to extend the default CSP (#6704 )

* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now

2018-11-30 09:51:45 -05:00

9 lines

182 B

Ruby

Raw Blame History

 # name: csp_extension
 # about: Fixture plugin that extends default CSP
 # version: 1.0
 # authors: xrav3nz
 extend_content_security_policy(
   script_src: ['https://from-plugin.com']
 )