mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 06:13:38 +08:00
19814c5e81
- Define the CSP based on the requested domain / scheme (respecting force_https) - Update EnforceHostname middleware to allow secondary domains, add specs - Add URL scheme to anon cache key so that CSP headers are cached correctly
25 lines
743 B
Ruby
25 lines
743 B
Ruby
# frozen_string_literal: true
|
|
require 'content_security_policy/builder'
|
|
require 'content_security_policy/extension'
|
|
|
|
class ContentSecurityPolicy
|
|
class << self
|
|
def policy(theme_ids = [], base_url: Discourse.base_url, path_info: "/")
|
|
new.build(theme_ids, base_url: base_url, path_info: path_info)
|
|
end
|
|
end
|
|
|
|
def build(theme_ids, base_url:, path_info: "/")
|
|
builder = Builder.new(base_url: base_url)
|
|
|
|
Extension.theme_extensions(theme_ids).each { |extension| builder << extension }
|
|
Extension.plugin_extensions.each { |extension| builder << extension }
|
|
builder << Extension.site_setting_extension
|
|
builder << Extension.path_specific_extension(path_info)
|
|
|
|
builder.build
|
|
end
|
|
end
|
|
|
|
CSP = ContentSecurityPolicy
|