discourse/lib/content_security_policy.rb
Blake Erickson eed7d86601
SECURITY: Don't reuse CSP nonce between requests (#22544)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-07-11 15:24:36 -06:00

25 lines
778 B
Ruby

# frozen_string_literal: true
require "content_security_policy/builder"
require "content_security_policy/extension"
class ContentSecurityPolicy
class << self
def policy(theme_id = nil, env: {}, base_url: Discourse.base_url, path_info: "/")
new.build(theme_id, env: env, base_url: base_url, path_info: path_info)
end
end
def build(theme_id, env: {}, base_url:, path_info: "/")
builder = Builder.new(base_url: base_url, env: env)
Extension.theme_extensions(theme_id).each { |extension| builder << extension }
Extension.plugin_extensions.each { |extension| builder << extension }
builder << Extension.site_setting_extension
builder << Extension.path_specific_extension(path_info)
builder.build
end
end
CSP = ContentSecurityPolicy