mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 10:53:47 +08:00
bc4c40abd4
- Refactor source_url to avoid using eval in development - Precompile handlebars in development - Include template compilers when running qunit - Remove unsafe-eval in development CSP - Include unsafe-eval only for qunit routes in development
30 lines
752 B
Ruby
30 lines
752 B
Ruby
# frozen_string_literal: true
|
|
require 'content_security_policy/builder'
|
|
require 'content_security_policy/extension'
|
|
|
|
class ContentSecurityPolicy
|
|
class << self
|
|
def policy(theme_ids = [], path_info: "/")
|
|
new.build(theme_ids, path_info: path_info)
|
|
end
|
|
|
|
def base_url
|
|
@base_url || Discourse.base_url
|
|
end
|
|
attr_writer :base_url
|
|
end
|
|
|
|
def build(theme_ids, path_info: "/")
|
|
builder = Builder.new
|
|
|
|
Extension.theme_extensions(theme_ids).each { |extension| builder << extension }
|
|
Extension.plugin_extensions.each { |extension| builder << extension }
|
|
builder << Extension.site_setting_extension
|
|
builder << Extension.path_specific_extension(path_info)
|
|
|
|
builder.build
|
|
end
|
|
end
|
|
|
|
CSP = ContentSecurityPolicy
|