CSP: Refactor custom settings to ease further expansion
* This change is introduced due to a corresponding change in CodeHarbor to allow SSO there.
This commit is contained in:
@ -14,24 +14,33 @@ module CSP
|
|||||||
csp_settings = CodeOcean::Config.new(:content_security_policy)
|
csp_settings = CodeOcean::Config.new(:content_security_policy)
|
||||||
|
|
||||||
csp_settings.read.each do |directive, additional_settings|
|
csp_settings.read.each do |directive, additional_settings|
|
||||||
existing_settings = if directive == 'report_uri'
|
add_policy(policy, directive, additional_settings)
|
||||||
''
|
|
||||||
else
|
|
||||||
policy.public_send(directive) || []
|
|
||||||
end
|
|
||||||
all_settings = additional_settings
|
|
||||||
all_settings += existing_settings unless existing_settings == ["'none'"]
|
|
||||||
policy.public_send(directive, *all_settings)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.apply_sentry_settings_for(policy)
|
def self.apply_sentry_settings_for(policy)
|
||||||
sentry_domain = URI.parse SentryJavascript.dsn
|
sentry_host_source = get_host_source(SentryJavascript.dsn)
|
||||||
additional_setting = "#{sentry_domain.scheme}://#{sentry_domain.host}"
|
add_policy(policy, :connect_src, [sentry_host_source])
|
||||||
existing_settings = policy.connect_src || []
|
|
||||||
all_settings = existing_settings + [additional_setting]
|
|
||||||
policy.connect_src(*all_settings)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def self.add_policy(policy, directive, additional_settings)
|
||||||
|
all_settings = additional_settings
|
||||||
|
existing_settings = if directive == 'report_uri'
|
||||||
|
''
|
||||||
|
else
|
||||||
|
policy.public_send(directive) || []
|
||||||
|
end
|
||||||
|
all_settings += existing_settings unless existing_settings == ["'none'"]
|
||||||
|
all_settings.uniq! unless directive == 'report_uri'
|
||||||
|
policy.public_send(directive, *all_settings)
|
||||||
|
end
|
||||||
|
private_class_method :add_policy
|
||||||
|
|
||||||
|
def self.get_host_source(url)
|
||||||
|
uri = URI.parse(url)
|
||||||
|
"#{uri.scheme}://#{uri.host}"
|
||||||
|
end
|
||||||
|
private_class_method :get_host_source
|
||||||
end
|
end
|
||||||
|
|
||||||
Rails.application.configure do
|
Rails.application.configure do
|
||||||
|
Reference in New Issue
Block a user