CSP: Refactor custom settings to ease further expansion

* This change is introduced due to a corresponding change in CodeHarbor to allow SSO there.
2023-10-13 13:19:03 +02:00
parent c232a418f4
commit 3aeef7ebdd
1 changed files with 22 additions and 13 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -14,24 +14,33 @@ module CSP
    csp_settings = CodeOcean::Config.new(:content_security_policy)

    csp_settings.read.each do |directive, additional_settings|
+      add_policy(policy, directive, additional_settings)
+    end
+  end
+
+  def self.apply_sentry_settings_for(policy)
+    sentry_host_source = get_host_source(SentryJavascript.dsn)
+    add_policy(policy, :connect_src, [sentry_host_source])
+  end
+
+  def self.add_policy(policy, directive, additional_settings)
+    all_settings = additional_settings
    existing_settings = if directive == 'report_uri'
                          ''
                        else
                          policy.public_send(directive) || []
                        end
-      all_settings = additional_settings
    all_settings += existing_settings unless existing_settings == ["'none'"]
+    all_settings.uniq! unless directive == 'report_uri'
    policy.public_send(directive, *all_settings)
  end
-  end
+  private_class_method :add_policy

-  def self.apply_sentry_settings_for(policy)
-    sentry_domain = URI.parse SentryJavascript.dsn
-    additional_setting = "#{sentry_domain.scheme}://#{sentry_domain.host}"
-    existing_settings = policy.connect_src || []
-    all_settings = existing_settings + [additional_setting]
-    policy.connect_src(*all_settings)
+  def self.get_host_source(url)
+    uri = URI.parse(url)
+    "#{uri.scheme}://#{uri.host}"
  end
+  private_class_method :get_host_source
 end

 Rails.application.configure do