Put CSP in enforcing mode

[chef.git] / cookbooks / web / resources / rails_port.rb

diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb
index 8e6d929ccdc1c9d5cd8d330ba86573c682f706fd..1c95dd8dc4b2a0fbcabeb5e51bb7ee0faf1f30c7 100644 (file)
--- a/cookbooks/web/resources/rails_port.rb
+++ b/cookbooks/web/resources/rails_port.rb
@@ -8,7 +8,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -65,6 +65,7 @@ property :mapquest_key, String
 property :mapzen_valhalla_key, String
 property :thunderforest_key, String
 property :totp_key, String
+property :csp_enforce, [TrueClass, FalseClass], :default => false
 property :csp_report_url, String
 property :piwik_configuration, Hash
 
@@ -85,6 +86,7 @@ action :create do
     libxml2-dev
     libxslt1-dev
     libmemcached-dev
+    libffi-dev
   ]
 
   package %w[
@@ -263,6 +265,10 @@ action :create do
       line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{new_resource.totp_key}\"")
     end
 
+    if new_resource.csp_enforce
+      line.gsub!(/^( *)csp_enforce:.*$/, "\\1csp_enforce: \"#{new_resource.csp_enforce}\"")
+    end
+
     if new_resource.csp_report_url
       line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{new_resource.csp_report_url}\"")
     end