Enable CSP in report only mode for the main web site

author Tom Hughes <tom@compton.nu>

Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)

committer Tom Hughes <tom@compton.nu>

Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)
author Tom Hughes <tom@compton.nu>
Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)
committer Tom Hughes <tom@compton.nu>
Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)
diff --git a/cookbooks/web/definitions/rails_port.rb b/cookbooks/web/definitions/rails_port.rb

index 6d0c966abfff55308df752621c831c14ec4117d8..6985528bb9dc8621992d8e3b8abece9a97295f38 100644 (file)
--- a/cookbooks/web/definitions/rails_port.rb
+++ b/cookbooks/web/definitions/rails_port.rb
@@ -216,6 +216,10 @@ define :rails_port, :action => [:create, :enable] do
        line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{params[:totp_key]}\"")
      end
  
+    if params[:csp_report_url]
+      line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{params[:csp_report_url]}\"")
+    end
+
      line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
      line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
  
diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb

index 0a96ddf6d5aeedbf0356e6890e34029efe31793e..af4c8d61382aaef3f6e07d0d53cfc292bcc96326 100644 (file)
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -90,6 +90,7 @@ rails_port "www.openstreetmap.org" do
    mapzen_valhalla_key web_passwords["mapzen_valhalla_key"]
    thunderforest_key web_passwords["thunderforest_key"]
    totp_key web_passwords["totp_key"]
+  csp_report_url "https://openstreetmap.report-uri.io/r/default/csp/reportOnly"
  end
  
  package "libjson-xs-perl"
author	Tom Hughes <tom@compton.nu>
	Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)
committer	Tom Hughes <tom@compton.nu>
	Thu, 23 Nov 2017 21:21:43 +0000 (21:21 +0000)
cookbooks/web/definitions/rails_port.rb		patch \| blob \| history
cookbooks/web/recipes/rails.rb		patch \| blob \| history