From 0993dbc450a5678cfcea86dd71cf5873b18d86f3 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 23 Nov 2017 21:21:43 +0000
Subject: [PATCH 1/1] Enable CSP in report only mode for the main web site

---
 cookbooks/web/definitions/rails_port.rb | 4 ++++
 cookbooks/web/recipes/rails.rb          | 1 +
 2 files changed, 5 insertions(+)

diff --git a/cookbooks/web/definitions/rails_port.rb b/cookbooks/web/definitions/rails_port.rb
index 6d0c966ab..6985528bb 100644
--- a/cookbooks/web/definitions/rails_port.rb
+++ b/cookbooks/web/definitions/rails_port.rb
@@ -216,6 +216,10 @@ define :rails_port, :action => [:create, :enable] do
       line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{params[:totp_key]}\"")
     end
 
+    if params[:csp_report_url]
+      line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{params[:csp_report_url]}\"")
+    end
+
     line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
     line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
 
diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index 0a96ddf6d..af4c8d613 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -90,6 +90,7 @@ rails_port "www.openstreetmap.org" do
   mapzen_valhalla_key web_passwords["mapzen_valhalla_key"]
   thunderforest_key web_passwords["thunderforest_key"]
   totp_key web_passwords["totp_key"]
+  csp_report_url "https://openstreetmap.report-uri.io/r/default/csp/reportOnly"
 end
 
 package "libjson-xs-perl"
-- 
2.43.2