Allow configuration of storage server URL for security policy
authorTom Hughes <tom@compton.nu>
Sun, 7 Jul 2019 15:14:00 +0000 (16:14 +0100)
committerTom Hughes <tom@compton.nu>
Tue, 9 Jul 2019 18:43:03 +0000 (19:43 +0100)
config/initializers/secure_headers.rb
config/settings.yml

index 54702a3..b24eb5c 100644 (file)
@@ -21,6 +21,9 @@ csp_policy = {
 csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
+
+csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
 cookie_policy = {
index d91f52f..0f64382 100644 (file)
@@ -124,3 +124,5 @@ csp_enforce: false
 #csp_report_url: ""
 # Storage service to use in production mode
 storage_service: "local"
+# Root URL for storage service
+# storage_url: