From: Tom Hughes <tom@compton.nu>
Date: Sun, 7 Jul 2019 15:14:00 +0000 (+0100)
Subject: Allow configuration of storage server URL for security policy
X-Git-Tag: live~2510^2
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/75e60acf661e39f3ab01d486ed17616bab036f73?hp=77ee8c1a53f4124e36012b01801ab801f36dd58d

Allow configuration of storage server URL for security policy
---

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 54702a399..b24eb5c42 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -21,6 +21,9 @@ csp_policy = {
 csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
+
+csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
 cookie_policy = {
diff --git a/config/settings.yml b/config/settings.yml
index d91f52f08..0f64382c9 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -124,3 +124,5 @@ csp_enforce: false
 #csp_report_url: ""
 # Storage service to use in production mode
 storage_service: "local"
+# Root URL for storage service
+# storage_url: