From 1612ea75c541016ff8c4312935e8bfc4462608c6 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 13 Feb 2022 19:25:42 +0000
Subject: [PATCH] Allow trace image URL to be configured in the CSP policy

---
 config/environments/production.rb     |  2 +-
 config/initializers/config.rb         |  5 ++++-
 config/initializers/secure_headers.rb |  3 ++-
 config/settings.yml                   | 18 +++++++++---------
 4 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 5c72d449c..730f1dcfd 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -39,7 +39,7 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = Settings.storage_service.to_sym
+  config.active_storage.service = :local
 
   # Mount Action Cable outside main process or domain.
   # config.action_cable.mount_path = nil
diff --git a/config/initializers/config.rb b/config/initializers/config.rb
index d0f8c26fc..4edbcad63 100644
--- a/config/initializers/config.rb
+++ b/config/initializers/config.rb
@@ -77,6 +77,9 @@ Config.setup do |config|
     required(:api_timeout).filled(:int?)
     required(:imagery_blacklist).maybe(:array?)
     required(:status).filled(:str?, :included_in? => ALLOWED_STATUS)
-    required(:storage_service).filled(:str?)
+    required(:avatar_storage).filled(:str?)
+    required(:trace_file_storage).filled(:str?)
+    required(:trace_image_storage).filled(:str?)
+    required(:trace_icon_storage).filled(:str?)
   end
 end
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index f09759fa6..97952f7cb 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -22,7 +22,8 @@ csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
 
-csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+csp_policy[:img_src] << Settings.avatar_storage_url if Settings.key?(:avatar_storage_url)
+csp_policy[:img_src] << Settings.trace_image_storage_url if Settings.key?(:trace_image_storage_url)
 
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
diff --git a/config/settings.yml b/config/settings.yml
index ffee16114..e6b156e28 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -118,10 +118,15 @@ fossgis_osrm_url: "https://routing.openstreetmap.de/"
 csp_enforce: false
 # URL for reporting Content-Security-Policy violations
 #csp_report_url: ""
-# Storage service to use in production mode
-storage_service: "local"
-# Root URL for storage service
-# storage_url:
+# Storage services to use in production mode
+avatar_storage: "local"
+trace_file_storage: "local"
+trace_image_storage: "local"
+trace_icon_storage: "local"
+# Root URL for storage services
+# avatar_storage_url:
+# trace_image_storage_url:
+# trace_icon_storage_url:
 # URL for tile CDN
 #tile_cdn_url: ""
 # SMTP settings for outbound mail
@@ -132,8 +137,3 @@ smtp_enable_starttls_auto: false
 smtp_authentication: null
 smtp_user_name: null
 smtp_password: null
-# Storage services
-avatar_storage: "local"
-trace_file_storage: "local"
-trace_image_storage: "local"
-trace_icon_storage: "local"
-- 
2.43.2