From 75e60acf661e39f3ab01d486ed17616bab036f73 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 7 Jul 2019 16:14:00 +0100
Subject: [PATCH 1/1] Allow configuration of storage server URL for security
 policy

---
 config/initializers/secure_headers.rb | 3 +++
 config/settings.yml                   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 54702a399..b24eb5c42 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -21,6 +21,9 @@ csp_policy = {
 csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
+
+csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
 cookie_policy = {
diff --git a/config/settings.yml b/config/settings.yml
index d91f52f08..0f64382c9 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -124,3 +124,5 @@ csp_enforce: false
 #csp_report_url: ""
 # Storage service to use in production mode
 storage_service: "local"
+# Root URL for storage service
+# storage_url:
-- 
2.43.2