DGNum/demarches-normaliennes
14
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge pull request #10645 from colinux/fix-csp-duplicate-domain

Browse source 
Tech: ne liste pas 2x le même domaine dans les CSP
This commit is contained in:
Colin Darie 2024-07-25 09:31:36 +00:00 committed by GitHub
commit a4d97c6526
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View file

@ -22,7 +22,7 @@ Rails.application.config.content_security_policy do |policy|
connect_whitelist = ["wss://*.crisp.chat", "*.crisp.chat", "app.franceconnect.gouv.fr", "openmaptiles.geo.data.gouv.fr", "openmaptiles.github.io", "tiles.geo.api.gouv.fr", "data.geopf.fr"]
connect_whitelist << ENV.fetch('APP_HOST')
connect_whitelist << ENV.fetch('APP_HOST_LEGACY') if ENV.key?('APP_HOST_LEGACY')
connect_whitelist << ENV.fetch('APP_HOST_LEGACY') if ENV.key?('APP_HOST_LEGACY') && ENV['APP_HOST_LEGACY'] != ENV['APP_HOST']
connect_whitelist << "*.amazonaws.com" if Rails.configuration.active_storage.service == :amazon
connect_whitelist += [URI(ENV["SENTRY_DSN_JS"]).host, URI(ENV["SENTRY_DSN_RAILS"]).host].compact.uniq
connect_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?