From b670b60ac6f6ffe9222983d9774de2671d29acf7 Mon Sep 17 00:00:00 2001 From: clemkeirua Date: Wed, 15 May 2019 15:28:26 +0200 Subject: [PATCH 1/2] changement de l'URI de report-uri --- config/initializers/content_security_policy.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 0547856ad..cce47f203 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,6 +1,10 @@ Rails.application.config.content_security_policy do |policy| # En cas de non respect d'une des règles, faire un POST sur cette URL - policy.report_uri "https://demarches-simplifiees.report-uri.com/r/d/csp/reportOnly" + if Rails.env.production? + policy.report_uri "https://demarchessimplifieestest.report-uri.com/r/d/csp/reportOnly" + else + policy.report_uri "http://localhost:3000/csp/" # ne pas notifier report-uri en dev/test + end # Whitelist image policy.img_src :self, "*.openstreetmap.org", "static.demarches-simplifiees.fr", "*.cloud.ovh.net", "stats.data.gouv.fr" # Whitelist JS: nous, sendinblue et matomo From 6fe4031b2e445e70881a8681b05515a3c1df6453 Mon Sep 17 00:00:00 2001 From: clemkeirua Date: Wed, 15 May 2019 16:33:27 +0200 Subject: [PATCH 2/2] use constant for localhost --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index cce47f203..a812e0e9e 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -3,7 +3,7 @@ Rails.application.config.content_security_policy do |policy| if Rails.env.production? policy.report_uri "https://demarchessimplifieestest.report-uri.com/r/d/csp/reportOnly" else - policy.report_uri "http://localhost:3000/csp/" # ne pas notifier report-uri en dev/test + policy.report_uri "http://#{ENV['APP_HOST']}/csp/" # ne pas notifier report-uri en dev/test end # Whitelist image policy.img_src :self, "*.openstreetmap.org", "static.demarches-simplifiees.fr", "*.cloud.ovh.net", "stats.data.gouv.fr"