DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

fix(csp): don't list twice same connect whitelist domain

Browse source
This commit is contained in:
Colin Darie 2024-07-24 19:02:44 +02:00
parent bb89c03679
commit f8cb41215a
No known key found for this signature in database
GPG key ID: 4FB865FDBCA4BCC4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View file

@ -22,7 +22,7 @@ Rails.application.config.content_security_policy do |policy|
connect_whitelist = ["wss://*.crisp.chat", "*.crisp.chat", "app.franceconnect.gouv.fr", "openmaptiles.geo.data.gouv.fr", "openmaptiles.github.io", "tiles.geo.api.gouv.fr", "data.geopf.fr"]
connect_whitelist << ENV.fetch('APP_HOST')
connect_whitelist << ENV.fetch('APP_HOST_LEGACY') if ENV.key?('APP_HOST_LEGACY')
connect_whitelist << ENV.fetch('APP_HOST_LEGACY') if ENV.key?('APP_HOST_LEGACY') && ENV['APP_HOST_LEGACY'] != ENV['APP_HOST']
connect_whitelist << "*.amazonaws.com" if Rails.configuration.active_storage.service == :amazon
connect_whitelist += [URI(ENV["SENTRY_DSN_JS"]).host, URI(ENV["SENTRY_DSN_RAILS"]).host].compact.uniq
connect_whitelist << URI(DS_PROXY_URL).host if DS_PROXY_URL.present?