Allow trace image URL to be configured in the CSP policy

2022-02-13 19:25:42 +00:00 · 2022-02-13 19:25:42 +00:00 · 1612ea75c5
commit 1612ea75c5
parent 53aa7259bb
4 changed files with 16 additions and 12 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -39,7 +39,7 @@ Rails.application.configure do
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX

  # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = Settings.storage_service.to_sym
+  config.active_storage.service = :local

  # Mount Action Cable outside main process or domain.
  # config.action_cable.mount_path = nil
--- a/config/initializers/config.rb
+++ b/config/initializers/config.rb
@ -77,6 +77,9 @@ Config.setup do |config|
    required(:api_timeout).filled(:int?)
    required(:imagery_blacklist).maybe(:array?)
    required(:status).filled(:str?, :included_in? => ALLOWED_STATUS)
-    required(:storage_service).filled(:str?)
+    required(:avatar_storage).filled(:str?)
+    required(:trace_file_storage).filled(:str?)
+    required(:trace_image_storage).filled(:str?)
+    required(:trace_icon_storage).filled(:str?)
  end
 end
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@ -22,7 +22,8 @@ csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)

-csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+csp_policy[:img_src] << Settings.avatar_storage_url if Settings.key?(:avatar_storage_url)
+csp_policy[:img_src] << Settings.trace_image_storage_url if Settings.key?(:trace_image_storage_url)

 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)

--- a/config/settings.yml
+++ b/config/settings.yml
@ -118,10 +118,15 @@ fossgis_osrm_url: "https://routing.openstreetmap.de/"
 csp_enforce: false
 # URL for reporting Content-Security-Policy violations
 #csp_report_url: ""
-# Storage service to use in production mode
-storage_service: "local"
-# Root URL for storage service
-# storage_url:
+# Storage services to use in production mode
+avatar_storage: "local"
+trace_file_storage: "local"
+trace_image_storage: "local"
+trace_icon_storage: "local"
+# Root URL for storage services
+# avatar_storage_url:
+# trace_image_storage_url:
+# trace_icon_storage_url:
 # URL for tile CDN
 #tile_cdn_url: ""
 # SMTP settings for outbound mail
@ -132,8 +137,3 @@ smtp_enable_starttls_auto: false
 smtp_authentication: null
 smtp_user_name: null
 smtp_password: null
-# Storage services
-avatar_storage: "local"
-trace_file_storage: "local"
-trace_image_storage: "local"
-trace_icon_storage: "local"