scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-02-27 09:13:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix CSP [SCI-8500] (#5451)

Browse source 
* Move aws logic to security policy initializer [SCI-8500]

* Use if block in initializer [SCI-8500]
This commit is contained in:
Soufiane 2023-05-22 13:04:13 +02:00 committed by GitHub
parent cbecd56122
commit 9b675ba2d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/initializers/extends.rb
View file

@ -549,14 +549,11 @@ class Extends
'FluicsLabelTemplate' => 'Fluics'
}
s3 = Rails.application.config.active_storage.bucket_url
EXTERNAL_SERVICES = %w(
https://www.protocols.io/
http://127.0.0.1:9100/available
https://marvinjs.chemicalize.com/
)
EXTERNAL_SERVICES += [s3] if s3
end
# rubocop:enable Style/MutableConstant

8
config/initializers/security_policy.rb
View file

@ -32,9 +32,9 @@ Rails.application.config.content_security_policy_nonce_directives = %w(script-sr
# Whitelist AWS buckets
Rails.application.configure do
config.after_initialize do
return unless ActiveStorage::Blob.service.name == :amazon
Extends::EXTERNAL_SERVICES += [ActiveStorage::Blob.service.bucket.url]
Rails.application.config.content_security_policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES
if ActiveStorage::Blob.service.name == :amazon
Extends::EXTERNAL_SERVICES += [ActiveStorage::Blob.service.bucket.url]
Rails.application.config.content_security_policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES
end
end
end