From 9b675ba2d846610be0c68b7d9f865eac2727b428 Mon Sep 17 00:00:00 2001 From: Soufiane Date: Mon, 22 May 2023 13:04:13 +0200 Subject: [PATCH] Fix CSP [SCI-8500] (#5451) * Move aws logic to security policy initializer [SCI-8500] * Use if block in initializer [SCI-8500] --- config/initializers/extends.rb | 3 --- config/initializers/security_policy.rb | 8 ++++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/config/initializers/extends.rb b/config/initializers/extends.rb index a2fac7e43..e04dcb3b9 100644 --- a/config/initializers/extends.rb +++ b/config/initializers/extends.rb @@ -549,14 +549,11 @@ class Extends 'FluicsLabelTemplate' => 'Fluics' } - s3 = Rails.application.config.active_storage.bucket_url - EXTERNAL_SERVICES = %w( https://www.protocols.io/ http://127.0.0.1:9100/available https://marvinjs.chemicalize.com/ ) - EXTERNAL_SERVICES += [s3] if s3 end # rubocop:enable Style/MutableConstant diff --git a/config/initializers/security_policy.rb b/config/initializers/security_policy.rb index dedcd4732..41df3da91 100644 --- a/config/initializers/security_policy.rb +++ b/config/initializers/security_policy.rb @@ -32,9 +32,9 @@ Rails.application.config.content_security_policy_nonce_directives = %w(script-sr # Whitelist AWS buckets Rails.application.configure do config.after_initialize do - return unless ActiveStorage::Blob.service.name == :amazon - - Extends::EXTERNAL_SERVICES += [ActiveStorage::Blob.service.bucket.url] - Rails.application.config.content_security_policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES + if ActiveStorage::Blob.service.name == :amazon + Extends::EXTERNAL_SERVICES += [ActiveStorage::Blob.service.bucket.url] + Rails.application.config.content_security_policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES + end end end