Fix CSP when PAPERCLIP_ROOT_URL is set to a different host
This commit is contained in:
parent
58720aa2bd
commit
2c2f649200
|
@ -15,8 +15,16 @@ if Rails.env.production?
|
||||||
else
|
else
|
||||||
attachments_host = nil
|
attachments_host = nil
|
||||||
end
|
end
|
||||||
|
|
||||||
data_hosts << attachments_host unless attachments_host.nil?
|
data_hosts << attachments_host unless attachments_host.nil?
|
||||||
|
|
||||||
|
if ENV['PAPERCLIP_ROOT_URL']
|
||||||
|
url = Addressable::URI.parse(assets_host) + ENV['PAPERCLIP_ROOT_URL']
|
||||||
|
data_hosts << "https://#{url.host}"
|
||||||
|
end
|
||||||
|
|
||||||
|
data_hosts.uniq!
|
||||||
|
|
||||||
Rails.application.config.content_security_policy do |p|
|
Rails.application.config.content_security_policy do |p|
|
||||||
p.base_uri :none
|
p.base_uri :none
|
||||||
p.default_src :none
|
p.default_src :none
|
||||||
|
|
Loading…
Reference in New Issue