Browse Source

Add environment variable to specify extra data hosts

Fixes #1276
pull/2/head
Thibaut Girka ThibG 10 months ago
parent
commit
ccaefd139d
2 changed files with 7 additions and 0 deletions
  1. +5
    -0
      .env.production.sample
  2. +2
    -0
      config/initializers/content_security_policy.rb

+ 5
- 0
.env.production.sample View File

@@ -89,6 +89,11 @@ SMTP_FROM_ADDRESS=notifications@example.com
# Access-Control-Allow-Origin: https://example.com/
# CDN_HOST=https://assets.example.com

# Optional list of hosts that are allowed to serve media for your instance
# This is useful if you include external media in your custom CSS or about page,
# or if your data storage provider makes use of redirects to other domains.
# EXTRA_DATA_HOSTS=https://data.example1.com|https://data.example2.com

# S3 (optional)
# The attachment host must allow cross origin request from WEB_DOMAIN or
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the


+ 2
- 0
config/initializers/content_security_policy.rb View File

@@ -23,6 +23,8 @@ if Rails.env.production?
data_hosts << "https://#{url.host}"
end

data_hosts.concat(ENV['EXTRA_DATA_HOSTS'].split('|')) if ENV['EXTRA_DATA_HOSTS']

data_hosts.uniq!

Rails.application.config.content_security_policy do |p|


Loading…
Cancel
Save