From: Tom Hughes Date: Thu, 23 Nov 2017 21:21:43 +0000 (+0000) Subject: Enable CSP in report only mode for the main web site X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/0993dbc450a5678cfcea86dd71cf5873b18d86f3?ds=sidebyside Enable CSP in report only mode for the main web site --- diff --git a/cookbooks/web/definitions/rails_port.rb b/cookbooks/web/definitions/rails_port.rb index 6d0c966ab..6985528bb 100644 --- a/cookbooks/web/definitions/rails_port.rb +++ b/cookbooks/web/definitions/rails_port.rb @@ -216,6 +216,10 @@ define :rails_port, :action => [:create, :enable] do line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{params[:totp_key]}\"") end + if params[:csp_report_url] + line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{params[:csp_report_url]}\"") + end + line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true") line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true") diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index 0a96ddf6d..af4c8d613 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -90,6 +90,7 @@ rails_port "www.openstreetmap.org" do mapzen_valhalla_key web_passwords["mapzen_valhalla_key"] thunderforest_key web_passwords["thunderforest_key"] totp_key web_passwords["totp_key"] + csp_report_url "https://openstreetmap.report-uri.io/r/default/csp/reportOnly" end package "libjson-xs-perl"