From: Tom Hughes Date: Sun, 13 Feb 2022 19:25:42 +0000 (+0000) Subject: Allow trace image URL to be configured in the CSP policy X-Git-Tag: live~1827 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/1612ea75c541016ff8c4312935e8bfc4462608c6 Allow trace image URL to be configured in the CSP policy --- diff --git a/config/environments/production.rb b/config/environments/production.rb index 5c72d449c..730f1dcfd 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -39,7 +39,7 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX # Store uploaded files on the local file system (see config/storage.yml for options). - config.active_storage.service = Settings.storage_service.to_sym + config.active_storage.service = :local # Mount Action Cable outside main process or domain. # config.action_cable.mount_path = nil diff --git a/config/initializers/config.rb b/config/initializers/config.rb index d0f8c26fc..4edbcad63 100644 --- a/config/initializers/config.rb +++ b/config/initializers/config.rb @@ -77,6 +77,9 @@ Config.setup do |config| required(:api_timeout).filled(:int?) required(:imagery_blacklist).maybe(:array?) required(:status).filled(:str?, :included_in? => ALLOWED_STATUS) - required(:storage_service).filled(:str?) + required(:avatar_storage).filled(:str?) + required(:trace_file_storage).filled(:str?) + required(:trace_image_storage).filled(:str?) + required(:trace_icon_storage).filled(:str?) end end diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index f09759fa6..97952f7cb 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -22,7 +22,8 @@ csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK) csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK) csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK) -csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url) +csp_policy[:img_src] << Settings.avatar_storage_url if Settings.key?(:avatar_storage_url) +csp_policy[:img_src] << Settings.trace_image_storage_url if Settings.key?(:trace_image_storage_url) csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url) diff --git a/config/settings.yml b/config/settings.yml index ffee16114..e6b156e28 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -118,10 +118,15 @@ fossgis_osrm_url: "https://routing.openstreetmap.de/" csp_enforce: false # URL for reporting Content-Security-Policy violations #csp_report_url: "" -# Storage service to use in production mode -storage_service: "local" -# Root URL for storage service -# storage_url: +# Storage services to use in production mode +avatar_storage: "local" +trace_file_storage: "local" +trace_image_storage: "local" +trace_icon_storage: "local" +# Root URL for storage services +# avatar_storage_url: +# trace_image_storage_url: +# trace_icon_storage_url: # URL for tile CDN #tile_cdn_url: "" # SMTP settings for outbound mail @@ -132,8 +137,3 @@ smtp_enable_starttls_auto: false smtp_authentication: null smtp_user_name: null smtp_password: null -# Storage services -avatar_storage: "local" -trace_file_storage: "local" -trace_image_storage: "local" -trace_icon_storage: "local"