From 6cfa0245ca9360abd6abf2aef339999613e75d9e Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 21 Nov 2023 13:45:29 +0100 Subject: [PATCH] Fix image and media loading when using external storage server Fixes #2479 --- config/initializers/content_security_policy.rb | 4 ++-- spec/requests/content_security_policy_spec.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 7686c4727..a40763fbe 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -48,9 +48,9 @@ Rails.application.config.content_security_policy do |p| p.default_src :none p.frame_ancestors :none p.font_src :self, assets_host - p.img_src :self, :data, :blob, assets_host + p.img_src :self, :data, :blob, assets_host, media_host p.style_src :self, assets_host - p.media_src :self, :data, assets_host + p.media_src :self, :data, assets_host, media_host p.frame_src :self, :https p.manifest_src :self, assets_host diff --git a/spec/requests/content_security_policy_spec.rb b/spec/requests/content_security_policy_spec.rb index 787fc9e50..efd0b9d3c 100644 --- a/spec/requests/content_security_policy_spec.rb +++ b/spec/requests/content_security_policy_spec.rb @@ -12,9 +12,9 @@ describe 'Content-Security-Policy' do "default-src 'none'", "frame-ancestors 'none'", "font-src 'self' https://cb6e6126.ngrok.io", - "img-src 'self' data: blob: https://cb6e6126.ngrok.io", + "img-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io", "style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='", - "media-src 'self' data: https://cb6e6126.ngrok.io", + "media-src 'self' data: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io", "frame-src 'self' https:", "manifest-src 'self' https://cb6e6126.ngrok.io", "form-action 'self'",