2018-10-22 12:22:23 -05:00
|
|
|
# frozen_string_literal: true
|
2023-01-09 06:10:19 -06:00
|
|
|
require "content_security_policy/builder"
|
|
|
|
|
require "content_security_policy/extension"
|
2018-10-22 12:22:23 -05:00
|
|
|
|
|
|
|
|
class ContentSecurityPolicy
|
2018-11-30 08:51:45 -06:00
|
|
|
class << self
|
2023-07-28 06:53:44 -05:00
|
|
|
def policy(theme_id = nil, base_url: Discourse.base_url, path_info: "/")
|
|
|
|
|
new.build(theme_id, base_url: base_url, path_info: path_info)
|
2018-10-22 12:22:23 -05:00
|
|
|
end
|
2024-03-06 07:01:32 -06:00
|
|
|
|
|
|
|
|
def nonce_placeholder(response_headers)
|
|
|
|
|
response_headers[
|
|
|
|
|
::Middleware::CspScriptNonceInjector::PLACEHOLDER_HEADER
|
|
|
|
|
] ||= "[[csp_nonce_placeholder_#{SecureRandom.hex}]]"
|
|
|
|
|
end
|
2018-10-22 12:22:23 -05:00
|
|
|
end
|
|
|
|
|
|
2023-07-28 06:53:44 -05:00
|
|
|
def build(theme_id, base_url:, path_info: "/")
|
|
|
|
|
builder = Builder.new(base_url: base_url)
|
2018-10-22 12:22:23 -05:00
|
|
|
|
2021-06-15 01:57:17 -05:00
|
|
|
Extension.theme_extensions(theme_id).each { |extension| builder << extension }
|
2018-11-30 08:51:45 -06:00
|
|
|
Extension.plugin_extensions.each { |extension| builder << extension }
|
|
|
|
|
builder << Extension.site_setting_extension
|
2019-12-30 06:17:12 -06:00
|
|
|
builder << Extension.path_specific_extension(path_info)
|
2018-10-22 12:22:23 -05:00
|
|
|
|
2018-11-30 08:51:45 -06:00
|
|
|
builder.build
|
2018-11-15 11:14:16 -06:00
|
|
|
end
|
2018-10-22 12:22:23 -05:00
|
|
|
end
|
2018-11-30 08:51:45 -06:00
|
|
|
|
|
|
|
|
CSP = ContentSecurityPolicy
|
