IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 01:16:38 -06:00
Code Issues Packages Projects Releases Wiki Activity
488fba3c5f
discourse/lib/plugin
History
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704) 
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
..
filter_manager.rb Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
filter.rb (experimental) added framework for filtering all sorts of internals in discourse and consuming by plugins 2013-10-10 18:45:40 +11:00
instance.rb FEATURE: allow plugins and themes to extend the default CSP (#6704) 2018-11-30 09:51:45 -05:00
metadata.rb DEV: Update official plugins list 2018-10-15 13:53:21 +11:00