Change Content-Security-Policy to be tighter on media paths (#26889)
This commit is contained in:
parent
eea2654236
commit
ef149674f0
1 changed files with 5 additions and 1 deletions
|
@ -5,7 +5,11 @@
|
||||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||||
|
|
||||||
def host_to_url(str)
|
def host_to_url(str)
|
||||||
"http#{Rails.configuration.x.use_https ? 's' : ''}://#{str.split('/').first}" if str.present?
|
return if str.blank?
|
||||||
|
|
||||||
|
uri = Addressable::URI.parse("http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}")
|
||||||
|
uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
|
||||||
|
uri.to_s
|
||||||
end
|
end
|
||||||
|
|
||||||
base_host = Rails.configuration.x.web_domain
|
base_host = Rails.configuration.x.web_domain
|
||||||
|
|
Loading…
Reference in a new issue