Home Explore Help
Sign In
RISCI_ATOM
/
mastodon
mirror of https://github.com/tootsuite/mastodon.git
1
0
Fork 0
Files Issues 8 Wiki
Tree: fb721f7cfe
Branches Tags
mastodon
/
app
/
lib
/
content_security_policy.rb

content_security_policy.rb 2.3 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. class ContentSecurityPolicy
    4. 

  4.   def base_host
    5. 

  5.     Rails.configuration.x.web_domain
    6. 

  6.   end
    7. 

  7. 

  8.   def assets_host
    9. 

  9.     url_from_configured_asset_host || url_from_base_host
    10. 

  10.   end
    11. 

  11. 

  12.   def media_hosts
    13. 

  13.     [assets_host, cdn_host_value, paperclip_root_url].compact
    14. 

  14.   end
    15. 

  15. 

  16.   def sso_host
    17. 

  17.     return unless ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1
    18. 

  18. 

  19.     provider = Devise.omniauth_configs[Devise.omniauth_providers[0]]
    20. 

  20.     @sso_host ||= begin
    21. 

  21.       case provider.provider
    22. 

  22.       when :cas
    23. 

  23.         provider.cas_url
    24. 

  24.       when :saml
    25. 

  25.         provider.options[:idp_sso_target_url]
    26. 

  26.       when :openid_connect
    27. 

  27.         provider.options.dig(:client_options, :authorization_endpoint) || OpenIDConnect::Discovery::Provider::Config.discover!(provider.options[:issuer]).authorization_endpoint
    28. 

  28.       end
    29. 

  29.     end
    30. 

  30.   end
    31. 

  31. 

  32.   private
    33. 

  33. 

  34.   def url_from_configured_asset_host
    35. 

  35.     Rails.configuration.action_controller.asset_host
    36. 

  36.   end
    37. 

  37. 

  38.   def cdn_host_value
    39. 

  39.     s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host || swift_object_url
    40. 

  40.   end
    41. 

  41. 

  42.   def paperclip_root_url
    43. 

  43.     root_url = ENV.fetch('PAPERCLIP_ROOT_URL', nil)
    44. 

  44.     return if root_url.blank?
    45. 

  45. 

  46.     (Addressable::URI.parse(assets_host) + root_url).tap do |uri|
    47. 

  47.       uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
    48. 

  48.     end.to_s
    49. 

  49.   end
    50. 

  50. 

  51.   def url_from_base_host
    52. 

  52.     host_to_url(base_host)
    53. 

  53.   end
    54. 

  54. 

  55.   def host_to_url(host_string)
    56. 

  56.     uri_from_configuration_and_string(host_string) if host_string.present?
    57. 

  57.   end
    58. 

  58. 

  59.   def s3_alias_host
    60. 

  60.     host_to_url ENV.fetch('S3_ALIAS_HOST', nil)
    61. 

  61.   end
    62. 

  62. 

  63.   def s3_cloudfront_host
    64. 

  64.     host_to_url ENV.fetch('S3_CLOUDFRONT_HOST', nil)
    65. 

  65.   end
    66. 

  66. 

  67.   def azure_alias_host
    68. 

  68.     host_to_url ENV.fetch('AZURE_ALIAS_HOST', nil)
    69. 

  69.   end
    70. 

  70. 

  71.   def s3_hostname_host
    72. 

  72.     host_to_url ENV.fetch('S3_HOSTNAME', nil)
    73. 

  73.   end
    74. 

  74. 

  75.   def swift_object_url
    76. 

  76.     url = ENV.fetch('SWIFT_OBJECT_URL', nil)
    77. 

  77.     return if url.blank? || !url.start_with?('https://')
    78. 

  78. 

  79.     url += '/' unless url.end_with?('/')
    80. 

  80.     url
    81. 

  81.   end
    82. 

  82. 

  83.   def uri_from_configuration_and_string(host_string)
    84. 

  84.     Addressable::URI.parse("#{host_protocol}://#{host_string}").tap do |uri|
    85. 

  85.       uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
    86. 

  86.     end.to_s
    87. 

  87.   end
    88. 

  88. 

  89.   def host_protocol
    90. 

  90.     Rails.configuration.x.use_https ? 'https' : 'http'
    91. 

  91.   end
    92. 

  92. end
    93.