Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Change img-src and media-src CSP directives to not include https: (#28025)

Browse source
This commit is contained in:
Claire 2023-11-30 14:47:01 +01:00 committed by GitHub
parent bb0efe16e6
commit 85662a5a57
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

14
spec/lib/content_security_policy_spec.rb
View file

@ -59,10 +59,10 @@ describe ContentSecurityPolicy do
end
end
describe '#media_host' do
describe '#media_hosts' do
context 'when there is no configured CDN' do
it 'defaults to using the assets_host value' do
expect(subject.media_host).to eq(subject.assets_host)
expect(subject.media_hosts).to contain_exactly(subject.assets_host)
end
end
@ -74,7 +74,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 alias host value' do
expect(subject.media_host).to eq 'https://asset-host.s3-alias.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-alias.example')
end
end
@ -86,7 +86,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 alias host value and preserves the path' do
expect(subject.media_host).to eq 'https://asset-host.s3-alias.example/pathname/'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-alias.example/pathname/')
end
end
@ -98,7 +98,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 cloudfront host value' do
expect(subject.media_host).to eq 'https://asset-host.s3-cloudfront.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-cloudfront.example')
end
end
@ -110,7 +110,7 @@ describe ContentSecurityPolicy do
end
it 'uses the azure alias host value' do
expect(subject.media_host).to eq 'https://asset-host.azure-alias.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.azure-alias.example')
end
end
@ -122,7 +122,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 hostname host value' do
expect(subject.media_host).to eq 'https://asset-host.s3.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
end
end
end