Extract class from CSP configuration/initialization (#26905)

2023-10-27 12:20:40 -04:00 · 2023-10-27 12:20:40 -04:00 · eae5c7334a
commit eae5c7334a
parent 2e6bf60f15
3 changed files with 192 additions and 17 deletions
--- a/app/lib/content_security_policy.rb
+++ b/app/lib/content_security_policy.rb
@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+class ContentSecurityPolicy
+  def base_host
+    Rails.configuration.x.web_domain
+  end
+
+  def assets_host
+    url_from_configured_asset_host || url_from_base_host
+  end
+
+  def media_host
+    cdn_host_value || assets_host
+  end
+
+  private
+
+  def url_from_configured_asset_host
+    Rails.configuration.action_controller.asset_host
+  end
+
+  def cdn_host_value
+    s3_alias_host || s3_cloudfront_host || azure_alias_host || s3_hostname_host
+  end
+
+  def url_from_base_host
+    host_to_url(base_host)
+  end
+
+  def host_to_url(host_string)
+    uri_from_configuration_and_string(host_string) if host_string.present?
+  end
+
+  def s3_alias_host
+    host_to_url ENV.fetch('S3_ALIAS_HOST', nil)
+  end
+
+  def s3_cloudfront_host
+    host_to_url ENV.fetch('S3_CLOUDFRONT_HOST', nil)
+  end
+
+  def azure_alias_host
+    host_to_url ENV.fetch('AZURE_ALIAS_HOST', nil)
+  end
+
+  def s3_hostname_host
+    host_to_url ENV.fetch('S3_HOSTNAME', nil)
+  end
+
+  def uri_from_configuration_and_string(host_string)
+    Addressable::URI.parse("#{host_protocol}://#{host_string}").tap do |uri|
+      uri.path += '/' unless uri.path.blank? || uri.path.end_with?('/')
+    end.to_s
+  end
+
+  def host_protocol
+    Rails.configuration.x.use_https ? 'https' : 'http'
+  end
+end