Skip to content

Commit

Permalink
Merge pull request guardian#4258 from bbc/t1615-img-src-headers
Browse files Browse the repository at this point in the history 
add in config options for image sources in content security policy.
  • Loading branch information
@twrichards
twrichards authored Apr 8, 2024
2 parents e37e3ac + cb8fc7f commit dd79340
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions dev/script/generate-config/service-config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ function getKahunaConfig(config){
|links.supportEmail="${config.links.supportEmail}"
|security.cors.allowedOrigins="${getCorsAllowedOriginString(config)}"
|security.frameAncestors="https://*.${config.DOMAIN}"
|security.imageSources=["https://*.newslabs.co/"]
|metrics.request.enabled=false
|${pinboardConfig}
|`;
Expand Down
2 changes: 1 addition & 1 deletion kahuna/app/KahunaComponents.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ object KahunaSecurityConfig {
URI.ensureSecure("app.getsentry.com").toString,
"https://*.googleusercontent.com",
"'self'"
).mkString(" ")}"
).mkString(" ")} ${config.imageSources.mkString(" ")}"

val fontSources = s"font-src data: 'self' ${config.fontSources.mkString(" ")}"

Expand Down
1 change: 1 addition & 0 deletions kahuna/app/lib/KahunaConfig.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ class KahunaConfig(resources: GridConfigResources) extends CommonConfig(resource
else s"https://$ingestBucket.s3.$awsRegion.amazonaws.com"
}
val fontSources: Set[String] = getStringSet("security.fontSources")
val imageSources: Set[String] = getStringSet("security.imageSources")

val scriptsToLoad: List[ScriptToLoad] = getConfigList("scriptsToLoad").map(entry => ScriptToLoad(
host = entry.getString("host"),
Expand Down

0 comments on commit dd79340

Please sign in to comment.