Leatherface/mastodon
1
0
Fork 0
mirror of https://github.com/glitch-soc/mastodon.git synced 2025-12-13 15:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change img-src and media-src CSP directives to not include https: (#28025)

Browse Source
This commit is contained in:
Claire
2023-11-30 14:47:01 +01:00
committed by GitHub
parent bb0efe16e6
commit 85662a5a57
4 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
spec/lib/content_security_policy_spec.rb
View File

@@ -59,10 +59,10 @@ describe ContentSecurityPolicy do
end
end
describe '#media_host' do
describe '#media_hosts' do
context 'when there is no configured CDN' do
it 'defaults to using the assets_host value' do
expect(subject.media_host).to eq(subject.assets_host)
expect(subject.media_hosts).to contain_exactly(subject.assets_host)
end
end
@@ -74,7 +74,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 alias host value' do
expect(subject.media_host).to eq 'https://asset-host.s3-alias.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-alias.example')
end
end
@@ -86,7 +86,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 alias host value and preserves the path' do
expect(subject.media_host).to eq 'https://asset-host.s3-alias.example/pathname/'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-alias.example/pathname/')
end
end
@@ -98,7 +98,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 cloudfront host value' do
expect(subject.media_host).to eq 'https://asset-host.s3-cloudfront.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3-cloudfront.example')
end
end
@@ -110,7 +110,7 @@ describe ContentSecurityPolicy do
end
it 'uses the azure alias host value' do
expect(subject.media_host).to eq 'https://asset-host.azure-alias.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.azure-alias.example')
end
end
@@ -122,7 +122,7 @@ describe ContentSecurityPolicy do
end
it 'uses the s3 hostname host value' do
expect(subject.media_host).to eq 'https://asset-host.s3.example'
expect(subject.media_hosts).to contain_exactly(subject.assets_host, 'https://asset-host.s3.example')
end
end
end