modify connect-src of Content Security Policy to include dynamic wss URL based on configured base URL

This commit is contained in:
Michael Peter 2020-01-17 17:47:09 -05:00
parent e57fc1c2d8
commit 5ff6266a5e
2 changed files with 3 additions and 1 deletions

View File

@ -13,6 +13,7 @@ Run `docker build -t send:latest .` to create an image or `docker-compose up` to
| `SENTRY_DSN` | Sentry DSN | `SENTRY_DSN` | Sentry DSN
| `MAX_FILE_SIZE` | in bytes (defaults to 2147483648) | `MAX_FILE_SIZE` | in bytes (defaults to 2147483648)
| `NODE_ENV` | "production" | `NODE_ENV` | "production"
| `BASE_URL` | The HTTPS URL where traffic will be served (e.g. `https://send.firefox.com`)
## Example: ## Example:
@ -22,5 +23,6 @@ $ docker run --net=host -e 'NODE_ENV=production' \
-e 'REDIS_HOST=dyf9s2r4vo3.bolxr4.0001.usw2.cache.amazonaws.com' \ -e 'REDIS_HOST=dyf9s2r4vo3.bolxr4.0001.usw2.cache.amazonaws.com' \
-e 'SENTRY_CLIENT=https://51e23d7263e348a7a3b90a5357c61cb2@sentry.prod.mozaws.net/168' \ -e 'SENTRY_CLIENT=https://51e23d7263e348a7a3b90a5357c61cb2@sentry.prod.mozaws.net/168' \
-e 'SENTRY_DSN=https://51e23d7263e348a7a3b90a5357c61cb2:65e23d7263e348a7a3b90a5357c61c44@sentry.prod.mozaws.net/168' \ -e 'SENTRY_DSN=https://51e23d7263e348a7a3b90a5357c61cb2:65e23d7263e348a7a3b90a5357c61c44@sentry.prod.mozaws.net/168' \
-e 'BASE_URL=https://send.firefox.com' \
mozilla/send:latest mozilla/send:latest
``` ```

View File

@ -39,7 +39,7 @@ module.exports = function(app) {
"'self'", "'self'",
'wss://*.dev.lcip.org', 'wss://*.dev.lcip.org',
'wss://*.send.nonprod.cloudops.mozgcp.net', 'wss://*.send.nonprod.cloudops.mozgcp.net',
'wss://send.firefox.com', config.base_url.replace(/^https:\/\//, 'wss://'),
'https://*.dev.lcip.org', 'https://*.dev.lcip.org',
'https://accounts.firefox.com', 'https://accounts.firefox.com',
'https://*.accounts.firefox.com', 'https://*.accounts.firefox.com',