refactoring: tweaking content security policy

Vizzuality · Dec 11, 2023 · ad3c9f3 · ad3c9f3
1 parent 35be595
commit ad3c9f3
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 6 deletions.
diff --git a/cms/config/middlewares.ts b/cms/config/middlewares.ts
@@ -8,9 +8,9 @@ export default ({ env }) => [
         directives: {
           'connect-src': ["'self'", 'https:'],
           'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net', 'api.mapbox.com'],
-          'img-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
-          'media-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
-          'worker-src': ['blob:'],
+          'img-src': ["'self'", 'data:', 'blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
+          'media-src': ["'self'", 'data:', 'blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
+          'worker-src': ['blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
           upgradeInsecureRequests: null,
         },
       }

diff --git a/cms/config/plugins.ts b/cms/config/plugins.ts
@@ -47,7 +47,7 @@ module.exports = ({env}) => ({
         providerOptions: {
           key: env('DO_SPACE_ACCESS_KEY'),
           secret: env('DO_SPACE_SECRET_KEY'),
-          endpoint: env('DO_SPACE_ENDPOINT'),
+          endpoint: `https://${env('DO_SPACE_REGION')}.digitaloceanspaces.com`,
           space: env('DO_SPACE_BUCKET'),
         }
       },

diff --git a/infrastructure/base/main.tf b/infrastructure/base/main.tf
@@ -48,9 +48,8 @@ locals {
     # DigitalOcean Spaces to store media content
     DO_SPACE_ACCESS_KEY              = var.do_spaces_client_id
     DO_SPACE_SECRET_KEY              = var.do_spaces_secret_key
-    DO_SPACE_ENDPOINT                = "https://${var.do_region}.digitaloceanspaces.com"
+    DO_SPACE_REGION                  = var.do_region
     DO_SPACE_BUCKET                  = "${var.project_name}-staging-cms"
-    DO_SPACE_FULL_PATH               = "https://${var.project_name}-staging-cms.${var.do_region}.digitaloceanspaces.com"
 
     # Database
     DATABASE_CLIENT                  = "postgres"