2021-11-18 22:05:49 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module OneTrustCSP
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
included do
|
|
|
|
content_security_policy do |policy|
|
2021-12-11 22:18:48 +05:30
|
|
|
next unless helpers.one_trust_enabled? || policy.directives.present?
|
2021-11-18 22:05:49 +05:30
|
|
|
|
|
|
|
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
|
2022-01-26 12:08:38 +05:30
|
|
|
script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org', 'https://*.onetrust.com']
|
2021-11-18 22:05:49 +05:30
|
|
|
policy.script_src(*script_src_values)
|
|
|
|
|
|
|
|
default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
|
2022-01-26 12:08:38 +05:30
|
|
|
connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org', 'https://*.onetrust.com']
|
2021-11-18 22:05:49 +05:30
|
|
|
policy.connect_src(*connect_src_values)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|