update CSP directives for prismic editors

2018-11-16 17:08:03 +07:00 · 2018-11-16 17:08:03 +07:00 · afae01da54
parent 015c3a65dc
commit afae01da54
3 changed files with 11 additions and 2 deletions
--- a/app/views/base/notFound.scala.html
+++ b/app/views/base/notFound.scala.html
@ -3,7 +3,8 @@
@base.layout(
 title = "Page not found",
 moreJs = prismicJs,
-moreCss = cssTag("notFound.css")) {
+moreCss = cssTag("notFound.css"),
+csp = defaultCsp.withPrismic(isGranted(_.Prismic)).some) {

 <div class="content_box small_box">
  <header>
--- a/app/views/blog/layout.scala.html
+++ b/app/views/blog/layout.scala.html
@ -12,7 +12,7 @@ moreCss = cssTag("blog.css"),
 moreJs = pageJs,
 side = side,
 openGraph = openGraph,
-csp = defaultCsp.withTwitter.some) {
+csp = defaultCsp.withPrismicEditor(isGranted(_.Prismic)).some) {
 <div id="lichess_blog" class="content_box">
  @body
 </div>
--- a/modules/common/src/main/ContentSecurityPolicy.scala
+++ b/modules/common/src/main/ContentSecurityPolicy.scala
@ -58,6 +58,14 @@ case class ContentSecurityPolicy(
    frameSrc = "https://docs.google.com" :: frameSrc
  )

+  def withPrismicEditor(maybe: Boolean): ContentSecurityPolicy = if (maybe) copy(
+    scriptSrc = "https://lichess.prismic.io" :: scriptSrc,
+    frameSrc = "https://lichess.prismic.io" :: frameSrc
+  )
+  else this
+
+  def withPrismic(editor: Boolean): ContentSecurityPolicy = withPrismicEditor(editor).withTwitter
+
  override def toString: String =
    List(
      "default-src " -> defaultSrc,