#264 Allow additional hosts to be specified for gitlab snippets

build-canaries · Feb 20, 2019 · 1e24301 · 1e24301
1 parent f509a7e
commit 1e24301
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/src/nevergreen/config.clj b/src/nevergreen/config.clj
@@ -35,3 +35,6 @@
 
 (defn allow-iframe-from []
   (or (env :allow-iframe-from) default-csp-frame-ancestors))
+
+(defn allow-gitlab-snippets-from []
+  (env :allow-gitlab-snippets-from))
diff --git a/src/nevergreen/wrap_content_security_policy.clj b/src/nevergreen/wrap_content_security_policy.clj
@@ -11,7 +11,7 @@
    "img-src * data:"
    "font-src 'self' data:"
    "media-src *"
-   "connect-src 'self' https://api.github.com https://gist.githubusercontent.com https://gitlab.com"
+   (clojure.string/join " " (remove nil? ["connect-src 'self' https://api.github.com https://gist.githubusercontent.com https://gitlab.com" (config/allow-gitlab-snippets-from)]))
    "object-src 'none'"
    (str "frame-ancestors " (config/allow-iframe-from))])
 

diff --git a/test/nevergreen/config_test.clj b/test/nevergreen/config_test.clj
@@ -23,6 +23,15 @@
       (fact "defaults to 'self'"
             (subject/allow-iframe-from) => "'self'"))
 
+(fact "allow GitLab snippets from"
+      (fact "from env"
+            (subject/allow-gitlab-snippets-from) => "host:port"
+            (provided
+              (env :allow-gitlab-snippets-from) => "host:port"))
+
+      (fact "defaults to nil"
+            (subject/allow-gitlab-snippets-from) => nil))            
+
 (facts "aes encryption key"
        (fact "from env"
              (subject/aes-key) => "key-thats-valid!"