Commit 75046c3f authored by Rajendra Kadam's avatar Rajendra Kadam Committed by Alper Akgun

Add onetrust.com to one_trust_csp

parent 18fc6343
...@@ -8,11 +8,11 @@ module OneTrustCSP ...@@ -8,11 +8,11 @@ module OneTrustCSP
next unless helpers.one_trust_enabled? || policy.directives.present? next unless helpers.one_trust_enabled? || policy.directives.present?
default_script_src = policy.directives['script-src'] || policy.directives['default-src'] default_script_src = policy.directives['script-src'] || policy.directives['default-src']
script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com'] script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org', 'https://*.onetrust.com']
policy.script_src(*script_src_values) policy.script_src(*script_src_values)
default_connect_src = policy.directives['connect-src'] || policy.directives['default-src'] default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org'] connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org', 'https://*.onetrust.com']
policy.connect_src(*connect_src_values) policy.connect_src(*connect_src_values)
end end
end end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'OneTrust content security policy' do
let(:user) { create(:user) }
before do
stub_config(extra: { one_trust_id: SecureRandom.uuid })
end
it 'has proper Content Security Policy headers' do
visit root_path
expect(response_headers['Content-Security-Policy']).to include('https://cdn.cookielaw.org https://*.onetrust.com')
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment