From 6c8f12680c272415141693ca868df2757290a807 Mon Sep 17 00:00:00 2001 From: highemerly Date: Sat, 18 Nov 2023 15:03:47 +0900 Subject: [PATCH] [tuning] Enable Cloudflare RUM by CSP settings update --- config/initializers/content_security_policy.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 6ce84a6e4253d5..ce4b6df96f45db 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -19,6 +19,10 @@ def host_to_url(str) media_host ||= host_to_url(ENV['S3_HOSTNAME']) if ENV['S3_ENABLED'] == 'true' media_host ||= assets_host +cloudflare_insights_script_host = 'https://static.cloudflareinsights.com' +cloudflare_insights_connect_host = 'https://cloudflareinsights.com' +cloudflare_mirage_script_host = 'https://ajax.cloudflare.com' + def sso_host return unless ENV['ONE_CLICK_SSO_LOGIN'] == 'true' return unless ENV['OMNIAUTH_ONLY'] == 'true' @@ -61,11 +65,11 @@ def sso_host webpacker_public_host = ENV.fetch('WEBPACKER_DEV_SERVER_PUBLIC', Webpacker.config.dev_server[:public]) webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{webpacker_public_host}" } - p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls + p.connect_src :self, :data, :blob, assets_host, media_host, cloudflare_insights_connect_host, Rails.configuration.x.streaming_api_base_url, *webpacker_urls p.script_src :self, :unsafe_inline, :unsafe_eval, assets_host else p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url - p.script_src :self, assets_host, "'wasm-unsafe-eval'" + p.script_src :self, assets_host, cloudflare_insights_script_host, cloudflare_mirage_script_host, "'wasm-unsafe-eval'" end end