parent
885e9227c6
commit
ccaefd139d
2 changed files with 7 additions and 0 deletions
|
@ -89,6 +89,11 @@ SMTP_FROM_ADDRESS=notifications@example.com
|
||||||
# Access-Control-Allow-Origin: https://example.com/
|
# Access-Control-Allow-Origin: https://example.com/
|
||||||
# CDN_HOST=https://assets.example.com
|
# CDN_HOST=https://assets.example.com
|
||||||
|
|
||||||
|
# Optional list of hosts that are allowed to serve media for your instance
|
||||||
|
# This is useful if you include external media in your custom CSS or about page,
|
||||||
|
# or if your data storage provider makes use of redirects to other domains.
|
||||||
|
# EXTRA_DATA_HOSTS=https://data.example1.com|https://data.example2.com
|
||||||
|
|
||||||
# S3 (optional)
|
# S3 (optional)
|
||||||
# The attachment host must allow cross origin request from WEB_DOMAIN or
|
# The attachment host must allow cross origin request from WEB_DOMAIN or
|
||||||
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
|
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
|
||||||
|
|
|
@ -23,6 +23,8 @@ if Rails.env.production?
|
||||||
data_hosts << "https://#{url.host}"
|
data_hosts << "https://#{url.host}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
data_hosts.concat(ENV['EXTRA_DATA_HOSTS'].split('|')) if ENV['EXTRA_DATA_HOSTS']
|
||||||
|
|
||||||
data_hosts.uniq!
|
data_hosts.uniq!
|
||||||
|
|
||||||
Rails.application.config.content_security_policy do |p|
|
Rails.application.config.content_security_policy do |p|
|
||||||
|
|
Loading…
Reference in a new issue