parent
885e9227c6
commit
ccaefd139d
|
@ -89,6 +89,11 @@ SMTP_FROM_ADDRESS=notifications@example.com
|
|||
# Access-Control-Allow-Origin: https://example.com/
|
||||
# CDN_HOST=https://assets.example.com
|
||||
|
||||
# Optional list of hosts that are allowed to serve media for your instance
|
||||
# This is useful if you include external media in your custom CSS or about page,
|
||||
# or if your data storage provider makes use of redirects to other domains.
|
||||
# EXTRA_DATA_HOSTS=https://data.example1.com|https://data.example2.com
|
||||
|
||||
# S3 (optional)
|
||||
# The attachment host must allow cross origin request from WEB_DOMAIN or
|
||||
# LOCAL_DOMAIN if WEB_DOMAIN is not set. For example, the server may have the
|
||||
|
|
|
@ -23,6 +23,8 @@ if Rails.env.production?
|
|||
data_hosts << "https://#{url.host}"
|
||||
end
|
||||
|
||||
data_hosts.concat(ENV['EXTRA_DATA_HOSTS'].split('|')) if ENV['EXTRA_DATA_HOSTS']
|
||||
|
||||
data_hosts.uniq!
|
||||
|
||||
Rails.application.config.content_security_policy do |p|
|
||||
|
|
Reference in New Issue