From 41a0a3c87fdab80f6f18dfdfb3c92293e7cb470a Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 5 Jun 2023 17:35:05 +0200 Subject: [PATCH] Fix CSP headers when S3_ALIAS_HOST includes a path component (#25273) --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 6b62e6f337..5b3a683324 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -3,7 +3,7 @@ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy def host_to_url(str) - "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}" unless str.blank? + "http#{Rails.configuration.x.use_https ? 's' : ''}://#{str}".split('/').first if str.present? end base_host = Rails.configuration.x.web_domain