refactor csp

1 month ago · 39eb67b162
parent 8d9bea3b0f
commit 39eb67b162
3 changed files with 0 additions and 20 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -127,8 +127,6 @@ class ApplicationController < ActionController::Base
  end

  def set_csp
-    request.content_security_policy_report_only = Rails.env.production?
-
    request.content_security_policy = current_content_security_policy.tap do |policy|
      policy.default_src :self
      policy.script_src :self
@ -140,7 +138,6 @@ class ApplicationController < ActionController::Base
      policy.frame_src :self
      policy.worker_src :self, :blob
      policy.connect_src :self
-      policy.report_uri '/csp'

      policy.directives['connect-src'] << 'ws:' if Rails.env.development?
    end
--- a/app/controllers/csp_controller.rb
+++ b/app/controllers/csp_controller.rb
@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-class CspController < ActionController::API
-  FILTER_REPORT_REGEXP = /extension|sandbox/i
-
-  SANITIZE_REGEXP = %r{(/[sdep]/)(\w{5})[^/"]+}
-
-  def create
-    data = request.raw_post.gsub(SANITIZE_REGEXP, '\1\2')
-
-    Rails.logger.warn(data) if Rails.env.development?
-
-    Rollbar.warning('CSP', data:) if defined?(Rollbar) && !data.match?(FILTER_REPORT_REGEXP)
-  end
-end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -202,8 +202,6 @@ Rails.application.routes.draw do
    end
  end

-  resources :csp
-
  get '/js/:filename', to: 'embed_scripts#show', as: :embed_script

  ActiveSupport.run_load_hooks(:routes, self)