Skip to content

Commit fc43089

Browse files
rachmarirachmari
authored
add azure to content security policy (#17649)
1 parent 0e729d9 commit fc43089

2 files changed

Lines changed: 7 additions & 1 deletion

File tree

middleware/csp.js

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
const { contentSecurityPolicy } = require('helmet')
55
const isArchivedVersion = require('../lib/is-archived-version')
66
const versionSatisfiesRange = require('../lib/version-satisfies-range')
7+
const AZURE_STORAGE_URL = 'githubdocs.azureedge.net'
78

89
// module.exports = contentSecurityPolicy({
910
module.exports = async (req, res, next) => {
@@ -18,13 +19,15 @@ module.exports = async (req, res, next) => {
1819
fontSrc: [
1920
"'self'",
2021
'data:',
21-
'github-images.s3.amazonaws.com'
22+
'github-images.s3.amazonaws.com',
23+
AZURE_STORAGE_URL
2224
],
2325
imgSrc: [
2426
"'self'",
2527
'data:',
2628
'github.githubassets.com',
2729
'github-images.s3.amazonaws.com',
30+
AZURE_STORAGE_URL,
2831
'placehold.it',
2932
'*.githubusercontent.com',
3033
'github.com'

tests/rendering/server.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ const { describeViaActionsOnly } = require('../helpers/conditional-runs')
55
const path = require('path')
66
const { loadPages } = require('../../lib/pages')
77
const builtAssets = require('../../lib/built-asset-urls')
8+
const AZURE_STORAGE_URL = 'githubdocs.azureedge.net'
89

910
describe('server', () => {
1011
jest.setTimeout(60 * 1000)
@@ -45,12 +46,14 @@ describe('server', () => {
4546

4647
expect(csp.get('font-src').includes("'self'")).toBe(true)
4748
expect(csp.get('font-src').includes('github-images.s3.amazonaws.com')).toBe(true)
49+
expect(csp.get('font-src').includes(AZURE_STORAGE_URL)).toBe(true)
4850

4951
expect(csp.get('connect-src').includes("'self'")).toBe(true)
5052
expect(csp.get('connect-src').includes('*.algolia.net')).toBe(true)
5153
expect(csp.get('connect-src').includes('*.algolianet.com')).toBe(true)
5254

5355
expect(csp.get('img-src').includes("'self'")).toBe(true)
56+
expect(csp.get('img-src').includes(AZURE_STORAGE_URL)).toBe(true)
5457
expect(csp.get('img-src').includes('github-images.s3.amazonaws.com')).toBe(true)
5558

5659
expect(csp.get('script-src').includes("'self'")).toBe(true)

0 commit comments

Comments
 (0)