Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add override_csp config #281

Closed
wants to merge 1 commit into from
Closed

Add override_csp config #281

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions app/controllers/pg_hero/home_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ class HomeController < ActionController::Base
before_action :set_query_stats_enabled
before_action :set_show_details, only: [:index, :queries, :show_query]
before_action :ensure_query_stats, only: [:queries]
before_action :set_csp, if: :override_csp?
else
# no need to check API in earlier versions
before_filter :set_database
before_filter :set_query_stats_enabled
before_filter :set_show_details, only: [:index, :queries, :show_query]
before_filter :ensure_query_stats, only: [:queries]
before_filter :set_csp, if: :override_csp?
end

def index
Expand Down Expand Up @@ -398,5 +400,15 @@ def ensure_query_stats
redirect_to root_path, alert: "Query stats not enabled"
end
end

def set_csp
response.headers["Content-Security-Policy"] = "default-src 'self'; script-src 'self' 'unsafe-inline'"
end

private

def override_csp?
PgHero.config["override_csp"].nil ? PgHero.override_csp : PgHero.config["override_csp"]
end
end
end
3 changes: 3 additions & 0 deletions guides/Docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@ databases:

# Time zone
# time_zone: "Pacific Time (US & Canada)"

# Override CSP
# override_csp: false
```

Create a `Dockerfile` with:
Expand Down
3 changes: 3 additions & 0 deletions lib/generators/pghero/templates/config.yml.tt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,6 @@ databases:

# Time zone (defaults to app time zone)
# time_zone: "Pacific Time (US & Canada)"

# Override CSP
# override_csp: false
3 changes: 2 additions & 1 deletion lib/pghero.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class NotEnabled < Error; end

# settings
class << self
attr_accessor :long_running_query_sec, :slow_query_ms, :slow_query_calls, :explain_timeout_sec, :total_connections_threshold, :cache_hit_rate_threshold, :env, :show_migrations, :config_path
attr_accessor :long_running_query_sec, :slow_query_ms, :slow_query_calls, :explain_timeout_sec, :total_connections_threshold, :cache_hit_rate_threshold, :env, :show_migrations, :config_path, :override_csp
end
self.long_running_query_sec = (ENV["PGHERO_LONG_RUNNING_QUERY_SEC"] || 60).to_i
self.slow_query_ms = (ENV["PGHERO_SLOW_QUERY_MS"] || 20).to_i
Expand All @@ -46,6 +46,7 @@ class << self
self.env = ENV["RAILS_ENV"] || ENV["RACK_ENV"] || "development"
self.show_migrations = true
self.config_path = ENV["PGHERO_CONFIG_PATH"] || "config/pghero.yml"
self.override_csp = ENV["PGHERO_OVERRIDE_CSP"] == "true"

class << self
extend Forwardable
Expand Down