Skip to content

Commit

Permalink
fix: blocked:csp exception for media content at DO
Browse files Browse the repository at this point in the history
  • Loading branch information
martintomas committed Dec 5, 2023
1 parent e3ad19f commit 0357f5b
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
6 changes: 3 additions & 3 deletions cms/config/middlewares.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
export default [
export default ({ env }) => [
'strapi::errors',
{
name: 'strapi::security',
Expand All @@ -8,8 +8,8 @@ export default [
directives: {
'connect-src': ["'self'", 'https:'],
'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net', 'api.mapbox.com'],
'img-src': ["'self'", 'data:', 'blob:'],
'media-src': ["'self'", 'data:', 'blob:'],
'img-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
'media-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
'worker-src': ['blob:'],
upgradeInsecureRequests: null,
},
Expand Down
3 changes: 3 additions & 0 deletions infrastructure/base/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,13 @@ locals {
CMS_URL = "${module.staging.app_url}/cms/"
STRAPI_ADMIN_API_BASE_URL = "${module.staging.app_url}/cms/api"
STRAPI_ADMIN_MAPBOX_ACCESS_TOKEN = var.mapbox_api_token

# DigitalOcean Spaces to store media content
DO_SPACE_ACCESS_KEY = var.do_spaces_client_id
DO_SPACE_SECRET_KEY = var.do_spaces_secret_key
DO_SPACE_ENDPOINT = "https://${var.do_region}.digitaloceanspaces.com"
DO_SPACE_BUCKET = "${var.project_name}-staging-cms"
DO_SPACE_FULL_PATH = "https://${var.project_name}-staging-cms.${var.do_region}.digitaloceanspaces.com"

# Database
DATABASE_CLIENT = "postgres"
Expand Down
1 change: 1 addition & 0 deletions infrastructure/base/modules/env/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ resource "digitalocean_spaces_bucket_cors_configuration" "space_cms_cors" {
allowed_headers = ["*"]
allowed_methods = ["GET", "HEAD", "PUT", "POST", "DELETE"]
allowed_origins = ["*"]
expose_headers = ["ETag", "Access-Control-Allow-Origin"]
max_age_seconds = 3000
}
}

0 comments on commit 0357f5b

Please sign in to comment.