From ad3c9f37e8773e8431f17ae466f1f9c04b40e966 Mon Sep 17 00:00:00 2001
From: martintomas <martintomas.it@gmail.com>
Date: Mon, 11 Dec 2023 12:15:34 +0100
Subject: [PATCH] refactoring: tweaking content security policy

---
 cms/config/middlewares.ts   | 6 +++---
 cms/config/plugins.ts       | 2 +-
 infrastructure/base/main.tf | 3 +--
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/cms/config/middlewares.ts b/cms/config/middlewares.ts
index 9b0c3f2..5c9d204 100644
--- a/cms/config/middlewares.ts
+++ b/cms/config/middlewares.ts
@@ -8,9 +8,9 @@ export default ({ env }) => [
         directives: {
           'connect-src': ["'self'", 'https:'],
           'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net', 'api.mapbox.com'],
-          'img-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
-          'media-src': ["'self'", 'data:', 'blob:', `${env('DO_SPACE_FULL_PATH')}`],
-          'worker-src': ['blob:'],
+          'img-src': ["'self'", 'data:', 'blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
+          'media-src': ["'self'", 'data:', 'blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
+          'worker-src': ['blob:', `https://${env('DO_SPACE_BUCKET')}.${env('DO_SPACE_REGION')}.digitaloceanspaces.com`, `${env('DO_SPACE_REGION')}.digitaloceanspaces.com/${env('DO_SPACE_BUCKET')}`],
           upgradeInsecureRequests: null,
         },
       }
diff --git a/cms/config/plugins.ts b/cms/config/plugins.ts
index fd9c0c9..a1ed54d 100644
--- a/cms/config/plugins.ts
+++ b/cms/config/plugins.ts
@@ -47,7 +47,7 @@ module.exports = ({env}) => ({
         providerOptions: {
           key: env('DO_SPACE_ACCESS_KEY'),
           secret: env('DO_SPACE_SECRET_KEY'),
-          endpoint: env('DO_SPACE_ENDPOINT'),
+          endpoint: `https://${env('DO_SPACE_REGION')}.digitaloceanspaces.com`,
           space: env('DO_SPACE_BUCKET'),
         }
       },
diff --git a/infrastructure/base/main.tf b/infrastructure/base/main.tf
index dcb0468..9e05955 100644
--- a/infrastructure/base/main.tf
+++ b/infrastructure/base/main.tf
@@ -48,9 +48,8 @@ locals {
     # DigitalOcean Spaces to store media content
     DO_SPACE_ACCESS_KEY              = var.do_spaces_client_id
     DO_SPACE_SECRET_KEY              = var.do_spaces_secret_key
-    DO_SPACE_ENDPOINT                = "https://${var.do_region}.digitaloceanspaces.com"
+    DO_SPACE_REGION                  = var.do_region
     DO_SPACE_BUCKET                  = "${var.project_name}-staging-cms"
-    DO_SPACE_FULL_PATH               = "https://${var.project_name}-staging-cms.${var.do_region}.digitaloceanspaces.com"
 
     # Database
     DATABASE_CLIENT                  = "postgres"