Also add s3 to form-action CSP for bim direct uploads (#23391)

2026-06-13 19:20:00 +00:00 · 2026-05-27 13:54:53 +02:00
parent 8c0bb519b2
commit adb1ec6a97
1 changed files with 6 additions and 7 deletions
@@ -80,13 +80,6 @@ Rails.application.config.after_initialize do
        connect_src += ["https://appsignal-endpoint.net"]
      end

-      # Allow connections to S3 for BIM
-      if OpenProject::Configuration.fog_directory.present?
-        connect_src += [
-          OpenProject::Configuration.fog_s3_upload_host
-        ]
-      end
-
      # Add proxy configuration for Angular CLI to csp
      if FrontendAssetHelper.assets_proxied?
        proxied = ["ws://#{Setting.host_name}", "http://#{Setting.host_name}",
@@ -119,6 +112,12 @@ Rails.application.config.after_initialize do
        form_action += ["test-bucket.s3.amazonaws.com"]
      end

+      # Allow connections to S3 for BIM
+      if OpenProject::Configuration.fog_directory.present?
+        connect_src += [OpenProject::Configuration.fog_s3_upload_host]
+        form_action += [OpenProject::Configuration.fog_s3_upload_host]
+      end
+
      # Configure CSP directives
      policy.default_src(*default_src)
      policy.base_uri("'self'")