Skip to content

Instantly share code, notes, and snippets.

@runspired

runspired/environment.js

Created July 10, 2015 04:41
Show Gist options
  • Save runspired/930a3fd6d08a0d7884c7 to your computer and use it in GitHub Desktop.
Save runspired/930a3fd6d08a0d7884c7 to your computer and use it in GitHub Desktop.
Download ZIP
Ember CSP
Raw
environment.js
function makeCSP(CSP, domains) {
domains.forEach(function(o) {
var domain = makeDomain(o);
domain.sources.forEach(function(source) {
var parts = appendSubdomains(domain.subdomains, domain.domain);
parts = appendProtocols(parts, domain.protocols);
parts = appendPorts(parts, domain.ports);
CSP[source] += ' ' + parts.join(' ');
});
});
return CSP;
}
function makeDomain(obj) {
obj.sources = obj.sources || [];
obj.protocols = obj.protocols || [];
obj.subdomains = obj.subdomains || [];
obj.ports = obj.ports || [];
return obj;
}
function appendPorts(domains, ports) {
var a = [];
domains.forEach(function(d) {
ports.forEach(function(p) {
a.push(d + ':' + p);
});
});
domains = domains.concat(a)
return domains;
}
function appendSubdomains(subs, domain) {
var a = [domain];
if (subs) {
subs.forEach(function(sub) {
a.push(sub + '.' + domain);
});
}
return a;
}
function appendProtocols(domains, protocols) {
var a = [];
domains.forEach(function(d) {
protocols.forEach(function(p) {
a.push(p + '://' + d);
});
});
return a;
}
Raw
usage.js
var DOMAINS = [
{
sources: ['default-src', 'script-src', 'font-src', 'connect-src', 'style-src', 'media-src'],
protocols: ['http', 'ws'],
subdomains: ['foo'],
domain: 'example.com',
ports: ['5000']
}];
ENV.contentSecurityPolicy = makeCSP({
'default-src': "'self'",
'script-src': "'self' 'unsafe-inline' 'unsafe-eval'",
'font-src': "'self'",
'connect-src': "'self'",
'img-src': "'self'",
'style-src': "'self' 'unsafe-inline'",
'media-src': "'self'"
}, DOMAINS);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment