From 4df68bab23678c618d45e31aac6419107f2b9549 Mon Sep 17 00:00:00 2001 From: tomdds Date: Fri, 22 Nov 2019 11:56:27 -0500 Subject: [PATCH] Add BLOB_STORAGE_URL config Our content security policy in non-dev environments didn't allow uploading to azure blob storage. This adds a configurable blob storage base URL to allow regions to specify which storage endpoint they expect the upload request to use. --- atst/app.py | 3 ++- config/base.ini | 1 + deploy/azure/atst-envvars-configmap.yml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/atst/app.py b/atst/app.py index 346ffe8b..3695f65e 100644 --- a/atst/app.py +++ b/atst/app.py @@ -128,6 +128,7 @@ def make_flask_callbacks(app): def set_default_headers(app): # pragma: no cover static_url = app.config.get("STATIC_URL") + blob_storage_url = app.config.get("BLOB_STORAGE_URL") @app.after_request def _set_security_headers(response): @@ -146,7 +147,7 @@ def set_default_headers(app): # pragma: no cover else: response.headers[ "Content-Security-Policy" - ] = f"default-src 'self' 'unsafe-eval' 'unsafe-inline' {static_url}" + ] = f"default-src 'self' 'unsafe-eval' 'unsafe-inline' {blob_storage_url} {static_url}" return response diff --git a/config/base.ini b/config/base.ini index 76e0f03e..146ebcb4 100644 --- a/config/base.ini +++ b/config/base.ini @@ -1,5 +1,6 @@ [default] ASSETS_URL +BLOB_STORAGE_URL=http://localhost:8000/ CAC_URL = http://localhost:8000/login-redirect CA_CHAIN = ssl/server-certs/ca-chain.pem CDN_ORIGIN=http://localhost:8000 diff --git a/deploy/azure/atst-envvars-configmap.yml b/deploy/azure/atst-envvars-configmap.yml index 4870e6a6..bd40ec5e 100644 --- a/deploy/azure/atst-envvars-configmap.yml +++ b/deploy/azure/atst-envvars-configmap.yml @@ -6,6 +6,7 @@ metadata: namespace: atat data: ASSETS_URL: https://atat-cdn.azureedge.net/ + BLOB_STORAGE_URL: https://atat.blob.core.windows.net/ CELERY_DEFAULT_QUEUE: celery-master CDN_ORIGIN: https://azure.atat.code.mil CSP: azure