Add editor link scheme to the CSP

RobinDaugherty · RobinDaugherty · commit 855d40aa568f · 2020-12-11T14:01:15.000-05:00
diff --git a/lib/better_errors/editor.rb b/lib/better_errors/editor.rb
@@ -84,6 +84,10 @@ def url(raw_path, line)
       url_proc.call(file, line)
     end
 
+    def scheme
+      url('/fake', 42).sub(/:.*/, ':')
+    end
+
     private
 
     attr_reader :url_proc
diff --git a/lib/better_errors/middleware.rb b/lib/better_errors/middleware.rb
@@ -122,6 +122,7 @@ def show_error_page(env, exception=nil)
           # Inline style is required by the syntax highlighter.
           "style-src 'self' 'unsafe-inline'",
           "connect-src 'self'",
+          "navigate-to 'self' #{BetterErrors.editor.scheme}",
         ].join('; '),
       }
 

Original file line number	Diff line number	Diff line change
`@@ -122,6 +122,7 @@ def show_error_page(env, exception=nil)`
`122`	`122`	`# Inline style is required by the syntax highlighter.`
`123`	`123`	`"style-src 'self' 'unsafe-inline'",`
`124`	`124`	`"connect-src 'self'",`
	`125`	`+ "navigate-to 'self' #{BetterErrors.editor.scheme}",`
`125`	`126`	`].join('; '),`
`126`	`127`	`}`
`127`	`128`