diff --git a/roles/web-app-bluesky/config/main.yml b/roles/web-app-bluesky/config/main.yml index 72e6ca48..d3b988e6 100644 --- a/roles/web-app-bluesky/config/main.yml +++ b/roles/web-app-bluesky/config/main.yml @@ -13,16 +13,16 @@ server: csp: whitelist: connect-src: - - "{{ WEB_PROTOCOL }}://{{ BLUESKY_API_DOMAIN }}" - - https://plc.directory - - https://bsky.social - - https://api.bsky.app - - https://public.api.bsky.app - - https://events.bsky.app - - https://statsigapi.net - - https://ip.bsky.app - - wss://bsky.network - - wss://*.bsky.app + - "{{ WEB_PROTOCOL }}://<< defaults_applications[web-app-bluesky].server.domains.canonical.api >>" + - "https://plc.directory" + - "https://bsky.social" + - "https://api.bsky.app" + - "https://public.api.bsky.app" + - "https://events.bsky.app" + - "https://statsigapi.net" + - "https://ip.bsky.app" + - "wss://bsky.network" + - "wss://*.bsky.app" docker: services: database: diff --git a/tests/integration/test_csp_configuration_consistency.py b/tests/integration/test_csp_configuration_consistency.py index 804aaab3..a3a0fca0 100644 --- a/tests/integration/test_csp_configuration_consistency.py +++ b/tests/integration/test_csp_configuration_consistency.py @@ -25,7 +25,7 @@ class TestCspConfigurationConsistency(unittest.TestCase): Accept entries that are: - Jinja expressions (contain '{{' and '}}') - Data or Blob URIs (start with 'data:' or 'blob:') - - HTTP/HTTPS URLs + - HTTP/HTTPS/WS/WSS URLs """ if '{{' in entry and '}}' in entry: return True @@ -34,7 +34,7 @@ class TestCspConfigurationConsistency(unittest.TestCase): if entry == '*': return True parsed = urlparse(entry) - return parsed.scheme in ('http', 'https') and bool(parsed.netloc) + return parsed.scheme in ('http', 'https','ws', 'wss') and bool(parsed.netloc) def test_csp_configuration_structure(self): """