Add ContentSecurityPolicyFilter.registerAllowedSources() (#239)

* Add ContentSecurityPolicyFilter.registerAllowedSources() * Modify ContentSecurityPolicyFilter
bimberlabinternal · Feb 21, 2025 · 78b6341 · 78b6341
1 parent b2d159b
commit 78b6341
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/mGAP/src/org/labkey/mgap/mGAPModule.java b/mGAP/src/org/labkey/mgap/mGAPModule.java
@@ -35,6 +35,7 @@
 import org.labkey.api.ldk.notification.NotificationService;
 import org.labkey.api.module.ModuleContext;
 import org.labkey.api.query.FieldKey;
+import org.labkey.api.security.Directive;
 import org.labkey.api.sequenceanalysis.SequenceAnalysisService;
 import org.labkey.api.sequenceanalysis.pipeline.SequencePipelineService;
 import org.labkey.api.util.PageFlowUtil;
@@ -107,7 +108,9 @@ public void doStartupAfterSpringConfig(ModuleContext moduleContext)
 
         SystemMaintenance.addTask(new mGapMaintenanceTask());
 
-        ContentSecurityPolicyFilter.registerAllowedConnectionSource(this.getClass().getName(), "https://*.fontawesome.com", "https://code.jquery.com", "https://www.gstatic.com");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://code.jquery.com", "https://*.fontawesome.com");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://code.jquery.com", "https://www.gstatic.com");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Font, this.getClass().getName(), "https://*.fontawesome.com");
 
         new PipelineStartup();
     }

diff --git a/mcc/src/org/labkey/mcc/MccModule.java b/mcc/src/org/labkey/mcc/MccModule.java
@@ -29,6 +29,7 @@
 import org.labkey.api.module.ModuleContext;
 import org.labkey.api.query.DefaultSchema;
 import org.labkey.api.query.QuerySchema;
+import org.labkey.api.security.Directive;
 import org.labkey.api.security.permissions.ReadPermission;
 import org.labkey.api.security.roles.RoleManager;
 import org.labkey.api.study.Study;
@@ -137,7 +138,9 @@ protected void doStartupAfterSpringConfig(ModuleContext moduleContext)
 
         SystemMaintenance.addTask(new MccMaintenanceTask());
 
-        ContentSecurityPolicyFilter.registerAllowedConnectionSource(this.getClass().getName(), "https://cdn.datatables.net");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://cdn.datatables.net");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://cdn.datatables.net");
+        ContentSecurityPolicyFilter.registerAllowedSources(Directive.Image, this.getClass().getName(), "https://cdn.datatables.net");
     }
 
     @Override