Add detect_base_url config

This diff adds the detect_base_url config, controlled by the DETECT_BASE_URL env variable. When set to true, the BASE_URL setting is ignored, and the base_url is derived from the request protocol and host header. Test Plan: Started up a local instance in my homelab, running docker node:15 image with a nginx reverse proxy. Configured nginx to use the same backend with multiple hostnames on https. Opened in browser and confirmed og:url meta tag uses correct url.
2021-05-05 21:15:02 -07:00 · 2021-05-05 21:15:02 -07:00 · 02e8cb264f
commit 02e8cb264f
parent 385ac595b9
3 changed files with 29 additions and 8 deletions
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -36,9 +36,14 @@ module.exports = function(app) {
        defaultSrc: ["'self'"],
        connectSrc: [
          "'self'",
-          config.base_url.replace(/^https:\/\//, 'wss://')
+          function(req) {
+            const baseUrl = config.deriveBaseUrl(req);
+            const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
+            console.log([baseUrl, r]);
+            return r;
+          }
        ],
-        imgSrc: ["'self'", "data:"],
+        imgSrc: ["'self'", 'data:'],
        scriptSrc: [
          "'self'",
          function(req) {
@ -52,10 +57,6 @@ module.exports = function(app) {
      }
    };

-    csp.directives.connectSrc.push(
-      config.base_url.replace(/^https:\/\//, 'wss://')
-    );
-
    app.use(helmet.contentSecurityPolicy(csp));
  }