allow dynamic CSP to define addresses without standard ports

brunopagno · brunopagno · commit 61fa598cde3d · 2025-10-28T08:16:38.000+01:00
diff --git a/app/controllers/concerns/dynamic_content_security_policy.rb b/app/controllers/concerns/dynamic_content_security_policy.rb
@@ -68,8 +68,14 @@ def add_hocuspocus_host_to_csp
         nil
       end
       if uri.present?
-        append_content_security_policy_directives(connect_src: ["#{uri.scheme}://#{uri.host}"])
+        append_content_security_policy_directives(connect_src: ["#{uri.scheme}://#{host_with_port(uri)}"])
       end
     end
   end
+
+  def host_with_port(uri)
+    # Include port if it's not the default port for the scheme (necessary for local dev support)
+    default_port = ["wss", "https"].include?(uri.scheme) ? 443 : 80
+    uri.port && uri.port != default_port ? "#{uri.host}:#{uri.port}" : uri.host
+  end
 end
