From 18b1a155bf37599616f4245388da7beb4bd3351d Mon Sep 17 00:00:00 2001
From: Thomas Misilo <tmisilo@ksu.edu>
Date: Wed, 5 May 2021 11:05:22 -0500
Subject: [PATCH] Change from ENV to config value for PUBLIC_AWS_URL

When running config:cache the env('PUBLIC_AWS'URL') value disappears and isn't available, so it doesn't get added to the CSP Policy.
---
 app/Http/Middleware/SecurityHeaders.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php
index 8a3800ffe..7f3194743 100644
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -106,7 +106,10 @@ class SecurityHeaders
             $csp_policy[] = "connect-src 'self'";
             $csp_policy[] = "object-src 'none'";
             $csp_policy[] = "font-src 'self' data:";
-            $csp_policy[] = "img-src 'self' data: ".config('app.url')." ".env('PUBLIC_AWS_URL')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
+            $csp_policy[] = "img-src 'self' data: ".config('app.url')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
+	    if(config('filesystems.disks.public.driver') == 's3') {
+               $csp_policy[] = "img-src 'self' data:  ".config('filesystems.disks.public.url');
+            }
             $csp_policy = join(';', $csp_policy);
             $response->headers->set('Content-Security-Policy', $csp_policy);
         }