Add embeds options, upgrade to safer Ruby (#114)

* Add embeds initializer

* Bump Ruby version

* Bump Ruby version

.ruby-version

@@ -1 +1 @@
-3.1.1
+3.1.4

Dockerfile.production

@@ -30,8 +30,8 @@ RUN rm /etc/nginx/sites-enabled/default
 RUN mkdir -p $HOME
 WORKDIR $HOME
 
-RUN bash -lc 'rvm install ruby-3.1.1'
-RUN bash -lc 'rvm --default use ruby-3.1.1'
+RUN bash -lc 'rvm install ruby-3.1.4'
+RUN bash -lc 'rvm --default use ruby-3.1.4'
 
 RUN gem install bundler -v 2.4.10
 

Gemfile

@@ -4,7 +4,7 @@ DECIDIM_VERSION = { git: 'https://github.com/decidim/decidim', tag: 'v0.28.0' }.
 
 source "https://rubygems.org"
 
-ruby '3.1.1'
+ruby '3.1.4'
 
 
 gem "decidim", DECIDIM_VERSION

Gemfile.lock

@@ -820,6 +820,7 @@ GEM
 
 PLATFORMS
   arm64-darwin-21
+  arm64-darwin-23
   x86_64-linux
 
 DEPENDENCIES
@@ -844,7 +845,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 3.1.1p18
+   ruby 3.1.4p223
 
 BUNDLED WITH
    2.4.10

config/initializers/decidim.rb

@@ -36,6 +36,17 @@
 
   # Defines the social networking services used for social sharing
   config.social_share_services = %w(X Facebook WhatsApp Telegram)
+
+  config.content_security_policies_extra = {
+    "default-src" => %w('self' 'unsafe-inline'),
+    "script-src" => %w('self' 'unsafe-inline' 'unsafe-eval'),
+    "style-src" => %w('self' 'unsafe-inline'),
+    "img-src" => %w('self' *.hereapi.com data: *.amazonaws.com),
+    "font-src" => %w('self'),
+    "connect-src" => %w('self' *.hereapi.com *.jsdelivr.net *.amazonaws.com),
+    "frame-src" => %w('self' *.youtube.com www.youtube-nocookie.com player.vimeo.com *.google.com *.airtable.com *.flourish.studio),
+    "media-src" => %w('self')
+  }
 end
 
 # Inform Decidim about the assets folder