From d176de09616a4d1e3799faa025db4c0064819a99 Mon Sep 17 00:00:00 2001 From: Moncef Belyamani Date: Tue, 10 Jul 2018 11:39:07 -0400 Subject: [PATCH] LG-268 Serve assets from Cloudfront CDN **Why**: Moving assets to be served from Cloudfront as opposed to nginx will reduce the load on our servers, and will make the site faster for users across the globe. On the Rails app side, this is a trivial change. The tricky part is setting up the Cloudfront distribution and making sure to select `Whitelist` from the `Cache Based on Selected Request Headers` dropdown, and add the `Origin` header to the `Whitelist Headers`. Then, add the following headers to the nginx config for fonts: `Access-Control-Allow-Origin` set to the current server domain name, including the protocol, such as `https://secure.login.gov`, and `Access-Control-Allow-Methods` set to `GET`. --- config/environments/production.rb | 6 +++--- config/initializers/secure_headers.rb | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 7a630bd1d5e..7f9b2d053ac 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -5,9 +5,9 @@ config.cache_classes = true config.eager_load = true config.consider_all_requests_local = false - config.action_controller.asset_host = Figaro.env.domain_name config.action_controller.perform_caching = true - config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present? + + config.action_controller.asset_host = Figaro.env.asset_host || Figaro.env.domain_name config.assets.js_compressor = :uglifier config.assets.compile = false config.assets.digest = true @@ -19,7 +19,7 @@ host: Figaro.env.domain_name, protocol: 'https', } - config.action_mailer.asset_host = Figaro.env.mailer_domain_name + config.action_mailer.asset_host = Figaro.env.asset_host || Figaro.env.mailer_domain_name config.action_mailer.raise_delivery_errors = true config.action_mailer.default_options = { from: Figaro.env.email_from } config.action_mailer.delivery_method = if Figaro.env.disable_email_sending == 'true' diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index 76c04b56f57..f78e27b0ecd 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -18,8 +18,8 @@ '*.nr-data.net', '*.google-analytics.com', ], - font_src: ["'self'", 'data:'], - img_src: ["'self'", 'data:', 'login.gov'], + font_src: ["'self'", 'data:', Figaro.env.asset_host], + img_src: ["'self'", 'data:', 'login.gov', Figaro.env.asset_host], media_src: ["'self'"], object_src: ["'none'"], script_src: [ @@ -30,8 +30,9 @@ '*.google-analytics.com', 'www.google.com', 'www.gstatic.com', + Figaro.env.asset_host, ], - style_src: ["'self'"], + style_src: ["'self'", Figaro.env.asset_host], base_uri: ["'self'"], }