1 files changed, 28 insertions, 2 deletions

diff --git a/cmd/gotosocial/action/testrig/testrig.go b/cmd/gotosocial/action/testrig/testrig.go
index 8f55c4b4a..ccf92a971 100644
--- a/cmd/gotosocial/action/testrig/testrig.go
+++ b/cmd/gotosocial/action/testrig/testrig.go
@@ -70,7 +70,11 @@ var Start action.GTSAction = func(ctx context.Context) error {
 	testrig.StandardDBSetup(state.DB, nil)
 
 	if os.Getenv("GTS_STORAGE_BACKEND") == "s3" {
-		state.Storage, _ = storage.NewS3Storage()
+		var err error
+		state.Storage, err = storage.NewS3Storage()
+		if err != nil {
+			return fmt.Errorf("error initializing storage: %w", err)
+		}
 	} else {
 		state.Storage = testrig.NewInMemoryStorage()
 	}
@@ -136,6 +140,29 @@ var Start action.GTSAction = func(ctx context.Context) error {
 		middleware.ExtraHeaders(),
 	}...)
 
+	// Instantiate Content-Security-Policy
+	// middleware, with extra URIs.
+	cspExtraURIs := make([]string, 0)
+
+	// Probe storage to check if extra URI is needed in CSP.
+	// Error here means something is wrong with storage.
+	storageCSPUri, err := state.Storage.ProbeCSPUri(ctx)
+	if err != nil {
+		return fmt.Errorf("error deriving Content-Security-Policy uri from storage: %w", err)
+	}
+
+	// storageCSPUri may be empty string if
+	// not S3-backed storage; check for this.
+	if storageCSPUri != "" {
+		cspExtraURIs = append(cspExtraURIs, storageCSPUri)
+	}
+
+	// Add any extra CSP URIs from config.
+	cspExtraURIs = append(cspExtraURIs, config.GetAdvancedCSPExtraURIs()...)
+
+	// Add CSP to middlewares.
+	middlewares = append(middlewares, middleware.ContentSecurityPolicy(cspExtraURIs...))
+
 	// attach global middlewares which are used for every request
 	router.AttachGlobalMiddleware(middlewares...)
 
@@ -146,7 +173,6 @@ var Start action.GTSAction = func(ctx context.Context) error {
 
 	// build router modules
 	var idp oidc.IDP
-	var err error
 	if config.GetOIDCEnabled() {
 		idp, err = oidc.NewIDP(ctx)
 		if err != nil {