closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
Browse Source

Fix LetterOpennerWeb CSP (#17770)

closed-social-glitch-2
Yamagishi Kazutoshi 2 years ago
committed by GitHub
parent
d182470c9d
commit
eb9a7e3626
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +16
    -0
      config/initializers/content_security_policy.rb

+ 16
- 0
config/initializers/content_security_policy.rb View File

@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
PgHero::HomeController.after_action do
request.content_security_policy_nonce_generator = nil
end
if Rails.env.development?
LetterOpenerWeb::LettersController.content_security_policy do |p|
p.child_src :self
p.connect_src :none
p.frame_ancestors :self
p.frame_src :self
p.script_src :unsafe_inline
p.style_src :unsafe_inline
p.worker_src :none
end
LetterOpenerWeb::LettersController.after_action do |p|
request.content_security_policy_nonce_directives = %w(script-src)
end
end
end

Write Preview
Loading…
Cancel
Save