Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)
This commit is contained in:
parent
dd4eab6536
commit
97bbe8f24e
1 changed files with 3 additions and 1 deletions
|
@ -42,7 +42,7 @@ module CaptchaConcern
|
|||
end
|
||||
|
||||
def extend_csp_for_captcha!
|
||||
policy = request.content_security_policy
|
||||
policy = request.content_security_policy&.clone
|
||||
|
||||
return unless captcha_required? && policy.present?
|
||||
|
||||
|
@ -54,6 +54,8 @@ module CaptchaConcern
|
|||
|
||||
policy.send(directive, *values)
|
||||
end
|
||||
|
||||
request.content_security_policy = policy
|
||||
end
|
||||
|
||||
def render_captcha
|
||||
|
|
Loading…
Reference in a new issue