Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

This commit is contained in:
Claire 2023-08-08 15:41:38 +02:00 committed by GitHub
parent dd4eab6536
commit 97bbe8f24e

View file

@ -42,7 +42,7 @@ module CaptchaConcern
end
def extend_csp_for_captcha!
policy = request.content_security_policy
policy = request.content_security_policy&.clone
return unless captcha_required? && policy.present?
@ -54,6 +54,8 @@ module CaptchaConcern
policy.send(directive, *values)
end
request.content_security_policy = policy
end
def render_captcha