Fix Content Security Policy sometimes unnecessarily allowing hCaptcha scripts (#26388)

th-downstream
Claire 1 year ago committed by GitHub
parent dd4eab6536
commit 97bbe8f24e

@ -42,7 +42,7 @@ module CaptchaConcern
end
def extend_csp_for_captcha!
policy = request.content_security_policy
policy = request.content_security_policy&.clone
return unless captcha_required? && policy.present?
@ -54,6 +54,8 @@ module CaptchaConcern
policy.send(directive, *values)
end
request.content_security_policy = policy
end
def render_captcha

Loading…
Cancel
Save