Fix CSP tests in glitch-soc

th-downstream
Claire 1 year ago
parent be17d619d5
commit a84632b619

@ -4,7 +4,7 @@
# For further information see the following documentation # For further information see the following documentation
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
if Rails.env.production? unless Rails.env.development?
assets_host = Rails.configuration.action_controller.asset_host || "https://#{ENV['WEB_DOMAIN'] || ENV['LOCAL_DOMAIN']}" assets_host = Rails.configuration.action_controller.asset_host || "https://#{ENV['WEB_DOMAIN'] || ENV['LOCAL_DOMAIN']}"
data_hosts = [assets_host] data_hosts = [assets_host]

@ -12,15 +12,15 @@ describe 'Content-Security-Policy' do
"default-src 'none'", "default-src 'none'",
"frame-ancestors 'none'", "frame-ancestors 'none'",
"font-src 'self' https://cb6e6126.ngrok.io", "font-src 'self' https://cb6e6126.ngrok.io",
"img-src 'self' https: data: blob: https://cb6e6126.ngrok.io", "img-src 'self' data: blob: https://cb6e6126.ngrok.io",
"style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='", "style-src 'self' https://cb6e6126.ngrok.io 'nonce-ZbA+JmE7+bK8F5qvADZHuQ=='",
"media-src 'self' https: data: https://cb6e6126.ngrok.io", "media-src 'self' data: https://cb6e6126.ngrok.io",
"frame-src 'self' https:", "frame-src 'self' https:",
"manifest-src 'self' https://cb6e6126.ngrok.io", "manifest-src 'self' https://cb6e6126.ngrok.io",
"form-action 'self'", "form-action 'self'",
"child-src 'self' blob: https://cb6e6126.ngrok.io", "child-src 'self' blob: https://cb6e6126.ngrok.io",
"worker-src 'self' blob: https://cb6e6126.ngrok.io", "worker-src 'self' blob: https://cb6e6126.ngrok.io",
"connect-src 'self' data: blob: https://cb6e6126.ngrok.io https://cb6e6126.ngrok.io ws://localhost:4000", "connect-src 'self' blob: data: ws://localhost:4000 https://cb6e6126.ngrok.io",
"script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'" "script-src 'self' https://cb6e6126.ngrok.io 'wasm-unsafe-eval'"
) )
end end

Loading…
Cancel
Save