me/glitchier-soc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Tighten CSP a bit

Browse source
This commit is contained in:
Thibaut Girka 2018-11-10 18:53:23 +01:00 committed by ThibG
parent c81ac519ef
commit b7ef203fd6
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/initializers/content_security_policy.rb
View file

@ -21,13 +21,14 @@ if Rails.env.production?
p.frame_ancestors :none p.frame_ancestors :none
p.script_src :self, assets_host p.script_src :self, assets_host
p.font_src :self, assets_host p.font_src :self, assets_host
p.img_src :self, :https, :data, :blob p.img_src :self, :data, :blob, *data_hosts
p.style_src :self, :unsafe_inline, assets_host p.style_src :self, :unsafe_inline, assets_host
p.media_src :self, :data, *data_hosts p.media_src :self, :data, *data_hosts
p.frame_src :self, :https p.frame_src :self, :https
p.worker_src :self, assets_host p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, :https p.manifest_src :self, assets_host
p.form_action :self
end end
end end