Tighten CSP a bit

2018-11-10 18:53:23 +01:00 · 2018-11-10 18:53:23 +01:00 · b7ef203fd6
commit b7ef203fd6
parent c81ac519ef
1 changed files with 3 additions and 2 deletions
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@ -21,13 +21,14 @@ if Rails.env.production?
    p.frame_ancestors :none
    p.script_src      :self, assets_host
    p.font_src        :self, assets_host
-    p.img_src         :self, :https, :data, :blob
+    p.img_src         :self, :data, :blob, *data_hosts
    p.style_src       :self, :unsafe_inline, assets_host
    p.media_src       :self, :data, *data_hosts
    p.frame_src       :self, :https
    p.worker_src      :self, assets_host
    p.connect_src     :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
-    p.manifest_src    :self, :https
+    p.manifest_src    :self, assets_host
+    p.form_action     :self
  end
 end