me
/
glitchier-soc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix LetterOpennerWeb CSP (#17770)

Browse Source
main
Yamagishi Kazutoshi 3 years ago committed by GitHub
parent d182470c9d
commit eb9a7e3626
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File

16
config/initializers/content_security_policy.rb
Unescape View File

@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
PgHero::HomeController.after_action do
request.content_security_policy_nonce_generator = nil
end
if Rails.env.development?
LetterOpenerWeb::LettersController.content_security_policy do |p|
p.child_src :self
p.connect_src :none
p.frame_ancestors :self
p.frame_src :self
p.script_src :unsafe_inline
p.style_src :unsafe_inline
p.worker_src :none
end
LetterOpenerWeb::LettersController.after_action do |p|
request.content_security_policy_nonce_directives = %w(script-src)
end
end
end

Write Preview
Loading…
Cancel
Save