specter/mastodon
1
0
Fork 0
forked from fedi/mastodon
Code Pull requests Activity

Fix LetterOpennerWeb CSP (#17770)

Browse source
This commit is contained in:
Yamagishi Kazutoshi 2022-03-15 03:20:40 +09:00 committed by GitHub
parent d182470c9d
commit eb9a7e3626
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
config/initializers/content_security_policy.rb
View file

@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
PgHero::HomeController.after_action do PgHero::HomeController.after_action do
request.content_security_policy_nonce_generator = nil request.content_security_policy_nonce_generator = nil
end end
if Rails.env.development?
LetterOpenerWeb::LettersController.content_security_policy do |p|
p.child_src :self
p.connect_src :none
p.frame_ancestors :self
p.frame_src :self
p.script_src :unsafe_inline
p.style_src :unsafe_inline
p.worker_src :none
end
LetterOpenerWeb::LettersController.after_action do |p|
request.content_security_policy_nonce_directives = %w(script-src)
end
end
end end