forked from fedi/mastodon
Fix LetterOpennerWeb CSP (#17770)
This commit is contained in:
parent
d182470c9d
commit
eb9a7e3626
|
@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
|
|||
PgHero::HomeController.after_action do
|
||||
request.content_security_policy_nonce_generator = nil
|
||||
end
|
||||
|
||||
if Rails.env.development?
|
||||
LetterOpenerWeb::LettersController.content_security_policy do |p|
|
||||
p.child_src :self
|
||||
p.connect_src :none
|
||||
p.frame_ancestors :self
|
||||
p.frame_src :self
|
||||
p.script_src :unsafe_inline
|
||||
p.style_src :unsafe_inline
|
||||
p.worker_src :none
|
||||
end
|
||||
|
||||
LetterOpenerWeb::LettersController.after_action do |p|
|
||||
request.content_security_policy_nonce_directives = %w(script-src)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue