techhub/mastodon
2
0
Fork 0
Code Activity

Fix LetterOpennerWeb CSP (#17770)

Browse Source
This commit is contained in:
Yamagishi Kazutoshi
2022-03-15 03:20:40 +09:00
committed by GitHub
parent d182470c9d
commit eb9a7e3626
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
config/initializers/content_security_policy.rb
View File

@@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
PgHero::HomeController.after_action do
request.content_security_policy_nonce_generator = nil
end
if Rails.env.development?
LetterOpenerWeb::LettersController.content_security_policy do |p|
p.child_src :self
p.connect_src :none
p.frame_ancestors :self
p.frame_src :self
p.script_src :unsafe_inline
p.style_src :unsafe_inline
p.worker_src :none
end
LetterOpenerWeb::LettersController.after_action do |p|
request.content_security_policy_nonce_directives = %w(script-src)
end
end
end