scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-10-06 11:57:16 +08:00
Code Issues Projects Releases Packages Wiki Activity

Update CSP script-src-elem [SCI-8634] (#5775)

Browse source
This commit is contained in:
Soufiane 2023-07-14 15:38:00 +02:00 committed by GitHub
parent 51a19a559b
commit 18f383c543
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/initializers/content_security_policy.rb
View file

@ -12,7 +12,7 @@ ActiveSupport::Reloader.to_prepare do
policy.img_src :self, :https, :data, :blob policy.img_src :self, :https, :data, :blob
policy.object_src :none policy.object_src :none
policy.script_src :self, :unsafe_eval policy.script_src :self, :unsafe_eval
policy.script_src_elem :self, *Extends::EXTERNAL_SERVICES policy.script_src_elem :self, :unsafe_eval, *Extends::EXTERNAL_SERVICES
policy.style_src :self, :https, :unsafe_inline, :data policy.style_src :self, :https, :unsafe_inline, :data
policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES
@ -32,7 +32,7 @@ Rails.application.config.content_security_policy_nonce_generator = -> (request)
end end
# Set the nonce only to specific directives # Set the nonce only to specific directives
Rails.application.config.content_security_policy_nonce_directives = %w(script-src) Rails.application.config.content_security_policy_nonce_directives = %w(script-src script-src-elem)
# Report CSP violations to a specified URI # Report CSP violations to a specified URI
# For further information see the following documentation: # For further information see the following documentation: