scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2024-12-27 02:04:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix CSP script-src [SCI-8634] (#5781)

Browse source
This commit is contained in:
Soufiane 2023-07-17 11:26:41 +02:00 committed by GitHub
parent 504a0bee62
commit 4808f6438c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/initializers/content_security_policy.rb
View file

@ -11,8 +11,7 @@ ActiveSupport::Reloader.to_prepare do
policy.font_src :self, :https, :data
policy.img_src :self, :https, :data, :blob
policy.object_src :none
policy.script_src :self, :unsafe_eval
policy.script_src_elem :self, :unsafe_eval, *Extends::EXTERNAL_SERVICES
policy.script_src :self, :unsafe_eval, *Extends::EXTERNAL_SERVICES
policy.style_src :self, :https, :unsafe_inline, :data
policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES
@ -32,7 +31,7 @@ Rails.application.config.content_security_policy_nonce_generator = -> (request)
end
# Set the nonce only to specific directives
Rails.application.config.content_security_policy_nonce_directives = %w(script-src script-src-elem)
Rails.application.config.content_security_policy_nonce_directives = %w(script-src)
# Report CSP violations to a specified URI
# For further information see the following documentation: