mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-09-20 14:45:56 +08:00
Define allowed scripts src-elem for CSP [SCI-8634] (#5771)
This commit is contained in:
parent
ebe1bd583f
commit
51a19a559b
|
@ -12,6 +12,7 @@ ActiveSupport::Reloader.to_prepare do
|
|||
policy.img_src :self, :https, :data, :blob
|
||||
policy.object_src :none
|
||||
policy.script_src :self, :unsafe_eval
|
||||
policy.script_src_elem :self, *Extends::EXTERNAL_SERVICES
|
||||
policy.style_src :self, :https, :unsafe_inline, :data
|
||||
policy.connect_src :self, :data, *Extends::EXTERNAL_SERVICES
|
||||
|
||||
|
|
Loading…
Reference in a new issue