scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-02-27 09:13:46 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix Broken CSP on the shareable links page [SCI-8969] (#5911)

Browse source
This commit is contained in:
Soufiane 2023-08-04 11:22:33 +02:00 committed by GitHub
parent f856ddf78c
commit f3bef4ae25
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/views/layouts/shareable_links.html.erb
View file

@ -1,12 +1,12 @@
<!DOCTYPE html>
<html>
<head>
<%= csp_meta_tag %>
<meta data-hook="head-js">
<title><%=t "head.title", title: (yield :head_title) %></title>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
<%= stylesheet_link_tag "tailwind", "data-turbo-track": "reload" %>
<%= stylesheet_link_tag 'application', media: 'all' %>
<%= csp_meta_tag %>
<%= javascript_include_tag 'jquery_bundle' %>
<%= javascript_include_tag 'application' %>
<%= javascript_include_tag 'application_pack' %>

4
config/initializers/content_security_policy.rb
View file

@ -26,7 +26,9 @@ Rails.application.config.content_security_policy_nonce_generator = -> (request)
if request.env['HTTP_TURBOLINKS_REFERRER'].present?
request.env['HTTP_X_TURBOLINKS_NONCE']
else
request.session.id.to_s
return request.session.id.to_s if request&.session&.id.present?
SecureRandom.base64(16)
end
end