Fix LetterOpennerWeb CSP (#17770)

shrike
Yamagishi Kazutoshi 2022-03-15 03:20:40 +09:00 committed by GitHub
parent d182470c9d
commit eb9a7e3626
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions

View File

@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
PgHero::HomeController.after_action do
request.content_security_policy_nonce_generator = nil
end
if Rails.env.development?
LetterOpenerWeb::LettersController.content_security_policy do |p|
p.child_src :self
p.connect_src :none
p.frame_ancestors :self
p.frame_src :self
p.script_src :unsafe_inline
p.style_src :unsafe_inline
p.worker_src :none
end
LetterOpenerWeb::LettersController.after_action do |p|
request.content_security_policy_nonce_directives = %w(script-src)
end
end
end