monorail
/
mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add form-action CSP directive (#20781)

This commit is contained in:
Claire 2022-11-17 10:55:03 +01:00 committed by GitHub
parent eb80789b0b
commit 7955d4b959
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/initializers/content_security_policy.rb
View File

@ -26,6 +26,7 @@ Rails.application.config.content_security_policy do |p|
p.media_src :self, :https, :data, assets_host p.media_src :self, :https, :data, assets_host
p.frame_src :self, :https p.frame_src :self, :https
p.manifest_src :self, assets_host p.manifest_src :self, assets_host
p.form_action :self
if Rails.env.development? if Rails.env.development?
webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" } webpacker_urls = %w(ws http).map { |protocol| "#{protocol}#{Webpacker.dev_server.https? ? 's' : ''}://#{Webpacker.dev_server.host_with_port}" }