kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity

Merge pull request #42399 from bubba/applicationcontroller-self-csp 

Add 'self' to Rails::ApplicationController Content-Security-Policy
This commit is contained in:
Eugene Kenny 2021-06-06 22:19:02 +01:00 committed by GitHub
parent 0b07e33c10 928b3f4f0a
commit 01d836fcf3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
railties/lib/rails/application_controller.rb
View File

@ -7,8 +7,8 @@ class Rails::ApplicationController < ActionController::Base # :nodoc:
before_action :disable_content_security_policy_nonce!
content_security_policy do |policy|
policy.script_src :unsafe_inline
policy.style_src :unsafe_inline
policy.script_src :self, :unsafe_inline
policy.style_src :self, :unsafe_inline
end
private