From 928b3f4f0a955c67803d7e3c9125c204951ed562 Mon Sep 17 00:00:00 2001
From: Luke Lau <luke_lau@icloud.com>
Date: Sat, 5 Jun 2021 01:39:36 +0100
Subject: [PATCH] Add 'self' to ApplicationController CSP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes the welcome page (and presumably other internal rails pages)
giving a Content-Security-Policy error whenever rack-mini-profiler tries
to load – which is enabled by default for new projects
---
 railties/lib/rails/application_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/railties/lib/rails/application_controller.rb b/railties/lib/rails/application_controller.rb
index 8c00633515..ac698ed91d 100644
--- a/railties/lib/rails/application_controller.rb
+++ b/railties/lib/rails/application_controller.rb
@@ -7,8 +7,8 @@ class Rails::ApplicationController < ActionController::Base # :nodoc:
   before_action :disable_content_security_policy_nonce!
 
   content_security_policy do |policy|
-    policy.script_src :unsafe_inline
-    policy.style_src :unsafe_inline
+    policy.script_src :self, :unsafe_inline
+    policy.style_src :self, :unsafe_inline
   end
 
   private