Add 'self' to ApplicationController CSP
This fixes the welcome page (and presumably other internal rails pages) giving a Content-Security-Policy error whenever rack-mini-profiler tries to load – which is enabled by default for new projects
This commit is contained in:
parent
df7057657e
commit
928b3f4f0a
|
@ -7,8 +7,8 @@ class Rails::ApplicationController < ActionController::Base # :nodoc:
|
||||||
before_action :disable_content_security_policy_nonce!
|
before_action :disable_content_security_policy_nonce!
|
||||||
|
|
||||||
content_security_policy do |policy|
|
content_security_policy do |policy|
|
||||||
policy.script_src :unsafe_inline
|
policy.script_src :self, :unsafe_inline
|
||||||
policy.style_src :unsafe_inline
|
policy.style_src :self, :unsafe_inline
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
Loading…
Reference in New Issue