kotovalexarian-likes-github
/
sinatra
mirror of https://github.com/sinatra/sinatra
1
0
Fork 0
Code Releases Activity

Merge pull request #1156 from jamesdabbs/rack-csp-defaults 

Restore some CSP defaults
This commit is contained in:
Zachary Scott 2016-07-29 08:50:01 +09:00 committed by GitHub
parent 30d4fb468f 52757abdb2
commit 3e2379d717
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/sinatra/base.rb
View File

@ -1691,6 +1691,10 @@ module Sinatra
def setup_protection(builder)
return unless protection?
options = Hash === protection ? protection.dup : {}
options = {
img_src: "'self' data:",
font_src: "'self'"
}.merge options
protect_session = options.fetch(:session) { sessions? }
options[:without_session] = !protect_session