Merge pull request #1156 from jamesdabbs/rack-csp-defaults
Restore some CSP defaults
This commit is contained in:
commit
3e2379d717
|
@ -1691,6 +1691,10 @@ module Sinatra
|
||||||
def setup_protection(builder)
|
def setup_protection(builder)
|
||||||
return unless protection?
|
return unless protection?
|
||||||
options = Hash === protection ? protection.dup : {}
|
options = Hash === protection ? protection.dup : {}
|
||||||
|
options = {
|
||||||
|
img_src: "'self' data:",
|
||||||
|
font_src: "'self'"
|
||||||
|
}.merge options
|
||||||
|
|
||||||
protect_session = options.fetch(:session) { sessions? }
|
protect_session = options.fetch(:session) { sessions? }
|
||||||
options[:without_session] = !protect_session
|
options[:without_session] = !protect_session
|
||||||
|
|
Loading…
Reference in New Issue