sinatra

mirror of https://github.com/sinatra/sinatra synced 2023-03-27 23:18:01 -04:00

History

Jordan Owens c2705ce139 Allow CSP to fallback to default-src (#1490 ) * Allow content source to fallback to default-src Remove defaults for script-src, style-src, connect-src, and img-src so that they can fallback to default-src. The default for default-src has been changed from 'none' to 'self'. This seems to be a safe default especially as browsers implement prefetch-src. If stricter policies are needed they can be specified when loading this middleware. * Add support for webrtc-src, navigate-to, and prefetch-src directives	2020-03-13 17:07:34 -04:00
..
rack	Allow CSP to fallback to default-src (#1490 )	2020-03-13 17:07:34 -04:00
rack-protection.rb	initial commit	2011-05-23 10:07:54 +02:00

Allow CSP to fallback to default-src (#1490 )

* Allow content source to fallback to default-src

Remove defaults for script-src, style-src, connect-src, and img-src
so that they can fallback to default-src. The default for default-src
has been changed from 'none' to 'self'. This seems to be a safe default
especially as browsers implement prefetch-src. If stricter policies are
needed they can be specified when loading this middleware.

* Add support for webrtc-src, navigate-to, and prefetch-src directives

2020-03-13 17:07:34 -04:00

rack

Allow CSP to fallback to default-src (#1490 )

2020-03-13 17:07:34 -04:00

rack-protection.rb

initial commit

2011-05-23 10:07:54 +02:00