diff options
author | prplecake <me@prplecake.com> | 2022-11-14 20:22:38 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-15 03:22:38 +0100 |
commit | b46b7c3d5e4e932d61d74418957c824ce7c5f9f7 (patch) | |
tree | 789a77f47ba232d626e15e34c315cea6476fdb36 | |
parent | b59683c1561cfa66ed6ac4379bac0b82aea81e2e (diff) |
Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)
* Add "unsafe-eval" to script-src CSP * Use 'unsafe-wasm-eval' instead of 'unsafe-eval'
-rw-r--r-- | config/initializers/content_security_policy.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index be4ef50fc..0212b9d95 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p| p.worker_src :self, :blob, assets_host else p.connect_src :self, :data, :blob, assets_host, media_host, Rails.configuration.x.streaming_api_base_url - p.script_src :self, assets_host, :unsafe_eval + p.script_src :self, assets_host, "'unsafe-wasm-eval'" p.child_src :self, :blob, assets_host p.worker_src :self, :blob, assets_host end |