about summary refs log tree commit diff
path: root/app
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2020-05-08 21:22:57 +0200
committerGitHub <noreply@github.com>2020-05-08 21:22:57 +0200
commite1629a77585245493d4b0ffb8d612d19b53d9087 (patch)
tree0b3669ece202629efb3d2adc8d0a036aff5fae36 /app
parent0d62e097077b60c9914c2f9c425fce69c9b693eb (diff)
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
Diffstat (limited to 'app')
-rwxr-xr-xapp/views/layouts/application.html.haml2
1 files changed, 2 insertions, 0 deletions
diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index 25d001337..39fa0678f 100755
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -26,6 +26,8 @@
     = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
     = csrf_meta_tags
 
+    = stylesheet_link_tag '/inert.css', skip_pipeline: true, media: 'all', id: 'inert-style'
+
     - if Setting.custom_css.present?
       = stylesheet_link_tag custom_css_path, media: 'all'