Merge remote-tracking branch 'origin/master' into gs-master

Conflicts: Gemfile.lock config/application.rb
author: David Yip <yipdw@member.fsf.org> 2018-04-13 16:36:46 -0500
committer: David Yip <yipdw@member.fsf.org> 2018-04-13 16:36:46 -0500
commit: ed490b781f9347b77eb2305e33ba6dd83f3539b0 (patch)
tree: 4f958ce8da072e35ef654cf5ae0a152f613f3ad8 /config/initializers/content_security_policy.rb
parent: a817f084eafaf5527445c29ab1d68f42b1a2872f (diff)
parent: 50529cbceb84e611bca497624a7a4c38113e5135 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
new file mode 100644
index 000000000..37f2c0d45
--- /dev/null
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,20 @@
+# Define an application-wide content security policy
+# For further information see the following documentation
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+# Rails.application.config.content_security_policy do |p|
+#   p.default_src :self, :https
+#   p.font_src    :self, :https, :data
+#   p.img_src     :self, :https, :data
+#   p.object_src  :none
+#   p.script_src  :self, :https
+#   p.style_src   :self, :https, :unsafe_inline
+#
+#   # Specify URI for violation reports
+#   # p.report_uri "/csp-violation-report-endpoint"
+# end
+
+# Report CSP violations to a specified URI
+# For further information see the following documentation:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# Rails.application.config.content_security_policy_report_only = true
author	David Yip <yipdw@member.fsf.org>	2018-04-13 16:36:46 -0500
committer	David Yip <yipdw@member.fsf.org>	2018-04-13 16:36:46 -0500
commit	ed490b781f9347b77eb2305e33ba6dd83f3539b0 (patch)
tree	4f958ce8da072e35ef654cf5ae0a152f613f3ad8 /config/initializers/content_security_policy.rb
parent	a817f084eafaf5527445c29ab1d68f42b1a2872f (diff)
parent	50529cbceb84e611bca497624a7a4c38113e5135 (diff)