Merge branch 'main' into glitch-soc/merge-upstream

Conflicts: - `config/initializers/content_security_policy.rb`: Our config file is pretty different from upstream. Upstream changed CSP directive `script-src` to include `wasm-unsafe-eval` instead of `unsafe-eval`, which we did not include. Added `wasm-unsafe-eval` to `script-src` to fix execution of the OCR web worker. - `package.json`: Upstream updated a dependency (`array-includes`) textually adjacent to a glitch-soc-only dependency (`atrament`). Updated `array-includes` as upstream did.
author: Claire <claire.github-309c@sitedethib.com> 2022-11-16 08:30:00 +0100
committer: Claire <claire.github-309c@sitedethib.com> 2022-11-16 08:30:00 +0100
commit: 1901829f9ab20cecd0e011d73c1af1e9a9eb6c40 (patch)
tree: 541e664f02e70cf3e062477a86f412e6ea3d73d8 /config/initializers
parent: eb675af0fb0d73b697e066100c4faf066c0baff7 (diff)
parent: 4d85c27d1adc83aadd219767dbdc7e17b05230b0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 21f782b9c..0174e0636 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -31,7 +31,7 @@ if Rails.env.production?
     p.base_uri        :none
     p.default_src     :none
     p.frame_ancestors :none
-    p.script_src      :self, assets_host
+    p.script_src      :self, assets_host, "'wasm-unsafe-eval'"
     p.font_src        :self, assets_host
     p.img_src         :self, :data, :blob, *data_hosts
     p.style_src       :self, assets_host
author	Claire <claire.github-309c@sitedethib.com>	2022-11-16 08:30:00 +0100
committer	Claire <claire.github-309c@sitedethib.com>	2022-11-16 08:30:00 +0100
commit	1901829f9ab20cecd0e011d73c1af1e9a9eb6c40 (patch)
tree	541e664f02e70cf3e062477a86f412e6ea3d73d8 /config/initializers
parent	eb675af0fb0d73b697e066100c4faf066c0baff7 (diff)
parent	4d85c27d1adc83aadd219767dbdc7e17b05230b0 (diff)