about summary refs log tree commit diff
path: root/config/initializers
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2022-03-15 21:57:26 +0100
committerGitHub <noreply@github.com>2022-03-15 21:57:26 +0100
commitac300173f68d2497cccf4e5bf558d95fc6105c96 (patch)
tree71debfede36bf8985cd5e3e37b6107560c358f57 /config/initializers
parent80c4db160ecfd201cb82ed320cbe3eb32236ad20 (diff)
parentc79a03b319e17f5ab8c40d065842607de0d76108 (diff)
Merge pull request #1719 from ClearlyClaire/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/content_security_policy.rb16
-rw-r--r--config/initializers/pghero.rb1
2 files changed, 17 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 549ac3568..21f782b9c 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -62,4 +62,20 @@ Rails.application.reloader.to_prepare do
   PgHero::HomeController.after_action do
     request.content_security_policy_nonce_generator = nil
   end
+
+  if Rails.env.development?
+    LetterOpenerWeb::LettersController.content_security_policy do |p|
+      p.child_src       :self
+      p.connect_src     :none
+      p.frame_ancestors :self
+      p.frame_src       :self
+      p.script_src      :unsafe_inline
+      p.style_src       :unsafe_inline
+      p.worker_src      :none
+    end
+
+    LetterOpenerWeb::LettersController.after_action do |p|
+      request.content_security_policy_nonce_directives = %w(script-src)
+    end
+  end
 end
diff --git a/config/initializers/pghero.rb b/config/initializers/pghero.rb
new file mode 100644
index 000000000..0c77d6d0f
--- /dev/null
+++ b/config/initializers/pghero.rb
@@ -0,0 +1 @@
+PgHero.show_migrations = Rails.env.development?