Add manifest_src to CSP

Fixes manifest.json not being loaded because of CSP violation h/t https://vulpine.club/@binary/100662852252438648
author: Rey Tucker <git@reytucker.us> 2018-09-03 13:05:03 -0400
committer: ThibG <thib@sitedethib.com> 2018-09-03 22:37:54 +0200
commit: 40d04a3209871b9803b27d01f935ab401bf3539f (patch)
tree: b8e85d192c3e46f2d29109dcc2fe08c16c467a00 /config
parent: bd437f80771f2700c62d45ad57cd76f1184ecfbf (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 6d7666c48..b3b9efb2a 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -27,6 +27,7 @@ if Rails.env.production?
     p.frame_src       :self, :https
     p.worker_src      :self, assets_host
     p.connect_src     :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
+    p.manifest_src    :self, :https
   end
 end
author	Rey Tucker <git@reytucker.us>	2018-09-03 13:05:03 -0400
committer	ThibG <thib@sitedethib.com>	2018-09-03 22:37:54 +0200
commit	40d04a3209871b9803b27d01f935ab401bf3539f (patch)
tree	b8e85d192c3e46f2d29109dcc2fe08c16c467a00 /config
parent	bd437f80771f2700c62d45ad57cd76f1184ecfbf (diff)