about summary refs log tree commit diff
path: root/config
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2020-05-08 21:22:57 +0200
committerGitHub <noreply@github.com>2020-05-08 21:22:57 +0200
commite1629a77585245493d4b0ffb8d612d19b53d9087 (patch)
tree0b3669ece202629efb3d2adc8d0a036aff5fae36 /config
parent0d62e097077b60c9914c2f9c425fce69c9b693eb (diff)
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
Diffstat (limited to 'config')
-rw-r--r--config/initializers/content_security_policy.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index f26d9c8ea..7dcc028ab 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -22,7 +22,7 @@ Rails.application.config.content_security_policy do |p|
   p.frame_ancestors :none
   p.font_src        :self, assets_host
   p.img_src         :self, :https, :data, :blob, assets_host
-  p.style_src       :self, :unsafe_inline, assets_host
+  p.style_src       :self, assets_host
   p.media_src       :self, :https, :data, assets_host
   p.frame_src       :self, :https
   p.manifest_src    :self, assets_host
generated by cgit-pink (git 2.37.1) at 2024-11-22 02:09:35 +0000