about summary refs log tree commit diff
path: root/config/initializers/content_security_policy.rb
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers/content_security_policy.rb')
-rw-r--r--config/initializers/content_security_policy.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index d1e6701e2..a76db6fe5 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -34,7 +34,7 @@ if Rails.env.production?
     p.script_src      :self, assets_host
     p.font_src        :self, assets_host
     p.img_src         :self, :data, :blob, *data_hosts
-    p.style_src       :self, :unsafe_inline, assets_host
+    p.style_src       :self, assets_host
     p.media_src       :self, :data, *data_hosts
     p.frame_src       :self, :https
     p.child_src       :self, :blob, assets_host
@@ -48,3 +48,8 @@ end
 # For further information see the following documentation:
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
+
+PgHero::HomeController.content_security_policy do |p|
+  p.script_src :self, :unsafe_inline, assets_host
+  p.style_src  :self, :unsafe_inline, assets_host
+end
generated by cgit-pink (git 2.37.1) at 2024-07-01 01:33:42 +0000