about summary refs log tree commit diff
path: root/config/initializers/content_security_policy.rb
AgeCommit message (Collapse)Author
2019-05-04Fix CSP when dealing with S3 hostsThibaut Girka
2018-12-14Remove form_action from CSPRey Tucker
This trips an issue when trying to authenticate through to third-party sites, e.g. bridge.joinmastodon.org: Refused to send form data to 'https://bridge.joinmastodon.org/' because it violates the following Content Security Policy directive: "form-action 'self'". Thread: https://vulpine.club/@digifox/101230933751352042
2018-11-12Tighten CSP a bitThibaut Girka
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
Conflicts: - .github/ISSUE_TEMPLATE/bug_report.md Took our version. - CONTRIBUTING.md Updated the embedded copy of upstream's version. - README.md Took our version. - app/policies/status_policy.rb Not a real conflict, took code from both. - app/views/layouts/embedded.html.haml Added upstream's changes (dns-prefetch) and fixed `%body.embed` - app/views/settings/preferences/show.html.haml Reverted some of upstream changes, as we have a page dedicated for flavours and skins. - config/initializers/content_security_policy.rb Kept our version of the CSP. - config/initializers/doorkeeper.rb Not a real conflict, took code from both.
2018-10-12Add manifest_src to CSP, add blob to connect_src (#8967)ThibG
2018-10-12Fix CSP headers blocking media and development environment (#8962)Eugen Rochko
Regression from #8957
2018-10-11Set Content-Security-Policy rules through RoR's config (#8957)ThibG
* Set CSP rules in RoR's configuration * Override CSP setting in the embed controller to allow frames
2018-09-03Add manifest_src to CSPRey Tucker
Fixes manifest.json not being loaded because of CSP violation h/t https://vulpine.club/@binary/100662852252438648
2018-08-28Fix CSP with S3/SWIFT hostsThibaut Girka
2018-08-28Adjust CSP to fix image resizingThibaut Girka
2018-08-23Only apply CSP in production modeThibaut Girka
2018-08-23Tighten CSP while allowing CDN hostsThibaut Girka
2018-08-22Move CSP headers to the appropriate Rails configurationThibaut Girka
Also drop dev-static.glitch.social reference.
2018-04-12Upgrade Rails to version 5.2.0 (#5898)Yamagishi Kazutoshi