about summary refs log tree commit diff
path: root/config/initializers/content_security_policy.rb
AgeCommit message (Expand)Author
2022-11-16Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-11-15Fix wrong directive `unsafe-wasm-eval` to `wasm-unsafe-eval` (#20729)Eugen Rochko
2022-11-15Use "unsafe-wasm-eval" instead of "unsafe-eval" in script-src CSP (#20606)prplecake
2022-10-26Add "unsafe-eval" to script-src CSP (#18817)prplecake
2022-03-15Merge branch 'main' into glitch-soc/merge-upstreamClaire
2022-03-14Fix LetterOpennerWeb CSP (#17770)Yamagishi Kazutoshi
2021-04-20Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-04-09Fix autoloading deprecation warnings from Rails 6 (#16010)Eugen Rochko
2021-03-24Merge branch 'main' into glitch-soc/merge-upstreamClaire
2021-03-24Update Mastodon to Rails 6.1 (#15910)Claire
2020-07-07Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-07-07Fix hashtag column options styling (#14247)ThibG
2020-05-10Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-05-08Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)ThibG
2020-05-04Fix PgHero Content-Security-Policy when CDN_HOST is used (#13595)ThibG
2020-04-02Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2020-03-27Fix OCR not working on Safari because of unsupported worker-src CSP (#13323)ThibG
2020-02-06Add environment variable to specify extra data hostsThibaut Girka
2019-08-19Fix connect-src policy for TesseractThibaut Girka
2019-08-19Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2019-08-19Fix CSP needlessly allowing blob URLs in script-src (#11620)ThibG
2019-08-16Fix media host not being included in connect-src for OCR (#11577)Eugen Rochko
2019-08-15Add OCR tool to media editing modal (#11566)Eugen Rochko
2019-05-04Fix CSP when PAPERCLIP_ROOT_URL is set to a different hostThibaut Girka
2019-05-04Fix CSP when dealing with S3 hostsThibaut Girka
2018-12-14Remove form_action from CSPRey Tucker
2018-11-12Tighten CSP a bitThibaut Girka
2018-10-22Merge branch 'master' into glitch-soc/merge-upstreamThibaut Girka
2018-10-12Add manifest_src to CSP, add blob to connect_src (#8967)ThibG
2018-10-12Fix CSP headers blocking media and development environment (#8962)Eugen Rochko
2018-10-11Set Content-Security-Policy rules through RoR's config (#8957)ThibG
2018-09-03Add manifest_src to CSPRey Tucker
2018-08-28Fix CSP with S3/SWIFT hostsThibaut Girka
2018-08-28Adjust CSP to fix image resizingThibaut Girka
2018-08-23Only apply CSP in production modeThibaut Girka
2018-08-23Tighten CSP while allowing CDN hostsThibaut Girka
2018-08-22Move CSP headers to the appropriate Rails configurationThibaut Girka
2018-04-12Upgrade Rails to version 5.2.0 (#5898)Yamagishi Kazutoshi