From eb9a7e36260c99aec980d097ee819c17ebb93631 Mon Sep 17 00:00:00 2001
From: Yamagishi Kazutoshi <ykzts@desire.sh>
Date: Tue, 15 Mar 2022 03:20:40 +0900
Subject: Fix LetterOpennerWeb CSP (#17770)

---
 config/initializers/content_security_policy.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'config/initializers')

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index b377b7b4d..c113b0f8b 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -60,4 +60,20 @@ Rails.application.reloader.to_prepare do
   PgHero::HomeController.after_action do
     request.content_security_policy_nonce_generator = nil
   end
+
+  if Rails.env.development?
+    LetterOpenerWeb::LettersController.content_security_policy do |p|
+      p.child_src       :self
+      p.connect_src     :none
+      p.frame_ancestors :self
+      p.frame_src       :self
+      p.script_src      :unsafe_inline
+      p.style_src       :unsafe_inline
+      p.worker_src      :none
+    end
+
+    LetterOpenerWeb::LettersController.after_action do |p|
+      request.content_security_policy_nonce_directives = %w(script-src)
+    end
+  end
 end
-- 
cgit 


From 895212bb2f05762453ab14c9424e80bae169b75d Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 15 Mar 2022 20:27:49 +0100
Subject: Fix PgHero suggesting migrations (#17807)

* Fix PgHero suggesting migrations

Fixes #17768

* Keep migration suggestions in development env
---
 config/initializers/pghero.rb | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 config/initializers/pghero.rb

(limited to 'config/initializers')

diff --git a/config/initializers/pghero.rb b/config/initializers/pghero.rb
new file mode 100644
index 000000000..0c77d6d0f
--- /dev/null
+++ b/config/initializers/pghero.rb
@@ -0,0 +1 @@
+PgHero.show_migrations = Rails.env.development?
-- 
cgit