Skip to content

Commit

Permalink
Fixes for Content Security Policy in dev
Browse files Browse the repository at this point in the history
  • Loading branch information
@erictheise
erictheise committed Dec 4, 2024
1 parent 956607e commit 88a1eac
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions config/initializers/content_security_policy.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
Rails.application.configure do
connect_src = [:self]
img_src = [:self, :data, "www.gravatar.com", "*.wp.com", "tile.openstreetmap.org", "gps.tile.openstreetmap.org", "*.tile.thunderforest.com", "tile.tracestrack.com", "*.openstreetmap.fr"]
script_src = [:self]
script_src = [:self, "openhistoricalmap.github.io"]
style_src = [:self, "openhistoricalmap.github.io"]
worker_src = [:self, :blob, "0.0.0.0:3000"]

connect_src << Settings.matomo["location"] if defined?(Settings.matomo)
img_src << Settings.matomo["location"] if defined?(Settings.matomo)
Expand All @@ -30,8 +32,8 @@
policy.object_src(:self)
policy.plugin_types
policy.script_src(*script_src)
policy.style_src(:self)
policy.worker_src(:none)
policy.style_src(*style_src)
policy.worker_src(*worker_src)
policy.manifest_src(:self)
policy.report_uri(Settings.csp_report_url) if Settings.key?(:csp_report_url)
end
Expand Down

0 comments on commit 88a1eac

Please sign in to comment.