IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Set CSP base-uri to self (#13654)

Browse Source
This commit is contained in:
Penar Musaraj
2021-07-07 09:43:48 -04:00
committed by GitHub
parent 236d6d91b2
commit 35110f6681
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/content_security_policy/default.rb
View File

@@ -9,7 +9,7 @@ class ContentSecurityPolicy
@base_url = base_url
@directives = {}.tap do |directives|
directives[:upgrade_insecure_requests] = [] if SiteSetting.force_https
directives[:base_uri] = [:none]
directives[:base_uri] = [:self]
directives[:object_src] = [:none]
directives[:script_src] = script_src
directives[:worker_src] = worker_src