IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Remove unsafe-eval from development CSP (#8569)

Browse Source 
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
This commit is contained in:
David Taylor
2019-12-30 12:17:12 +00:00
committed by GitHub
parent df8444e813
commit bc4c40abd4
11 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/content_security_policy.rb
View File

@@ -4,8 +4,8 @@ require 'content_security_policy/extension'
class ContentSecurityPolicy
class << self
def policy(theme_ids = [])
new.build(theme_ids)
def policy(theme_ids = [], path_info: "/")
new.build(theme_ids, path_info: path_info)
end
def base_url
@@ -14,12 +14,13 @@ class ContentSecurityPolicy
attr_writer :base_url
end
def build(theme_ids)
def build(theme_ids, path_info: "/")
builder = Builder.new
Extension.theme_extensions(theme_ids).each { |extension| builder << extension }
Extension.plugin_extensions.each { |extension| builder << extension }
builder << Extension.site_setting_extension
builder << Extension.path_specific_extension(path_info)
builder.build
end