IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: set CSP base-uri and object-src to none (#6863)

Browse Source
This commit is contained in:
Kyle Zhao
2019-01-09 15:04:50 -05:00
committed by Penar Musaraj
parent af227cada5
commit dec8e5879a
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/content_security_policy/default.rb
View File

@@ -7,6 +7,8 @@ class ContentSecurityPolicy
def initialize
@directives = {}.tap do |directives|
directives[:base_uri] = [:none]
directives[:object_src] = [:none]
directives[:script_src] = script_src
directives[:worker_src] = worker_src
directives[:report_uri] = report_uri if SiteSetting.content_security_policy_collect_reports