raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-04 22:16:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add frame-ancestors to CSP

Browse Source
This commit is contained in:
Matt-Yorkley
2021-12-25 01:47:26 +00:00
parent 05abb63036
commit 6a3ca98ac6
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
config/initializers/content_security_policy.rb
View File

@@ -6,11 +6,12 @@
Rails.application.config.content_security_policy do |policy|
policy.default_src :self, :https
policy.font_src :self, :https, :data, 'fonts.gstatic.com'
policy.img_src :self, :https, :data, '*.s3.amazonaws.com'
policy.object_src :none
policy.script_src :self, :https, :unsafe_inline, "*.stripe.com", "openfoodnetwork.innocraft.cloud"
policy.style_src :self, :https, :unsafe_inline
policy.font_src :self, :https, :data, 'fonts.gstatic.com'
policy.img_src :self, :https, :data, '*.s3.amazonaws.com'
policy.object_src :none
policy.frame_ancestors :none
policy.script_src :self, :https, :unsafe_inline, "*.stripe.com", "openfoodnetwork.innocraft.cloud"
policy.style_src :self, :https, :unsafe_inline
policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development?
# Specify URI for violation reports